Previous [ 1] [ 2] [ 3] [ 4] [ 5] [ 6] [ 7] [ 8] [ 9] [ 10] [ 11] [ 12] [ 13] [ 14] [ 15] [ 16] [ 17] [ 18] [ 19] [ 20] [ 21] [ 22] [ 23]

@

Journal of Information Science and Engineering, Vol. 26 No. 5, pp. 1719-1739 (September 2010)

A Schema Based Approach to Valid XML Access Control*

CHANGWOO BYUN1 AND SEOG PARK2
1Department of Computer Systems and Engineering
Inha Technical College
Incheon, 402-752 Korea
2Department of Computer Science and Engineering
Sogang University
Seoul, 121-742 Korea

As Extensible Markup Language (XML) is becoming a de facto standard for the distribution and sharing of information, the need for an efficient yet secure access of XML data has become very important. An access control environment for XML documents and some techniques to deal with authorization priorities and conflict resolution issues are proposed. Despite this, relatively little work has been done to enforce access controls particularly for XML databases in the case of query access. This work presents an approach to enforce authorizations on XML documents via a filtering system transforming a user query into a rewritten safe query. The basic idea utilized is that a query interaction with only necessary access control rules is modified to an alternative form, which is guaranteed to have no access violations using the metadata of XML schemas and set operations supported by XPath 2.0. This access control mechanism is independent from the underlying XML database engine. Thus, it could be built on top of any XML DBMS, or work as stand-alone services. This work includes other several benefits such as implementation ease, small execution time overhead, and fine-grained controls. The experimental results clearly demonstrate the efficiency of the approach.

Keywords: XML data, XML schema, valid XML access control, access control mechanism, query rewriting

Full Text () Retrieve PDF document (201009_10.pdf)

Received September 16, 2008; revised June 26 & November 13, 2009; accepted January 5, 2010.
Communicated by Chih-Ping Chu.
* This work was supported by the second stage of the Brain Korea 21 Project in 2010.