Abstract
As documents containing sensitive information are exchanged over the Internet, access control of XML documents is becoming important. Access control policies can specify fine-grained rules to documents, but policies sometimes become redundant, as documents are restructured or combined during exchange. In this paper, we consider a new approach of optimizing access control policies, by extracting distribution information of given authorization values within XML data. The extracted information is called a global policy tree, and it can be utilized for minimizing the total size of policies as well as efficient query processing. We present a linear-time algorithm for minimizing policies utilizing global policy trees, and our evaluation results show significant improvement over existing work.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Hippocratic Databases. In: Proc. VLDB 2002, August 2002, pp. 143–154 (2002)
Bertino, E., Castano, S., Ferrari, E., Mesiti, M.: Specifying and Enforcing Access Control Policies for XML Document Sources. WWW Journal 3(3) (2000)
Bertino, E., Ferrari, E.: Secure and selective dissemination of XML documents. ACM Trans. Inf. Syst. Secur. 5(3), 290–331 (2002)
Buneman, P., Choi, B., Fan, W., Hutchison, R., Mann, R., Viglas, S.: Vectorizing and Querying Large XML Repositories. In: Proc. ICDE 2005, April 2005, pp. 261–272 (2005)
Chatvichienchai, S., Iwaihara, M., Kambayashi, Y.: Translating Content-Based Authorizations of XML Documents. In: Proc. 4th Int. Conf. Web Information Systems Engineering (WISE 2003), December 2003, pp. 103–112 (2003)
Chatvichienchai, S., Iwaihara, M., Kambayashi, Y.: Authorization Translation for XML Document Transformation. In: World Wide Web: Internet and Web Information Systems, vol. 7(1), pp. 111–138. Kluwer, Dordrecht (2004)
Damiani, E., De Capitani di Vimercati, S., Paraboschi, S., Samarati, P.: A Fine-Grained Access Control System for XML Documents. ACM TISSEC 5(2) (2002)
Goldman, R., Widom, J.: DataGuides: Enabling Formulation and Optimization in Semistructured Databases. In: Proc. of VLDB (1997)
HL7 Standards, http://www.hl7.org/library/standards_non1.htm
Kudo, M., Hada, S.: XML Document Security based on Provisional Authorization. In: Proc. 7th ACM Conf. Computer and Communications Security, pp. 87–96 (2000)
Liefke, H., Suciu, D.: XMILL: An XML Efficient Compressor for XML Data. In: Proc. ACM SIGMOD 2000 (2000)
Luo, B., Lee, D., Lee, W.-C., Liu, P.: QFilter: Fine-Grained Run-Time XML Access Control via NFA-based Query Rewriting. In: Proc. 13th ACM CIKM, pp. 543–552 (2004)
Murata, M., Tozawa, A., Kudo, M., Hada, S.: XML Access Control Using Static Analysis. In: Proc. ACM Conf. Computer and Communications Security, pp. 73–84 (2003)
Sandhu, R., Coyne, E., Feinstein, H., Youman, C.: Role-Based Access Control Models. IEEE Computer 29(2), 38–47 (1996)
OASIS XACML Technical Committee, eXtensible Access Control Markup Language (XACML) Version 2.0, http://www.oasis-open.org/committees/download.php/10578/XACML-2.0-CD-NORMATIVE.zip
TravelXML, http://www.xmlconsortium.org/wg/TravelXML/TravelXML_index.html
VISA, http://international.visa.com/fb/downloads/commprod/visaxmlinvoice/
XML Path Language (XPath) Version 1.0, http://www.w3.org/TR/xpath
Yu, T., Srivastava, D., Lakshmanan, L.V.S., Jagadish, H.V.: Compressed Accessibility Map: Efficient Access Control for XML. In: Proc. 28th VLDB, pp. 478–489 (2002)
Yu, T., Srivastava, D., Lakshmanan, L.V.S., Jagadish, H.V.: A Compressed Accessibility Map for XML. ACM Trans. Database Syst. 29(2), 363–402 (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Iwaihara, M., Wang, B., Chatvichienchai, S. (2005). Extracting Global Policies for Efficient Access Control of XML Documents. In: Ngu, A.H.H., Kitsuregawa, M., Neuhold, E.J., Chung, JY., Sheng, Q.Z. (eds) Web Information Systems Engineering – WISE 2005. WISE 2005. Lecture Notes in Computer Science, vol 3806. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11581062_13
Download citation
DOI: https://doi.org/10.1007/11581062_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-30017-5
Online ISBN: 978-3-540-32286-3
eBook Packages: Computer ScienceComputer Science (R0)