Skip to main content
SpringerLink
Log in

The dynamic predicate: integrating access control with query processing in XML databases

  • Regular Paper
  • Published:
The VLDB Journal Aims and scope Submit manuscript

Abstract

Recently, access control on XML data has become an important research topic. Previous research on access control mechanisms for XML data has focused on increasing the efficiency of access control itself, but has not addressed the issue of integrating access control with query processing. In this paper, we propose an efficient access control mechanism tightly integrated with query processing for XML databases. We present the novel concept of the dynamic predicate (DP), which represents a dynamically constructed condition during query execution. A DP is derived from instance-level authorizations and constrains accessibility of the elements. The DP allows us to effectively integrate authorization checking into the query plan so that unauthorized elements are excluded in the process of query execution. Experimental results show that the proposed access control mechanism improves query processing time significantly over the state-of-the-art access control mechanisms. We conclude that the DP is highly effective in efficiently checking instance-level authorizations in databases with hierarchical structures.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Aggarwal, G. et al.: Enabling privacy for the paranoids. In: Proceedings of 30th International Conference on Very Large Data Bases, Toronto, Canada, pp. 708–719, Aug./Sept. 2004

  2. Agrawal, R. et al.: Hippocratic databases. In: Proceedings of 28th International Conference on Very Large Data Bases, Hong Kong, China, pp. 143–154, Aug. 2002

  3. Al-Khalifa, S. et al.: Structural joins: a primitive for efficient XML query pattern matching. In: Proceedings of 18th International Conference on Data Engineering, San Jose, California, pp. 141–152, Feb. 2002

  4. Aref W.G. and Ilyas I.F. (2001). SP-GiST: an extensible database index for supporting space partitioning trees. J. Intell. Inform. Syst. 17(2–3): 215–240

    Article  MATH  Google Scholar 

  5. Bertino, E. et al.: Specifying and enforcing access control policies for XML document sources. World Wide Web J. 3(3), 139–151 (2000)

    Google Scholar 

  6. Bruno, N., Koudas, N., Srivastava, D.: Holistic twig joins: optimal XML pattern matching. In: Proceedings of 2002 ACM SIGMOD International Conference on Management of Data, Madison, Wisconsin, pp. 310–321, June 2002

  7. Carminati B. and Ferrari E. (2003). Management of access control policies for XML document sources. Int. J. Inform. Sec. 1(4): 236–260

    Article  Google Scholar 

  8. Carminati, B., Ferrari, E.: AC-XML documents: improving the performance of a web access control module. In: Proceedings of 10th ACM Symposium on Access Control Models and Technologies, Stockholm, Sweden, pp. 67–76, June 2005

  9. Chien, S.-Y. et al.: Efficient structural joins on indexed XML documents. In: Proceedings of 28th International Conference on Very Large Data Bases, Hong Kong, China, pp. 263–274, Aug. 2002

  10. Cho, S. et al.: Optimizing the secure evaluation of twig queries. In: Proceedings of 28th International Conference on Very Large Data Bases, Hong Kong, China, pp. 490–501, Aug. 2002

  11. Clark, J., DeRose, S.: XML path language (XPath) Version 1.0, W3C Recommendation, Nov. 1999

  12. Damiani, E. et al.: A fine-grained access control system for XML documents. ACM Trans. Inform. Syst. Sec. 5(2), 169–202 (2002)

    Google Scholar 

  13. Fan, W., Chan, C.Y., Garofalakis, M.N.: Secure XML querying with security views. In: Proceedings of 2004 ACM SIGMOD International Conference on Management of Data, Paris, France, pp. 587–598, June 2004

  14. Fundulaki, I., Marx, M.: Specifying access control policies for XML documents with XPath. In: Proceedings of 9th ACM Symposium on Access Control Models and Technologies, Yorktown Heights, New York, pp. 61–69, June 2004

  15. Gaede V. and Gunther O. (1998). Multidimensional access methods. ACM Comput. Surveys 30(2): 170–231

    Article  Google Scholar 

  16. Graefe G. (1993). Query evaluation techniques for large databases. ACM Comput. Surveys 25(2): 73–170

    Article  Google Scholar 

  17. Guttman, A.: R-trees: a dynamic index structure for spatial searching. In: Proceedings of 1984 ACM SIGMOD International Conference on Management of Data, Boston, Massachusetts, pp. 47–57, June 1984

  18. Hjaltason G.R. and Samet H. (1999). Distance browsing in spatial databases. ACM Trans. Database Syst. 24(2): 265–318

    Article  Google Scholar 

  19. Li, Q., Moon, B.: Indexing and querying XML data for regular path expressions. In: Proceedings of 27th International Conference on Very Large Data Bases, Rome, Italy, pp. 361–370, Sept. 2001

  20. Luo, B. et al.: QFilter: fine-grained run-time XML access control via NFA-based query rewriting. In: Proceedings of 2004 ACM CIKM International Conference on Information and Knowledge Management, Washington, DC, pp. 543–552, Nov. 2004

  21. Marcus M.P., Marcinkiewicz M.A. and Santorini B. (1993). Building a large annotated corpus of English: The Penn Treebank. Comput. Linguist. 19(2): 313–330

    Google Scholar 

  22. Miklau G. and Suciu D. (2004). Containment and equivalence for a fragment of XPath. J. ACM 51(1): 2–45

    Article  MathSciNet  Google Scholar 

  23. Murata, M., Tozawa, A., Kudo, M.: XML access control using static analysis. In: Proceedings of 10th ACM Conference on Computer and Communications Security, Washingtion, DC, pp. 73–84, Oct. 2003

  24. Information and Privacy Commissioner of Ontario, Intelligent Software Agents: Turning a Privacy Threat into a Privacy Protector, Apr. 1999

  25. Information and Privacy Commissioner of Ontario, An Internet Privacy Primer: Assume Nothing, Aug. 2001

  26. Qi, N., Kudo, M.: Access-condition-table-driven access control for XML database. In: Proceedings of 9th European Symposium on Research in Computer Security, French Riviera, France, pp. 17–32, Sept. 2004

  27. Rabitti, F. et al.: A model of authorization for next-generation database systems. ACM Trans. Database Syst. 16(1), 88–131 (1991)

    Google Scholar 

  28. Ramanan, P.: Covering indexes for XML queries: bisimulation – Simulation = Negation. In: Proceedings of 29th International Conference on Very Large Data Bases, Berlin, pp. 165–176, Sept. 2003

  29. Samet H. (1984). The quadtree and related hierarchical data structures. ACM Comput. Surveys 16(2): 187–260

    Article  MathSciNet  Google Scholar 

  30. Schmidt, A.R. et al.: XMark: a benchmark for XML data management. In: Proceedings of 28th International Conference on Very Large Data Bases, Hong Kong, China, pp. 974–985, Aug. 2002

  31. Seeger, B., Kriegel,H.-P.: The buddy-tree: an efficient and robust access method for spatial data base systems. In: Proceedings of 16th International Conference on Very Large Data Bases, Queensland, Australia, pp. 590–601, Aug. 1990

  32. Whang, K.-Y., Krishnamurthy, R.: The multilevel grid file—a dynamic hierarchical multidimensional file structure. In: of International Conference on Database for Advanced Applications, Tokyo, Japan, pp. 449–459, Apr. 1991

  33. Wu,Y., Patel, J.M., Jagadish H.V.: Structural join order selection for XML query optimization. In: Proceedings of 19th International Conference on Data Engineering, Bangalore, India, pp. 443–454, Mar. 2003

  34. Yu, T. et al.: A compressed accessibility map for XML. ACM Trans. Database Syst. 29(2), 363–402 (2004)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Advanced Information Technology Research Center (AITrc), Korea Advanced Institute of Science and Technology(KAIST), 373-1 Guseong-dong, Yuseong-gu, Daejeon, 305-701, South Korea

    Jae-Gil Lee & Kyu-Young Whang

  2. Department of Computer Engineering, Kyungpook National University, 1370 Sankyuk-dong, Book-gu, Daegu, 702-701, South Korea

    Wook-Shin Han

  3. College of Information Science and Technology, Drexel University, Philadelphia, PA, 19104, USA

    Il-Yeol Song

Authors
  1. Jae-Gil Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Kyu-Young Whang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Wook-Shin Han
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Il-Yeol Song
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jae-Gil Lee.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Lee, JG., Whang, KY., Han, WS. et al. The dynamic predicate: integrating access control with query processing in XML databases. The VLDB Journal 16, 371–387 (2007). https://doi.org/10.1007/s00778-006-0037-7

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00778-006-0037-7

Keywords

Search

Navigation