Abstract
Recently, access control on XML data has become an important research topic. Previous research on access control mechanisms for XML data has focused on increasing the efficiency of access control itself, but has not addressed the issue of integrating access control with query processing. In this paper, we propose an efficient access control mechanism tightly integrated with query processing for XML databases. We present the novel concept of the dynamic predicate (DP), which represents a dynamically constructed condition during query execution. A DP is derived from instance-level authorizations and constrains accessibility of the elements. The DP allows us to effectively integrate authorization checking into the query plan so that unauthorized elements are excluded in the process of query execution. Experimental results show that the proposed access control mechanism improves query processing time significantly over the state-of-the-art access control mechanisms. We conclude that the DP is highly effective in efficiently checking instance-level authorizations in databases with hierarchical structures.
Similar content being viewed by others
References
Aggarwal, G. et al.: Enabling privacy for the paranoids. In: Proceedings of 30th International Conference on Very Large Data Bases, Toronto, Canada, pp. 708–719, Aug./Sept. 2004
Agrawal, R. et al.: Hippocratic databases. In: Proceedings of 28th International Conference on Very Large Data Bases, Hong Kong, China, pp. 143–154, Aug. 2002
Al-Khalifa, S. et al.: Structural joins: a primitive for efficient XML query pattern matching. In: Proceedings of 18th International Conference on Data Engineering, San Jose, California, pp. 141–152, Feb. 2002
Aref W.G. and Ilyas I.F. (2001). SP-GiST: an extensible database index for supporting space partitioning trees. J. Intell. Inform. Syst. 17(2–3): 215–240
Bertino, E. et al.: Specifying and enforcing access control policies for XML document sources. World Wide Web J. 3(3), 139–151 (2000)
Bruno, N., Koudas, N., Srivastava, D.: Holistic twig joins: optimal XML pattern matching. In: Proceedings of 2002 ACM SIGMOD International Conference on Management of Data, Madison, Wisconsin, pp. 310–321, June 2002
Carminati B. and Ferrari E. (2003). Management of access control policies for XML document sources. Int. J. Inform. Sec. 1(4): 236–260
Carminati, B., Ferrari, E.: AC-XML documents: improving the performance of a web access control module. In: Proceedings of 10th ACM Symposium on Access Control Models and Technologies, Stockholm, Sweden, pp. 67–76, June 2005
Chien, S.-Y. et al.: Efficient structural joins on indexed XML documents. In: Proceedings of 28th International Conference on Very Large Data Bases, Hong Kong, China, pp. 263–274, Aug. 2002
Cho, S. et al.: Optimizing the secure evaluation of twig queries. In: Proceedings of 28th International Conference on Very Large Data Bases, Hong Kong, China, pp. 490–501, Aug. 2002
Clark, J., DeRose, S.: XML path language (XPath) Version 1.0, W3C Recommendation, Nov. 1999
Damiani, E. et al.: A fine-grained access control system for XML documents. ACM Trans. Inform. Syst. Sec. 5(2), 169–202 (2002)
Fan, W., Chan, C.Y., Garofalakis, M.N.: Secure XML querying with security views. In: Proceedings of 2004 ACM SIGMOD International Conference on Management of Data, Paris, France, pp. 587–598, June 2004
Fundulaki, I., Marx, M.: Specifying access control policies for XML documents with XPath. In: Proceedings of 9th ACM Symposium on Access Control Models and Technologies, Yorktown Heights, New York, pp. 61–69, June 2004
Gaede V. and Gunther O. (1998). Multidimensional access methods. ACM Comput. Surveys 30(2): 170–231
Graefe G. (1993). Query evaluation techniques for large databases. ACM Comput. Surveys 25(2): 73–170
Guttman, A.: R-trees: a dynamic index structure for spatial searching. In: Proceedings of 1984 ACM SIGMOD International Conference on Management of Data, Boston, Massachusetts, pp. 47–57, June 1984
Hjaltason G.R. and Samet H. (1999). Distance browsing in spatial databases. ACM Trans. Database Syst. 24(2): 265–318
Li, Q., Moon, B.: Indexing and querying XML data for regular path expressions. In: Proceedings of 27th International Conference on Very Large Data Bases, Rome, Italy, pp. 361–370, Sept. 2001
Luo, B. et al.: QFilter: fine-grained run-time XML access control via NFA-based query rewriting. In: Proceedings of 2004 ACM CIKM International Conference on Information and Knowledge Management, Washington, DC, pp. 543–552, Nov. 2004
Marcus M.P., Marcinkiewicz M.A. and Santorini B. (1993). Building a large annotated corpus of English: The Penn Treebank. Comput. Linguist. 19(2): 313–330
Miklau G. and Suciu D. (2004). Containment and equivalence for a fragment of XPath. J. ACM 51(1): 2–45
Murata, M., Tozawa, A., Kudo, M.: XML access control using static analysis. In: Proceedings of 10th ACM Conference on Computer and Communications Security, Washingtion, DC, pp. 73–84, Oct. 2003
Information and Privacy Commissioner of Ontario, Intelligent Software Agents: Turning a Privacy Threat into a Privacy Protector, Apr. 1999
Information and Privacy Commissioner of Ontario, An Internet Privacy Primer: Assume Nothing, Aug. 2001
Qi, N., Kudo, M.: Access-condition-table-driven access control for XML database. In: Proceedings of 9th European Symposium on Research in Computer Security, French Riviera, France, pp. 17–32, Sept. 2004
Rabitti, F. et al.: A model of authorization for next-generation database systems. ACM Trans. Database Syst. 16(1), 88–131 (1991)
Ramanan, P.: Covering indexes for XML queries: bisimulation – Simulation = Negation. In: Proceedings of 29th International Conference on Very Large Data Bases, Berlin, pp. 165–176, Sept. 2003
Samet H. (1984). The quadtree and related hierarchical data structures. ACM Comput. Surveys 16(2): 187–260
Schmidt, A.R. et al.: XMark: a benchmark for XML data management. In: Proceedings of 28th International Conference on Very Large Data Bases, Hong Kong, China, pp. 974–985, Aug. 2002
Seeger, B., Kriegel,H.-P.: The buddy-tree: an efficient and robust access method for spatial data base systems. In: Proceedings of 16th International Conference on Very Large Data Bases, Queensland, Australia, pp. 590–601, Aug. 1990
Whang, K.-Y., Krishnamurthy, R.: The multilevel grid file—a dynamic hierarchical multidimensional file structure. In: of International Conference on Database for Advanced Applications, Tokyo, Japan, pp. 449–459, Apr. 1991
Wu,Y., Patel, J.M., Jagadish H.V.: Structural join order selection for XML query optimization. In: Proceedings of 19th International Conference on Data Engineering, Bangalore, India, pp. 443–454, Mar. 2003
Yu, T. et al.: A compressed accessibility map for XML. ACM Trans. Database Syst. 29(2), 363–402 (2004)
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Lee, JG., Whang, KY., Han, WS. et al. The dynamic predicate: integrating access control with query processing in XML databases. The VLDB Journal 16, 371–387 (2007). https://doi.org/10.1007/s00778-006-0037-7
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00778-006-0037-7