Authorization-Transparent Access Control for XML Under the Non-Truman Model

  • Yaron Kanza
  • Alberto O. Mendelzon
  • Renée J. Miller
  • Zheng Zhang
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3896)


In authorization-transparent access control, user queries are formulated against the database schema rather than against authorization views that transform and hide data. The Truman and the Non-Truman are two approaches to authorization transparency where in a Truman model, queries that violate the access restrictions are modified transparently by the system to only reveal accessible data, while in a Non-Truman model, such queries are rejected. The advantage of a Non-Truman model is that the semantics of user queries is not changed by the access-control mechanism. This work presents an access-control mechanism for XML, under the Non-Truman model. Security policies are specified as parameterized rules formulated using XPath. The rules specify relationships between elements, that should be concealed from users. Hence, not only elements, but also edges and paths within an XML document, can be concealed. The access-control mechanism authorizes only valid queries, i.e., queries that do not disclose the existence of concealed relationships. The additional expressive power, provided by these rules, over element-based authorization techniques is illustrated. The proposed access-control mechanism can either serve as a substitute for views or as a layer for verifying that specific relationships are concealed by a view.


Access Control Transitive Closure XPath Query XPath Expression Local Validity 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bayardo, R.J., Agrawal, R.: Data privacy through optimal k-anonymization. In: Proc. Of the 21st ICDE, pp. 217–228 (2005)Google Scholar
  2. 2.
    Bertino, E., Castano, S., Ferrari, E.: On specifying security policies for web documents with an XML-based language. In: Proc. of the 6th SACMAT, pp. 57–65 (2001)Google Scholar
  3. 3.
    Bertino, E., Ferrari, E.: Secure and selective dissemination of XML documents. ACM TISSEC 5(3), 290–331 (2002)CrossRefGoogle Scholar
  4. 4.
    Bouganim, L., Dang-Ngoc, F., Pucheral, P.: Client-based access control management for XML documents. In: Proc. of the 30th VLDB, pp. 84–95 (2004)Google Scholar
  5. 5.
    Chamberlin, D., Clark, J., Florescu, D., Robie, J., Sim´eon, J., Stefanescu, M.: XQuery 1.0 (June 2001), W3C standard, Available at
  6. 6.
    Cho, S., Amer-Yahia, S., Lakshmanan, L.V.S., Srivastava, D.: Optimizing the secure evaluation of twig queries. In: Proc. of the 28th VLDB, pp. 490–501 (2002)Google Scholar
  7. 7.
    Clark, J.: XSLT 1.0. W3C standard (1999), Available at
  8. 8.
    Clark, J., DeRose, S.: XPath 1.0., Available at
  9. 9.
    Damiani, E., De Capitani di Vimercati, S., Paraboschi, S., Samarati, P.: A fine-grained access control system for XML documents. ACM TISSEC 5(3), 169–202 (2002)CrossRefGoogle Scholar
  10. 10.
    Damiani, E., Samarati, S., di Vimercati, S., Paraboschi, S.: Controlling access to XML documents. IEEE Internet Computing 5(6), 18–28 (2001)CrossRefGoogle Scholar
  11. 11.
    Fan, W., Chan, C., Garofalakis, M.: Secure XML querying with security views. In: Proc. of the 23rd ACM SIGMOD, pp. 587–598 (2004)Google Scholar
  12. 12.
    Finance, B., Medjdoub, S., Pucheral, P.: The Case for access control on XML relationships. In: Proc. of the 14th CIKM, pp. 107–114 (2005)Google Scholar
  13. 13.
    Fundulaki, I., Marx, M.: Specifying access control policies for XML documents with XPath. In: Proc. of the 9th ACM SACMAT, pp. 61–69 (2004)Google Scholar
  14. 14.
    Gabillon, A., Bruno, E.: Regulating access to XML documents. In: Proc. of the 15th IFIP WG11.3, pp. 299–314 (2001)Google Scholar
  15. 15.
    Godik, S., Moses, T.: eXtesible Access Control Markup Language (XACML) Version 1.0 (2003), Available at
  16. 16.
    Hada, S., Kudo, M.: XML Access Control Language: provisional authorization for XML documents, Available at
  17. 17.
    Meyerson, A., Williams, R.: On the complexity of optimal k-anonymity. In: Proc. of the 23rd PODS, pp. 223–228 (2004)Google Scholar
  18. 18.
    Miklau, G., Suciu, D.: Controlling access to published data using cryptography. In: Proc. of the 29th VLDB, pp. 898–909 (2003)Google Scholar
  19. 19.
    Miklau, G., Suciu, D.: Containment and equivalence for a fragment of XPath. Journal of the ACM 51(1), 2–45 (2004)CrossRefMathSciNetGoogle Scholar
  20. 20.
    Miklau, G., Suciu, D.: A formal analysis of information disclosure in data exchange. In: Proc. of the 23rd ACM SIGMOD, pp. 575–586 (2004)Google Scholar
  21. 21.
    Motro, A.: An access authorization model for relational databases based on algebric manipulation of view definitions. In: Proc. of the 5th ICDE, pp. 339–347 (1989)Google Scholar
  22. 22.
    Rizvi, S., Mendelzon, A.O., Sudarshan, S., Roy, P.: Extending query rewriting techniques for fine-grained access control. In: Proc. of the 23rd ACM SIGMOD, pp. 551–562 (2004)Google Scholar
  23. 23.
    Rosenthal, A., Scoire, E.: View security as the basis for data warehouse security. In: Proc. of the 2nd DMDW, Stockholm, Sweden (2000)Google Scholar
  24. 24.
    Rosenthal, A., Scoire, E.: Administering permissions for distributed data:factoring andautomated inference. In: Proc. of the 15th IFIP WG11.3, pp. 91–104 (2001)Google Scholar
  25. 25.
    Sweeney, L.: k-anonymity: a model for protecting privacy. International Journal on Uncertainty, Fuzziness and Knowledge-based Systems 10(5), 557–570 (2002)zbMATHCrossRefMathSciNetGoogle Scholar
  26. 26.
    W3C, X.: standard, Available at
  27. 27.
    Schema, X.M.L.: W3C standard, Available at
  28. 28.
    Xu, W., Özsoyoglu, Z.M.: Rewriting xpath queries using materialized views. In: Proc. of the 31st VLDB, pp. 121–132 (2005)Google Scholar
  29. 29.
    Yao, C., Wang, X.S., Jajodia, S.: Checking for k-anonymity violation by views. In: Proc. of the 31st VLDB, pp. 910–921 (2005)Google Scholar
  30. 30.
    Yu, T., Srivastava, D., Lakshmanan, L.V.S., Jagadish, H.V.: Compressed accessibility map: efficient access control for XML. In: Proc. of the 28th VLDB, pp. 363–402 (2002)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Yaron Kanza
    • 1
  • Alberto O. Mendelzon
    • 1
  • Renée J. Miller
    • 1
  • Zheng Zhang
    • 1
  1. 1.Department of Computer ScienceUniversity of TorontoTorontoCanada

Personalised recommendations