Two Phase Filtering for XML Access Control

  • Changwoo Byun
  • Seog Park
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4165)


We propose two phase filtering scheme to develop an efficient mechanism for XML databases to control query-based access. An access control environment for XML documents and some techniques to deal with fine-grained authorization priorities and conflict resolution issues are proposed. Despite this, relatively little work has been done to enforce access controls particularly for XML databases in the case of query-based access. The basic idea utilized is that a user query interaction with only necessary access control rules is modified to an alternative form which is guaranteed to have no access violations using tree-awareness metadata of XML schemas and set operations supported by XPath 2.0. The scheme can be applied to any XML database management system and has several advantages such as small execution time overhead, fine-grained controls, and safe and correct query modification. The experimental results clearly demonstrate the efficiency of the approach.


Access Control Target Node User Query Access Control Policy Refine Function 


  1. 1.
    Bray, T., Paoli, J., Sperberg-McQueen, C.M., Maler, E., Yergeau, F.: Extensible Markup Language (XML) 1.0, World Wide Web Consortium (W3C) (2004),
  2. 2.
    Berglund, A., Boag, S., Chamberlin, D., Fernández, M.F., Kay, M., Robie, J., Siméon, J.: XPath 2.0, World Wide Web Consortium (W3C) (2005),
  3. 3.
    Rabitti, F., Bertino, E., Kim, W., Woelk, D.: A Model of Authorization for Next-Generation Data-base Systems. ACM Transaction on Database Systems 126(1), 88–131 (1991)CrossRefGoogle Scholar
  4. 4.
    Damiani, E., Vimercati, S., Paraboschi, S., Samarati, P.: Securing XML document. In: Zaniolo, C., Grust, T., Scholl, M.H., Lockemann, P.C. (eds.) EDBT 2000. LNCS, vol. 1777, pp. 121–135. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  5. 5.
    Damiani, E., Vimercati, S., Paraboachk, S., Samarati, P.: XML Access Control Systems: A Compo-nent-Based Approach. In: Proc. IFIP WG11.3 Working Conference on Database Security, The Nether-lands (2000)Google Scholar
  6. 6.
    Damiani, E., Vimercati, S., Paraboachk, S., Samarati, P.: Design and Implementation of Access Control Processor for XML Documents. Computer Network (2000)Google Scholar
  7. 7.
    Damiani, E., Vimercati, S., Paraboachk, S., Samarati, P.: A Fine-grained Access Control System for XML Documents. ACM Trans. Information and System Sec. 5(2) (2002)Google Scholar
  8. 8.
    Bertino, E., Castano, S., Ferrari, E., Mesiti, M.: Specifying and Enforcing Access Control Policies for XML Document Sources. WWW Journal, Baltzer Science Publishers 3(3) (2000)Google Scholar
  9. 9.
    Bertino, E., Castano, S., Ferrai, E.: Securing XML documents with Author-x. IEEE Internet Computing, 21–31 (May/June 2001)Google Scholar
  10. 10.
    Bertino, E., Ferrari, E.: Secure and Selective Dissemination of XML Documents. TISSEC 5(3), 237–260 (2002)CrossRefGoogle Scholar
  11. 11.
    Bertino, E., Braun, M., Castano, S., Ferrari, E., Mesiti, M.: Author-X: A Java-Based System for XML Data Protection. In: Proc. IFIP WG11.3 Working Conference on Database Security, Netherlands (2002)Google Scholar
  12. 12.
    Gabillon, A., Bruno, E.: Regulating Access to XML Documents. In: Proc. IFIP WG11.3 Working Conference on Database Security (2001)Google Scholar
  13. 13.
    Stoica, A., Farkas, C.: Secure XML Views. In: Proc. IFIP WG11.3 Working Conference on Data-base and Application Security (2002)Google Scholar
  14. 14.
    Grust, T.: Accelerating XPath Location Steps. In: Proc. of the 21st Int’l ACM SIGMOD Conf. on Management of Data, Madison, Wisconsin, USA, pp. 109–120 (June 2002)Google Scholar
  15. 15.
    Grust, T., van Keulen, M., Teubner, J.: Staircase Join: Teach a Relational DBMS to Watch its Axis Steps. In: Proc. of the 29th VLDB Conference, Berlin, Germany (September 2003)Google Scholar
  16. 16.
    Murata, M., Tozawa, A., Kudo, M.: XML Access Control using Static Analysis. In: ACM CCS, Washington D.C. (2003)Google Scholar
  17. 17.
    Jeon, J.-M., Chung, Y.D., Kim, M.H., Lee, Y.J.: Filtering XPath expressions for XML access control. Computers & Security 23, 591–605 (2004)CrossRefGoogle Scholar
  18. 18.
    Luo, B., Lee, D.W., Lee, W.C., Liu, P.: Qfilter: Fine-grained Run-Time XML Access Control via NFA-based Query Rewriting. In: Proc. of the Thirteenth ACM Conference on Information and Knowledge Management 2004, Washington, USA, November 8 (2004)Google Scholar
  19. 19.
    De Capitani, S., Marrara, S., Samarati, P.: An Access Control Model for Querying XML Data. In: Proc. of the 2005 ACM Workshop on Secure Web Services, Fairfax, Virginia, USA, November 11, pp. 36–42 (2005)Google Scholar
  20. 20.
    Mohan, S., Sengupta, A., Wu, Y., Klinginsmith, J.: Access Control for XML - A Dynamic Query Rewriting Approach. In: Proc. of the 31st VLDB Conference, Trondheim, Norway (2005)Google Scholar
  21. 21.
    Schmidt, A.R., Waas, F., Kersten, M.L., Florescu, D., Manolescu, I., Carey, M.J., Busse, R.: The XML Benchmark Project. Technical Report INS-R0103, CWI (April 2001)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Changwoo Byun
    • 1
  • Seog Park
    • 1
  1. 1.Department of Computer ScienceSogang UniversitySeoulSouth Korea

Personalised recommendations