Skip to main content
SpringerLink
Log in

Authorization-Transparent Access Control for XML Under the Non-Truman Model

  • Conference paper
Advances in Database Technology - EDBT 2006 (EDBT 2006)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 3896))

Included in the following conference series:

Abstract

In authorization-transparent access control, user queries are formulated against the database schema rather than against authorization views that transform and hide data. The Truman and the Non-Truman are two approaches to authorization transparency where in a Truman model, queries that violate the access restrictions are modified transparently by the system to only reveal accessible data, while in a Non-Truman model, such queries are rejected. The advantage of a Non-Truman model is that the semantics of user queries is not changed by the access-control mechanism. This work presents an access-control mechanism for XML, under the Non-Truman model. Security policies are specified as parameterized rules formulated using XPath. The rules specify relationships between elements, that should be concealed from users. Hence, not only elements, but also edges and paths within an XML document, can be concealed. The access-control mechanism authorizes only valid queries, i.e., queries that do not disclose the existence of concealed relationships. The additional expressive power, provided by these rules, over element-based authorization techniques is illustrated. The proposed access-control mechanism can either serve as a substitute for views or as a layer for verifying that specific relationships are concealed by a view.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Bayardo, R.J., Agrawal, R.: Data privacy through optimal k-anonymization. In: Proc. Of the 21st ICDE, pp. 217–228 (2005)

    Google Scholar 

  2. Bertino, E., Castano, S., Ferrari, E.: On specifying security policies for web documents with an XML-based language. In: Proc. of the 6th SACMAT, pp. 57–65 (2001)

    Google Scholar 

  3. Bertino, E., Ferrari, E.: Secure and selective dissemination of XML documents. ACM TISSEC 5(3), 290–331 (2002)

    Article  Google Scholar 

  4. Bouganim, L., Dang-Ngoc, F., Pucheral, P.: Client-based access control management for XML documents. In: Proc. of the 30th VLDB, pp. 84–95 (2004)

    Google Scholar 

  5. Chamberlin, D., Clark, J., Florescu, D., Robie, J., Sim´eon, J., Stefanescu, M.: XQuery 1.0 (June 2001), W3C standard, Available at http://www.w3.org/TR/xquery

  6. Cho, S., Amer-Yahia, S., Lakshmanan, L.V.S., Srivastava, D.: Optimizing the secure evaluation of twig queries. In: Proc. of the 28th VLDB, pp. 490–501 (2002)

    Google Scholar 

  7. Clark, J.: XSLT 1.0. W3C standard (1999), Available at http://www.w3.org/TR/xslt

  8. Clark, J., DeRose, S.: XPath 1.0., Available at http://www.w3.org/TR/xpath

  9. Damiani, E., De Capitani di Vimercati, S., Paraboschi, S., Samarati, P.: A fine-grained access control system for XML documents. ACM TISSEC 5(3), 169–202 (2002)

    Article  Google Scholar 

  10. Damiani, E., Samarati, S., di Vimercati, S., Paraboschi, S.: Controlling access to XML documents. IEEE Internet Computing 5(6), 18–28 (2001)

    Article  Google Scholar 

  11. Fan, W., Chan, C., Garofalakis, M.: Secure XML querying with security views. In: Proc. of the 23rd ACM SIGMOD, pp. 587–598 (2004)

    Google Scholar 

  12. Finance, B., Medjdoub, S., Pucheral, P.: The Case for access control on XML relationships. In: Proc. of the 14th CIKM, pp. 107–114 (2005)

    Google Scholar 

  13. Fundulaki, I., Marx, M.: Specifying access control policies for XML documents with XPath. In: Proc. of the 9th ACM SACMAT, pp. 61–69 (2004)

    Google Scholar 

  14. Gabillon, A., Bruno, E.: Regulating access to XML documents. In: Proc. of the 15th IFIP WG11.3, pp. 299–314 (2001)

    Google Scholar 

  15. Godik, S., Moses, T.: eXtesible Access Control Markup Language (XACML) Version 1.0 (2003), Available at http://www.oasis-open.org/committees/xacml

  16. Hada, S., Kudo, M.: XML Access Control Language: provisional authorization for XML documents, Available at http://www.trl.ibm.com/projects/xml/xacl

  17. Meyerson, A., Williams, R.: On the complexity of optimal k-anonymity. In: Proc. of the 23rd PODS, pp. 223–228 (2004)

    Google Scholar 

  18. Miklau, G., Suciu, D.: Controlling access to published data using cryptography. In: Proc. of the 29th VLDB, pp. 898–909 (2003)

    Google Scholar 

  19. Miklau, G., Suciu, D.: Containment and equivalence for a fragment of XPath. Journal of the ACM 51(1), 2–45 (2004)

    Article  MathSciNet  Google Scholar 

  20. Miklau, G., Suciu, D.: A formal analysis of information disclosure in data exchange. In: Proc. of the 23rd ACM SIGMOD, pp. 575–586 (2004)

    Google Scholar 

  21. Motro, A.: An access authorization model for relational databases based on algebric manipulation of view definitions. In: Proc. of the 5th ICDE, pp. 339–347 (1989)

    Google Scholar 

  22. Rizvi, S., Mendelzon, A.O., Sudarshan, S., Roy, P.: Extending query rewriting techniques for fine-grained access control. In: Proc. of the 23rd ACM SIGMOD, pp. 551–562 (2004)

    Google Scholar 

  23. Rosenthal, A., Scoire, E.: View security as the basis for data warehouse security. In: Proc. of the 2nd DMDW, Stockholm, Sweden (2000)

    Google Scholar 

  24. Rosenthal, A., Scoire, E.: Administering permissions for distributed data:factoring andautomated inference. In: Proc. of the 15th IFIP WG11.3, pp. 91–104 (2001)

    Google Scholar 

  25. Sweeney, L.: k-anonymity: a model for protecting privacy. International Journal on Uncertainty, Fuzziness and Knowledge-based Systems 10(5), 557–570 (2002)

    Article  MATH  MathSciNet  Google Scholar 

  26. W3C, X.: standard, Available at http://www.w3c.org/XML

  27. Schema, X.M.L.: W3C standard, Available at http://www.w3c.org/XML/Schema

  28. Xu, W., Özsoyoglu, Z.M.: Rewriting xpath queries using materialized views. In: Proc. of the 31st VLDB, pp. 121–132 (2005)

    Google Scholar 

  29. Yao, C., Wang, X.S., Jajodia, S.: Checking for k-anonymity violation by views. In: Proc. of the 31st VLDB, pp. 910–921 (2005)

    Google Scholar 

  30. Yu, T., Srivastava, D., Lakshmanan, L.V.S., Jagadish, H.V.: Compressed accessibility map: efficient access control for XML. In: Proc. of the 28th VLDB, pp. 363–402 (2002)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science, University of Toronto, Toronto, Canada

    Yaron Kanza, Alberto O. Mendelzon, Renée J. Miller & Zheng Zhang

Authors
  1. Yaron Kanza
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Alberto O. Mendelzon
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Renée J. Miller
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Zheng Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. University of Athens, Greece

    Yannis Ioannidis

  2. University of Konstanz, P.O.Box D188, 78457, Konstanz, Germany

    Marc H. Scholl

  3. Sustainable Content Logistics Centre, Hamburg, Germany

    Joachim W. Schmidt

  4. Chair of Software Engineering for Business Information Systems, Technische Universität MĂ¼nchen, BoltzmannstraĂŸe 3, 85748, Garching b. MĂ¼nchen,  

    Florian Matthes

  5. Department of Informatics, University of Athens Panepistimiopolis, 15771, Athens, Greece

    Mike Hatzopoulos

  6. IPD, Universität Karlsruhe, Am Fasanengarten 5, 76131, Karlsruhe,  

    Klemens Boehm

  7. TU MĂ¼nchen, D-85748, Garching, Germany

    Alfons Kemper

  8. Technische Universität MĂ¼nchen, Germany

    Torsten Grust

  9. Institute for Computer Science, Ludwig-Maximilians Universität MĂ¼nchen,  

    Christian Boehm

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Kanza, Y., Mendelzon, A.O., Miller, R.J., Zhang, Z. (2006). Authorization-Transparent Access Control for XML Under the Non-Truman Model. In: Ioannidis, Y., et al. Advances in Database Technology - EDBT 2006. EDBT 2006. Lecture Notes in Computer Science, vol 3896. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11687238_16

Download citation

  • DOI: https://doi.org/10.1007/11687238_16

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-32960-2

  • Online ISBN: 978-3-540-32961-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation