Abstract
In authorization-transparent access control, user queries are formulated against the database schema rather than against authorization views that transform and hide data. The Truman and the Non-Truman are two approaches to authorization transparency where in a Truman model, queries that violate the access restrictions are modified transparently by the system to only reveal accessible data, while in a Non-Truman model, such queries are rejected. The advantage of a Non-Truman model is that the semantics of user queries is not changed by the access-control mechanism. This work presents an access-control mechanism for XML, under the Non-Truman model. Security policies are specified as parameterized rules formulated using XPath. The rules specify relationships between elements, that should be concealed from users. Hence, not only elements, but also edges and paths within an XML document, can be concealed. The access-control mechanism authorizes only valid queries, i.e., queries that do not disclose the existence of concealed relationships. The additional expressive power, provided by these rules, over element-based authorization techniques is illustrated. The proposed access-control mechanism can either serve as a substitute for views or as a layer for verifying that specific relationships are concealed by a view.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bayardo, R.J., Agrawal, R.: Data privacy through optimal k-anonymization. In: Proc. Of the 21st ICDE, pp. 217–228 (2005)
Bertino, E., Castano, S., Ferrari, E.: On specifying security policies for web documents with an XML-based language. In: Proc. of the 6th SACMAT, pp. 57–65 (2001)
Bertino, E., Ferrari, E.: Secure and selective dissemination of XML documents. ACM TISSEC 5(3), 290–331 (2002)
Bouganim, L., Dang-Ngoc, F., Pucheral, P.: Client-based access control management for XML documents. In: Proc. of the 30th VLDB, pp. 84–95 (2004)
Chamberlin, D., Clark, J., Florescu, D., Robie, J., Sim´eon, J., Stefanescu, M.: XQuery 1.0 (June 2001), W3C standard, Available at http://www.w3.org/TR/xquery
Cho, S., Amer-Yahia, S., Lakshmanan, L.V.S., Srivastava, D.: Optimizing the secure evaluation of twig queries. In: Proc. of the 28th VLDB, pp. 490–501 (2002)
Clark, J.: XSLT 1.0. W3C standard (1999), Available at http://www.w3.org/TR/xslt
Clark, J., DeRose, S.: XPath 1.0., Available at http://www.w3.org/TR/xpath
Damiani, E., De Capitani di Vimercati, S., Paraboschi, S., Samarati, P.: A fine-grained access control system for XML documents. ACM TISSEC 5(3), 169–202 (2002)
Damiani, E., Samarati, S., di Vimercati, S., Paraboschi, S.: Controlling access to XML documents. IEEE Internet Computing 5(6), 18–28 (2001)
Fan, W., Chan, C., Garofalakis, M.: Secure XML querying with security views. In: Proc. of the 23rd ACM SIGMOD, pp. 587–598 (2004)
Finance, B., Medjdoub, S., Pucheral, P.: The Case for access control on XML relationships. In: Proc. of the 14th CIKM, pp. 107–114 (2005)
Fundulaki, I., Marx, M.: Specifying access control policies for XML documents with XPath. In: Proc. of the 9th ACM SACMAT, pp. 61–69 (2004)
Gabillon, A., Bruno, E.: Regulating access to XML documents. In: Proc. of the 15th IFIP WG11.3, pp. 299–314 (2001)
Godik, S., Moses, T.: eXtesible Access Control Markup Language (XACML) Version 1.0 (2003), Available at http://www.oasis-open.org/committees/xacml
Hada, S., Kudo, M.: XML Access Control Language: provisional authorization for XML documents, Available at http://www.trl.ibm.com/projects/xml/xacl
Meyerson, A., Williams, R.: On the complexity of optimal k-anonymity. In: Proc. of the 23rd PODS, pp. 223–228 (2004)
Miklau, G., Suciu, D.: Controlling access to published data using cryptography. In: Proc. of the 29th VLDB, pp. 898–909 (2003)
Miklau, G., Suciu, D.: Containment and equivalence for a fragment of XPath. Journal of the ACM 51(1), 2–45 (2004)
Miklau, G., Suciu, D.: A formal analysis of information disclosure in data exchange. In: Proc. of the 23rd ACM SIGMOD, pp. 575–586 (2004)
Motro, A.: An access authorization model for relational databases based on algebric manipulation of view definitions. In: Proc. of the 5th ICDE, pp. 339–347 (1989)
Rizvi, S., Mendelzon, A.O., Sudarshan, S., Roy, P.: Extending query rewriting techniques for fine-grained access control. In: Proc. of the 23rd ACM SIGMOD, pp. 551–562 (2004)
Rosenthal, A., Scoire, E.: View security as the basis for data warehouse security. In: Proc. of the 2nd DMDW, Stockholm, Sweden (2000)
Rosenthal, A., Scoire, E.: Administering permissions for distributed data:factoring andautomated inference. In: Proc. of the 15th IFIP WG11.3, pp. 91–104 (2001)
Sweeney, L.: k-anonymity: a model for protecting privacy. International Journal on Uncertainty, Fuzziness and Knowledge-based Systems 10(5), 557–570 (2002)
W3C, X.: standard, Available at http://www.w3c.org/XML
Schema, X.M.L.: W3C standard, Available at http://www.w3c.org/XML/Schema
Xu, W., Özsoyoglu, Z.M.: Rewriting xpath queries using materialized views. In: Proc. of the 31st VLDB, pp. 121–132 (2005)
Yao, C., Wang, X.S., Jajodia, S.: Checking for k-anonymity violation by views. In: Proc. of the 31st VLDB, pp. 910–921 (2005)
Yu, T., Srivastava, D., Lakshmanan, L.V.S., Jagadish, H.V.: Compressed accessibility map: efficient access control for XML. In: Proc. of the 28th VLDB, pp. 363–402 (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kanza, Y., Mendelzon, A.O., Miller, R.J., Zhang, Z. (2006). Authorization-Transparent Access Control for XML Under the Non-Truman Model. In: Ioannidis, Y., et al. Advances in Database Technology - EDBT 2006. EDBT 2006. Lecture Notes in Computer Science, vol 3896. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11687238_16
Download citation
DOI: https://doi.org/10.1007/11687238_16
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-32960-2
Online ISBN: 978-3-540-32961-9
eBook Packages: Computer ScienceComputer Science (R0)