skip to main content
10.1145/1111348.1111351acmotherconferencesArticle/Chapter ViewAbstractPublication PagesccsConference Proceedingsconference-collections
Article

An authorization model for XML databases

Published: 29 October 2004 Publication History

Abstract

In this paper, we define a security model for a native XML database which supports the Xupdate language. Our model is inspired by the SQL security model which is the most famous security model for database. We first define a generic access control model for tree data structures. Then, we apply our model to an XML database which supports the Xupdate language.

References

[1]
{Ber00} E. Bertino, S. Castano, E. Ferrari and M. Mesiti. "Specifying and Enforcing Access Control Policies for XML Document Sources". World Wide Web Journal, vol. 3, n. 3, Baltzer Science Publishers. 2000.]]
[2]
{Bou99} Ronald Bourret. "XML and Databases". http://www.rpbourret.com/xml/XMLAndDatabases.htm]]
[3]
{Bra00} T. Bray et al. "Extensible Markup Language (XML) 1.0". World Wide Web Consortium (W3C). http://www.w3c.org/TR/REC-xml (October 2000).]]
[4]
{Bru03} E. Bruno, J. Le Maitre and E. Murisasco, "Extending XQuery with Transformation Operators", Proceedings of the 2003 ACM Symposium on Document Engineering (DocEng 2003), ACM Press, Grenoble, France, November 20-22 2003, pp. 1--8. {Réf. F75}.]]
[5]
{CD99} J. Clark and Steve DeRose. "XML Path Language (XPath) Version 1.0". World Wide Web Consortium (W3C). http://www.w3c.org/TR/xpath (November 1999).]]
[6]
{CG99} F. Cuppens, A. Gabillon. Logical Foundations of Multilevel Databases. Data and Knowledge Engineering, vol. 29, 1999, pp. 259--291. Elsevier.]]
[7]
{Coc} Apache software foundation. Cocoon, http://xml.apache.org/cocoon/index.html]]
[8]
{Cla99} J. Clark. "XSL Transformations (XSLT) Version 1.0". World Wide Web Consortium (W3C). http://www.w3c.org/TR/xslt (November 1999).]]
[9]
{Dam00} E. Damiani, S. De Capitani di Vimercati, S. Paraboschi, P. Samarati, "Securing XML Documents," in Proc, of the 2000 International Conference on Extending Database Technology (EDBT2000), Konstanz, Germany, March 27--31, 2000.]]
[10]
{Dam02} E. Damiani, S. De Capitani di Vimercati, S. Paraboschi, P. Samarati, "A Fine-Grained Access Control System for XML Documents," in ACM Transactions on Information and System Security (TISSEC), vol. 5, n. 2, May 2002, pp. 169--202.]]
[11]
{Feu99} Steven Feuerstein. Oracle PL/SQL guide. Guide to Oracle8i Features. Deploying Fine-Grained Access Control (chapter 8). O'Reilly 1999.]]
[12]
{GB01} Alban Gabillon and Emmanuel Bruno. "Regulating Access to XML documents". Fifteenth Annual IFIP WG 11.3 Working Conference on Database Security. Niagara on the Lake, Ontario, Canada July 15--18, 2001.]]
[13]
{Gab02} A. Gabillon, M. Munier, JJ. Bascou, L. Gallon, E. Bruno. "An Access Control Model for Tree Data Structure". Infomation Security Conference. Sao Paulo, Brasil. October 2002.]]
[14]
{KH00} M. Kudo and S. Hada. "XML Document Security based on Provisional Authorisation". Proceedings of the 7th ACM conference on Computer and communications security. November, 2000, Athens Greece.]]
[15]
{Lim03} C. Lim, S. Park, and S. H. Son," Access Control of XML Documents considering Update Operations," ACM Workshop on XML Security, Fairfax, VA, Oct. 2003]]
[16]
{Lio02} Matt Liotta. "Apache's Xindice Organizes XML Data Without Schema". http://www.devx.com/xml/article/9796. October 30, 2002.]]
[17]
{LM00} A. Laux et L. Martin. XML Update (XUpdate) language. XML:DB working draft, http://www.xmldb.org/xupdate. September 14, 2000]]
[18]
{San98} R. Sandhu. "Role-Based Access Control". Advances in Computers. Vol 48. Academic Press. 1998.]]
[19]
{SF02} A. Stoica and C. Farkas, "Secure XML Views," In Proc. 16th IFIP WG11.3 Working Conference on Database and Application Security, 2002]]
[20]
{SJ92} R. Sandhu and S. Jajodia. Polyinstantiation for cover stories. In European Symposium on Research in Computer Security. Toulouse, France. 1992. Springer Verlag.]]
[21]
{Sur04} Gargi M. Sur, Joachim Hammer, and Jerome Simeon, "UpdateX - An XQuery-Based Language for Processing Updates in XML." International Workshop on Programming Language Technologies for XML (PLAN-X 2004), Venice, Italy, January 2004]]
[22]
{Tat01} I. Tatarinov, Zachary G. Yves, Alon Y. Halevy, Daniel S. Weld. "Updating XML". In ACM SIGMOD 2001 May 21--24, Santa Barbara, California, USA.]]
[23]
{TH98} Marlene Theriault and William Heney. "Oracle Security". O'Reilly 1998.]]
[24]
{Vid98} Vidur Apparao et al. Document Object Model (DOM) Level 1 XPath Specification. W3C. 1 October 1998,]]
[25]
{XDB} XML DataBase Initiatitive:XML:DB. http://www.xmldb.org.]]
[26]
{Xin} Apache software foundation. Xindice, http://xml.apache.org/xindice.]]

Cited By

View all
  • (2013)Applying DAC Principles to the RDF Graph Data ModelSecurity and Privacy Protection in Information Processing Systems10.1007/978-3-642-39218-4_6(69-82)Online publication date: 2013
  • (2012)A purpose-based access control in native XML databasesConcurrency and Computation: Practice & Experience10.1002/cpe.171724:10(1154-1166)Online publication date: 1-Jul-2012
  • (2011)Access Control Method with XML DatabasesInformation Systems and New Applications in the Service Sector10.4018/978-1-60960-138-6.ch013(227-239)Online publication date: 2011
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences
SWS '04: Proceedings of the 2004 workshop on Secure web service
October 2004
109 pages
ISBN:158113973X
DOI:10.1145/1111348
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 29 October 2004

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. XML
  2. XPath
  3. Xupdate
  4. access controls
  5. permission
  6. privilege
  7. security

Qualifiers

  • Article

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)3
  • Downloads (Last 6 weeks)0
Reflects downloads up to 19 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2013)Applying DAC Principles to the RDF Graph Data ModelSecurity and Privacy Protection in Information Processing Systems10.1007/978-3-642-39218-4_6(69-82)Online publication date: 2013
  • (2012)A purpose-based access control in native XML databasesConcurrency and Computation: Practice & Experience10.1002/cpe.171724:10(1154-1166)Online publication date: 1-Jul-2012
  • (2011)Access Control Method with XML DatabasesInformation Systems and New Applications in the Service Sector10.4018/978-1-60960-138-6.ch013(227-239)Online publication date: 2011
  • (2011)Hecate, managing authorization with RESTful XMLProceedings of the Second International Workshop on RESTful Design10.1145/1967428.1967442(51-58)Online publication date: 28-Mar-2011
  • (2011)QFilterThe VLDB Journal — The International Journal on Very Large Data Bases10.1007/s00778-010-0202-x20:3(397-415)Online publication date: 1-Jun-2011
  • (2011)Web Access Control StrategiesEncyclopedia of Cryptography and Security10.1007/978-1-4419-5906-5_664(1368-1371)Online publication date: 2011
  • (2010)A Purpose Based Access Control in XML Databases SystemProceedings of the 2010 Fourth International Conference on Network and System Security10.1109/NSS.2010.28(486-493)Online publication date: 1-Sep-2010
  • (2008)An integrated access control for securely querying and updating XML dataProceedings of the nineteenth conference on Australasian database - Volume 7510.5555/1378307.1378324(75-84)Online publication date: 1-Jan-2008
  • (2008)Dynamic access-control policies on XML encrypted dataACM Transactions on Information and System Security10.1145/1284680.128468410:4(1-37)Online publication date: 22-Jan-2008
  • (2008)Access Control Models for XMLHandbook of Database Security10.1007/978-0-387-48533-1_2(27-53)Online publication date: 2008
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media