skip to main content
article

Relevancy-based access control and its evaluation on versioned XML documents

Published: 01 February 2007 Publication History

Abstract

Integration of version and access control of XML documents has the benefit of regulating access to rapidly growing archives of XML documents. Versioned XML documents provide us with valuable information on dependencies between document nodes, but, at the same time, presenting the risk of undesirable data disclosure. In this article, we introduce the notion of relevancy-based access control, which realizes protection of versioned XML documents by various types of relevancy, such as version dependencies, schema similarities, and temporal proximity. We define a new path query language XVerPath over XML document versions, which can be utilized for specifying relevancy-based access-control policies. We also introduce the notion of relevancy class, for collectively and compactly specifying relevancy-based policies. Regarding efficient processing of access requests, we propose the packed version model, which realizes space-efficient difference-based archives of versioned XML documents and, at the same time, providing efficient evaluation of XVerPath queries. Experimental results show reasonable performance superiority over conventional methods, which do not utilize version differences.

References

[1]
Anutariya, C., Chatvichienchai, S., Iwaihara, M., Wuwongse, V., and Kambayashi, Y. 2003. A rule-based XML access control model. In Proc. 2nd Workshop on Rules and Rule Markup Languages for the Semantic Web. Springer Lecture Note in Computer Science 2876.
[2]
Bertino, E., Bettini, C., Ferrari, E., and Samarat, P. 1996. A temporal access control mechanism for database systems. IEEE Trans. Knowl. Data Eng. 8, 1, 67--80.
[3]
Bertino, E., Castano, S., Ferrari, E., and Mesiti, M. 2000. Specifying and enforcing access control policies for XML document sources. WWW Journal 3, 3, 139--151.
[4]
Bouganim, L., Ngoc, F. D., and Pucheral, P. 2004. Client-based access control management for XML documents. In Proc. of the 30th VLDB Conf. 84--95.
[5]
Chatvichienchai, S., Anutariya, C., Iwaihara, M., Wuwongse, V., and Kambayashi, Y. 2004. Towards integration of XML document access and version control. In Proc. Database and Expert Systems Applications (DEXA2004). Springer Lecture Note in Computer Science 3180, 791--800.
[6]
Chien, S. Y., Tsotras, V. J., and Zaniolo, C. 2001. Efficient management of multiversion documents by object referencing. In Proc. 27th VLDB Conf. 291--300.
[7]
Damiani, E., di Vimercati, S. D. C., Paraboschi, S., and Samarati, P. 2002. A fine-grained access control system for XML documents. ACM Trans. Inf. Syst. Secur. 5, 2, 169--202.
[8]
Gowadia, V. and Farkas, C. 2003. Rdf metadata for XML access control. In Proc. ACM Workshop on XML Security. 39--48.
[9]
Iwaihara, M., Chatvichienchai, S., Anutariya, C., and Wuwongse, V. 2005. Relevancy based access control of versioned XML documents. In Proc. 10th ACM Symposium on Access Control Models and Technologies (SACMAT). 85--94.
[10]
Kudo, M. and Hada, S. 2000. XML document security based on provisional authorization. In Proc. 7th ACM Conf. Computer and Communications Security. 87--96.
[11]
Marian, A., Abiteboul, S., Cobna, G., and Mignet, L. 2001. Change-centric management of versions in an XML warehouse. In Proc. 27th VLDB Conf. 581--590.
[12]
O'Neil, P. E., O'Neil, E. J., Pal, S., Cseri, I., Schaller, G., and Westbury, N. 2004. Ordpaths: Insert-friendly XML node labels. In Proc. ACM SIGMOD Conf. 903--908.
[13]
Tatarinov, I., Viglas, S., Beyer, K. S., Shanmugasundaram, J., Shekita, E. J., and Zhang, C. 2002. Storing and querying ordered XML using a relational database system. In Proc. ACM SIGMOD Conf. 204--215.
[14]
W3C. 1999. XML path language (Xpath) version 1.0. In W3C Recommendation 16 November 1999, http://www.w3.org/TR/xpath.
[15]
Wong, R. and Lam, N. 2002. Managing and querying multi-version XML data with update logging. In Proc. 2002 ACM Symposium on Document Engineering. 74--81.
[16]
XACML. 2005. extensible access control markup language (XACML) version 2.0. In http://www.oasis-open.org/specs/index.php#xacmlv2.0.

Cited By

View all

Index Terms

  1. Relevancy-based access control and its evaluation on versioned XML documents

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Transactions on Information and System Security
    ACM Transactions on Information and System Security  Volume 10, Issue 1
    February 2007
    106 pages
    ISSN:1094-9224
    EISSN:1557-7406
    DOI:10.1145/1210263
    Issue’s Table of Contents
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 01 February 2007
    Published in TISSEC Volume 10, Issue 1

    Permissions

    Request permissions for this article.

    Check for updates

    Author Tags

    1. Access control
    2. XML
    3. XPath
    4. query language
    5. security
    6. version control

    Qualifiers

    • Article

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)2
    • Downloads (Last 6 weeks)0
    Reflects downloads up to 19 Feb 2025

    Other Metrics

    Citations

    Cited By

    View all
    • (2014)Protocol Integration for Trust-Based CommunicationIntegration of Reusable Systems10.1007/978-3-319-04717-1_15(325-340)Online publication date: 18-Feb-2014
    • (2012)A trust negotiation based security framework for service provisioning in load-balancing clustersComputers and Security10.1016/j.cose.2011.11.00631:1(4-25)Online publication date: 1-Feb-2012
    • (2011)Adopting XML for Large-Scale InformationCommunicating with XML10.1007/978-1-4614-0992-2_8(185-205)Online publication date: 9-Aug-2011
    • (2009)A practical mandatory access control model for XML databasesInformation Sciences: an International Journal10.1016/j.ins.2008.12.011179:8(1116-1133)Online publication date: 20-Mar-2009
    • (2009)Query Rewriting Rules for Versioned XML DocumentsProceedings of the 20th International Conference on Database and Expert Systems Applications10.1007/978-3-642-03573-9_31(364-371)Online publication date: 25-Aug-2009
    • (2008)A component-based policy-neutral architecture for kernel-level access controlannals of telecommunications - annales des télécommunications10.1007/s12243-008-0071-064:1-2(121-146)Online publication date: 20-Nov-2008
    • (2007)Access Control of XML Documents and Business Rule Processing for Advanced Information ExchangeProceedings of the Second International Conference on Informatics Research for Development of Knowledge Society Infrastructure10.1109/ICKS.2007.2(177-184)Online publication date: 29-Jan-2007

    View Options

    Login options

    Full Access

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Figures

    Tables

    Media

    Share

    Share

    Share this Publication link

    Share on social media