More Web Proxy on the site http://driver.im/

research-article

HyXAC: a hybrid approach for XML access control

Authors:

Manogna Thimma,

Bo LuoAuthors Info & Claims

SACMAT '13: Proceedings of the 18th ACM symposium on Access control models and technologies

Pages 113 - 124

https://doi.org/10.1145/2462410.2462424

Published: 12 June 2013 Publication History

Abstract

While XML has been widely adopted for information sharing over the Internet, the need for efficient XML access control naturally arise. Various XML access control enforcement mechanisms have been proposed in the research community, such as view-based approaches and pre-processing approaches. Each category of solutions has its inherent advantages and disadvantages. For instance, view based approach provides high performance in query evaluation, but suffers from the view maintenance issues. To remedy the problems, we propose a hybrid approach, namely HyXAC: Hybrid XML Access Control. HyXAC provides efficient access control and query processing by maximizing the utilization of available (but constrained) resources. HyXAC first uses the pre-processing approach as a baseline to process queries and define sub-views. In HyXAC, views are not defined in a per-role basis, instead, a sub-view is defined for each access control rule, and roles with identical rules would share the sub-view. Moreover, HyXAC dynamically allocates the available resources (memory and secondary storage) to materialize and cache sub-views to improve query performance. With intensive experiments, we have shown that HyXAC optimizes the usage of system resource, and improves the performance of query processing.

References

[1]

A. Balmin, F. Özcan, K. S. Beyer, R. J. Cochrane, and H. Pirahesh. A framework for using materialized xpath views in xml query processing. In VLDB, pages 60--71. VLDB Endowment, 2004.

Digital Library

[2]

A. Berglund, S. Boag, D. Chamberlin, M. F. Fernádez, M. Kay, J. Robie, and J. Simeon. "XML Path Language (XPath) 2.0". W3C Working Draft, Nov. 2003.sf http://www.w3.org/TR/xpath20.

[3]

E. Bertino, S. Castano, and E. Ferrari. Securing xml documents with author-x. IEEE Internet Computing, 5(3):21--31, 2001.

Digital Library

[4]

E. Bertino, S. Castano, E. Ferrari, and M. Mesiti. Specifying and enforcing access control policies for XML document sources. World Wide Web, 3(3):139--151, 2000.

Digital Library

[5]

E. Bertino and E. Ferrari. Secure and selective dissemination of XML documents. ACM Trans. Inf. Syst. Secur., 5(3):290--331, 2002.

Digital Library

[6]

S. Boag, D. Chamberlin, M. F. Fernádez, D. Florescu, J. Robie, and J. Simeon. "XQuery 1.0: An XML Query Language". W3C Working Draft, Nov. 2003.sf http://www.w3.org/TR/xquery.

[7]

L. Bouganim, F. D. Ngoc, and P. Pucheral. "Client-Based Access Control Management for XML Documents". In VLDB, Toronto, Canada, 2004.

Digital Library

[8]

T. Bray, J. Paoli, C. M. Sperberg-McQueen, E. Maler, F. Yergeau, and J. Cowan. XML 1.1 (Second Edition). W3C Recommendation, Aug. 2006. http://www.w3.org/TR/2006/REC-xml11--20060816/.

[9]

D. Cattrysse and L. Van Wassenhove. A survey of algorithms for the generalized assignment problem. European Journal of Operational Research, 60(3):260--272, 1992.

[10]

S. Cho, S. Amer-Yahia, L. V. Lakshmanan, and D. Srivastava. "Optimizing the Secure Evaluation of Twig Queries". In VLDB, Aug. 2002.

Digital Library

[11]

E. Damiani, S. De Capitani di Vimercati, S. Paraboschi, and P. Samarati. "A Fine-Grained Access Control System for XML Documents". ACM Trans. on Information and System Security (TISSEC), 5(2):169--202, May 2002.

Digital Library

[12]

W. Fan, C.-Y. Chan, and M. Garofalakis. Secure xml querying with security views. In SIGMOD, pages 587--598, 2004.

Digital Library

[13]

M. Fernandez and J. Simeon. Galax, 2009.sf http://galax.sourceforge.net/.

[14]

J. Foster, B. Pierce, and S. Zdancewic. Updatable security views. In Computer Security Foundations Symposium, 2009. CSF '09. 22nd IEEE, pages 60 --74, july 2009.

Digital Library

[15]

M. Jiang and A. W.-C. Fu. Integration and efficient lookup of compressed xml accessibility maps. IEEE Transactions on Knowledge and Data Engineering, 17(7):939--953, 2005.

Digital Library

[16]

H. Kellerer and U. Pferschy. A new fully polynomial time approximation scheme for the knapsack problem. Journal of Combinatorial Optimization, 3:59--71, 1999.

[17]

H. Kellerer, U. Pferschy, and D. Pisinger. Knapsack problems. Springer, 2004.

[18]

M. Kudo and S. Hada. Xml document security based on provisional authorization. In ACM CCS, pages 87--96, 2000.

Digital Library

[19]

G. Kuper, F. Massacci, and N. Rassadko. Generalized xml security views. In SACMAT, pages 77--84, 2005.

Digital Library

[20]

F. Li, B. Luo, P. Liu, D. Lee, and C.-H. Chu. Automaton segmentation: a new approach to preserve privacy in xml information brokering. In CCS '07: Proceedings of the 14th ACM conference on Computer and communications security, pages 508--518, 2007.

Digital Library

[21]

F. Li, B. Luo, P. Liu, D. Lee, P. Mitra, W.-C. Lee, and C.-H. Chu. In-broker access control: Towards efficient end-to-end performance of information brokerage systems. In IEEE SUTC'06, pages 252--259, 2006.

Digital Library

[22]

B. Luo, D. Lee, W.-C. Lee, and P. Liu. "A Flexible Framework for Architecting XML Access Control Enforcement Mechanisms". In VLDB Workshop on Secure Data Management in a Connected World (SDM), Toronto, Canada, Aug. 2004.

[23]

B. Luo, D. Lee, W.-C. Lee, and P. Liu. "QFilter: Fine-Grained Run-Time XML Access Control via NFA-based Query Rewriting". In ACM CIKM' 2004, Washington D.C., USA, Nov. 2004.

Digital Library

[24]

B. Luo, D. Lee, W.-C. Lee, and P. Liu. Qfilter: Rewriting insecure xml queries to secure ones using non-deterministic finite automata. The VLDB Journal, 20(3), 2011.

Digital Library

[25]

M. Magazine and O. Oguz. A fully polynomial approximation algorithm for the 0_1 knapsack problem. European Journal of Operational Research, 8(3):270 -- 273, 1981.

[26]

S. Mohan, A. Sengupta, and Y. Wu. Access control for xml: a dynamic query rewriting approach. In ACM CIKM, pages 251--252, 2005.

Digital Library

[27]

M. Murata, A. Tozawa, M. Kudo, and S. Hada. Xml access control using static analysis. In ACM CCS, pages 73--84, 2003.

Digital Library

[28]

M. Murata, A. Tozawa, M. Kudo, and S. Hada. Xml access control using static analysis. ACM Trans. Inf. Syst. Secur., 9(3):292--324, 2006.

Digital Library

[29]

N. Qi and M. Kudo. Access-condition-table-driven access control for xml databases. In P. Samarati, P. Y. A. Ryan, D. Gollmann, and R. Molva, editors, ESORICS, volume 3193 of Lecture Notes in Computer Science, pages 17--32. Springer, 2004.

[30]

N. Qi and M. Kudo. Xml access control with policy matching tree. In ESORICS 2005, 10th European Symposium on Research in Computer Security, pages 3--23, 2005.

Digital Library

[31]

N. Qi, M. Kudo, J. Myllymaki, and H. Pirahesh. A function-based access control model for xml databases. In ACM CIKM, pages 115--122, 2005.

Digital Library

[32]

G. Ross and R. Soland. A branch and bound algorithm for the generalized assignment problem. Mathematical programming, 8(1):91--103, 1975.

Digital Library

[33]

R. Sandhu and P. Samarati. Access control: principle and practice. Communications Magazine, IEEE, 32(9):40 --48, sept. 1994.

Digital Library

[34]

R. S. Sandhu, E. J. Coyne, H. L. Feinstein, and C. E. Youman. Role-based access control models. IEEE Computer, 29(2):38--47, 1996.

Digital Library

[35]

A. R. Schmidt, F. Waas, M. L. Kersten, D. Florescu, I. Manolescu, M. J. Carey, and R. Busse. "The XML Benchmark Project". Technical Report INS-R0103, CWI, April 2001.

Digital Library

[36]

D. Shmoys and É. Tardos. An approximation algorithm for the generalized assignment problem. Mathematical Programming, 62(1):461--474, 1993.

Digital Library

[37]

A. Stoica and C. Farkas. Secure xml views. In E. Gudes and S. Shenoi, editors, DBSec, volume 256 of IFIP Conference Proceedings, pages 133--146. Kluwer, 2002.

[38]

X. Wu, D. Theodoratos, and W. H. Wang. Answering xml queries using materialized views revisited. In Proceedings of the 18th ACM conference on Information and knowledge management, CIKM '09, pages 475--484, 2009.

Digital Library

[39]

T. Yu, D. Srivastava, L. V. S. Lakshmanan, and H. V. Jagadish. Compressed accessibility map: Efficient access control for XML. In VLDB, pages 478--489, China, 2002.

Digital Library

[40]

H. Zhang, N. Zhang, K. Salem, and D. Zhuo. Compact access control labeling for efficient secure xml query evaluation. Data Knowl. Eng., 60(2):326--344, 2007.

Digital Library

Cited By

Montrieux LHu ZWeippl EKerschbaum FLee A(2015)Towards Attribute-Based Authorisation for Bidirectional ProgrammingProceedings of the 20th ACM Symposium on Access Control Models and Technologies10.1145/2752952.2752963(185-196)Online publication date: 1-Jun-2015
https://dl.acm.org/doi/10.1145/2752952.2752963
Thimma MLiu FLin JLuo B(2015)HyXAC: Hybrid XML Access Control Integrating View-Based and Query-Rewriting ApproachesIEEE Transactions on Knowledge and Data Engineering10.1109/TKDE.2015.240736627:8(2190-2202)Online publication date: 1-Aug-2015
https://doi.org/10.1109/TKDE.2015.2407366
Chen LEdwards PNelson JNorman T(2015)An access control model for protecting provenance graphs2015 13th Annual Conference on Privacy, Security and Trust (PST)10.1109/PST.2015.7232963(125-132)Online publication date: Jul-2015
https://doi.org/10.1109/PST.2015.7232963
Show More Cited By

Index Terms

HyXAC: a hybrid approach for XML access control
1. Information systems
  1. Data management systems
    1. Database administration

Recommendations

HyXAC: Hybrid XML Access Control Integrating View-Based and Query-Rewriting Approaches
With the increasing usage of XML on information sharing over the Internet, a mechanism for defining and enforcing XML access control is demanded, such that only authorized entities can access the sets of XML data that they are allowed to. The research ...
Filtering XPath expressions for XML access control

XPath is a standard for specifying parts of XML documents and a suitable language for both query processing and access control of XML. In this paper, we use the XPath expression for representing user queries and access control for XML. And we propose an ...
Design of access control system for telemedicine secure XML documents

XML can supply the standard data type in information exchange format on a lot of data generated in running database or applied programs for a company by using the advantage that it can describe meaningful information directly. Accordingly since there ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

SACMAT '13: Proceedings of the 18th ACM symposium on Access control models and technologies

June 2013

278 pages

ISBN:9781450319508

DOI:10.1145/2462410

General Chair:
Mauro Conti
University of Padua, Italy
,
Program Chairs:
Jaideep Vaidya
Rutgers University, USA
,
Andreas Schaad
SAP AG, Germany

Copyright © 2013 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 12 June 2013

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

SACMAT '13

Sponsor:

SIGSAC

SACMAT '13: 18th ACM Symposium on Access Control Models and Technologies

June 12 - 14, 2013

Amsterdam, The Netherlands

Acceptance Rates

SACMAT '13 Paper Acceptance Rate 19 of 62 submissions, 31%;

Overall Acceptance Rate 177 of 597 submissions, 30%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

5
Total Citations
View Citations
203
Total Downloads

Downloads (Last 12 months)1
Downloads (Last 6 weeks)0

Reflects downloads up to 15 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Montrieux LHu ZWeippl EKerschbaum FLee A(2015)Towards Attribute-Based Authorisation for Bidirectional ProgrammingProceedings of the 20th ACM Symposium on Access Control Models and Technologies10.1145/2752952.2752963(185-196)Online publication date: 1-Jun-2015
https://dl.acm.org/doi/10.1145/2752952.2752963
Thimma MLiu FLin JLuo B(2015)HyXAC: Hybrid XML Access Control Integrating View-Based and Query-Rewriting ApproachesIEEE Transactions on Knowledge and Data Engineering10.1109/TKDE.2015.240736627:8(2190-2202)Online publication date: 1-Aug-2015
https://doi.org/10.1109/TKDE.2015.2407366
Chen LEdwards PNelson JNorman T(2015)An access control model for protecting provenance graphs2015 13th Annual Conference on Privacy, Security and Trust (PST)10.1109/PST.2015.7232963(125-132)Online publication date: Jul-2015
https://doi.org/10.1109/PST.2015.7232963
Mahfoud HImine A(2015)Efficient Querying of XML Data Through Arbitrary Security ViewsTransactions on Large-Scale Data- and Knowledge-Centered Systems XXII - Volume 943010.1007/978-3-662-48567-5_3(75-114)Online publication date: 1-Jul-2015
https://dl.acm.org/doi/10.1007/978-3-662-48567-5_3
Zhu YZhu H(2013)Formal verification of mandatory access control for privacy cloudProceedings of 2013 3rd International Conference on Computer Science and Network Technology10.1109/ICCSNT.2013.6967116(297-300)Online publication date: Oct-2013
https://doi.org/10.1109/ICCSNT.2013.6967116

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents