Access Control on XML Data By Narges Fazelidoust & Maryam Masoudian Professor : Dr. Jalili Fall...

Access Control on XML Data

By Narges Fazelidoust & Maryam Masoudian

Professor : Dr. Jalili

Fall 1393

Outline

• Introduction

• XML Database

• Access Control Models

• Query Rewriting

• Conclusion

1/9

Introduction

• Rapid growth of the WWW

• Increasing amount of data

• Self-describing format

• Solution:

XML

2/9

Introduction XML Database

Protecting XML Data Access Control Models Query

Rewriting Conclusion

Introduction 3/9




XML Database

• XML-enabled databases (XED)

• native XML databases (NXD)

4/9

Unacceptable Performance

MySQL and PostgreSQL BaseX, Sedna, eXist-db

Hybrid XML Database (IBM DB2 and Oracle)




Protecting XML Data

•GOALread query

returns only data allowed to access

update query

makes changes only data allowed to update

5/9




Protecting XML Data

• security approaches of relational databases be easily adapted for XML databases

6/9

1. Schema less

2. Node relationship

3. Hierarchical structure

cannot




Access Control Models 7/9

Traditional Standard

efficient mannersto specify, enforce, and (possibly) exchange access rights

ACL, SAML, OAuth, XACL, XACML

Instance Based

XPathBased

Materialized View

VirtualView

Query Rewriting

Annotation & labeling

permission specifies the subjectis (not) allowed to execute the action on the object nodes

enforce policies during evaluation of users requestsaccess policy is defined as a set of XPath expressionsrequests are rewritten w.r.t the underlying access policies (email//author[name$=name],Read,+)

provide each group of users with a materialized view of all andonly accessible data live for a long time

scalable solution in huge data, animportant number of users, and dynamic policieslive only the time user connected

grants/denies access to the entire resourceannotation repeat for every user, every action a user takes, and each time the policy or the data are changed

lack of support for authorized users to access the data

when the XML data and/or access policies are changed,all users views should be changed

Virtual XML views are often provided in text or HTML formatQuery Answering?!




Query Rewriting

• XML document T, schema D, security view S, virtual view Tv

8/9




Query Rewriting

• rewriting algorithms

• query language used

• class of queries supported

• type of the schema considered

• type of the read-access policies

• The rewriting manner

9/9




[1]. Oasis extensible access control markup language (xacml) tc. https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml. Version 3.0, January 3013.[2]. Maggie Duong and Yanchun Zhang. An integrated access control for securely querying and updating xml data. In Proceedings of the Nineteenth Australasian Database Conference (ADC), volume 75 of CRPIT, pages 7583. Australian Computer Society, 2008.[3]. Mahfoud, Houari. Contrôle d’Acces Efficace pour des Données XML: problemes d’interrogation et de mise-a-jour. Diss. Université de Lorraine, 2014.[4]. Irini Fundulaki and Sebastian Maneth. Formalizing xml access control for update operations. In SACMAT, pages 169174. ACM, 2007.[5]. Anisoara Nica. Incremental maintenance of materialized views with outerjoins. Inf. Syst., 37(5):430-442, 2012.[6]. Benoît Groz, Slawomir Staworko, Anne-Cécile Caron, Yves Roos, and Sophie Tison. Xml security views revisited. In Database Programming Languages - DBPL 2009,12th International Symposium, volume 5708 of Lecture Notes in Computer Science, pages 52-67. Springer, 2009.[7]. Manogna Thimma, Tsam Kai Tsui, and Bo Luo. Hyxac: a hybrid approach for xml access control. In 18th ACM Symposium on Access Control Models and Technologies (SACMAT). ACM, 2013.

Thanks

Thanks Introduction XML

Database Protecting XML Data Access Control Models Query


Access Control on XML Data By Narges Fazelidoust & Maryam Masoudian Professor : Dr. Jalili Fall...

Documents

Transcript of Access Control on XML Data By Narges Fazelidoust & Maryam Masoudian Professor : Dr. Jalili Fall...