A model of authorization for next-generation database systems
ACM Transactions on Database Systems (TODS)
Role-Based Access Control Models
Computer
Design and implementation of an access control processor for XML documents
Proceedings of the 9th international World Wide Web conference on Computer networks : the international journal of computer and telecommunications netowrking
XML document security based on provisional authorization
Proceedings of the 7th ACM conference on Computer and communications security
A fine-grained access control system for XML documents
ACM Transactions on Information and System Security (TISSEC)
Secure and selective dissemination of XML documents
ACM Transactions on Information and System Security (TISSEC)
Securing XML Documents with Author-X
IEEE Internet Computing
A Model for Evaluation and Administration of Security in Object-Oriented Databases
IEEE Transactions on Knowledge and Data Engineering
EDBT '00 Proceedings of the 7th International Conference on Extending Database Technology: Advances in Database Technology
Regulating access to XML documents
Das'01 Proceedings of the fifteenth annual working conference on Database and application security
The XML benchmark project
XML access control using static analysis
Proceedings of the 10th ACM conference on Computer and communications security
Specifying access control policies for XML documents with XPath
Proceedings of the ninth ACM symposium on Access control models and technologies
Secure XML querying with security views
SIGMOD '04 Proceedings of the 2004 ACM SIGMOD international conference on Management of data
QFilter: fine-grained run-time XML access control via NFA-based query rewriting
Proceedings of the thirteenth ACM international conference on Information and knowledge management
Generalized XML security views
Proceedings of the tenth ACM symposium on Access control models and technologies
Integration and Efficient Lookup of Compressed XML Accessibility Maps
IEEE Transactions on Knowledge and Data Engineering
The case for access control on XML relationships
Proceedings of the 14th ACM international conference on Information and knowledge management
A function-based access control model for XML databases
Proceedings of the 14th ACM international conference on Information and knowledge management
Access control for XML: a dynamic query rewriting approach
Proceedings of the 14th ACM international conference on Information and knowledge management
An access control model for querying XML data
Proceedings of the 2005 workshop on Secure web services
An authorization model for XML databases
SWS '04 Proceedings of the 2004 workshop on Secure web service
ACXESS - Access Control for XML with Enhanced Security Specifications
ICDE '06 Proceedings of the 22nd International Conference on Data Engineering
In-broker Access Control: Towards Efficient End-to-End Performance of Information Brokerage Systems
SUTC '06 Proceedings of the IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing -Vol 1 (SUTC'06) - Volume 01
XML access control using static analysis
ACM Transactions on Information and System Security (TISSEC)
ACM Transactions on Information and System Security (TISSEC)
Compact access control labeling for efficient secure XML query evaluation
Data & Knowledge Engineering
Incremental adaptation of XPath access control views
ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
The dynamic predicate: integrating access control with query processing in XML databases
The VLDB Journal — The International Journal on Very Large Data Bases
Formalizing XML access control for update operations
Proceedings of the 12th ACM symposium on Access control models and technologies
Compressed accessibility map: efficient access control for XML
VLDB '02 Proceedings of the 28th international conference on Very Large Data Bases
Optimizing the secure evaluation of twig queries
VLDB '02 Proceedings of the 28th international conference on Very Large Data Bases
Client-based access control management for XML documents
VLDB '04 Proceedings of the Thirtieth international conference on Very large data bases - Volume 30
ACCOn: checking consistency of XML write-access control policies
EDBT '08 Proceedings of the 11th international conference on Extending database technology: Advances in database technology
A general approach to securely querying XML
Computer Standards & Interfaces
Introduction to Automata Theory, Languages, and Computation
Introduction to Automata Theory, Languages, and Computation
Generalized XML security views
International Journal of Information Security
KES'07/WIRN'07 Proceedings of the 11th international conference, KES 2007 and XVII Italian workshop on neural networks conference on Knowledge-based intelligent information and engineering systems: Part III
Security-conscious XML indexing
DASFAA'07 Proceedings of the 12th international conference on Database systems for advanced applications
XML access control with policy matching tree
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
Protection of relationships in XML documents with the XML-BB model
ICISS'05 Proceedings of the First international conference on Information Systems Security
Pragmatic XML access control using off-the-shelf RDBMS
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Consistency and repair for XML write-access control policies
The VLDB Journal — The International Journal on Very Large Data Bases
HyXAC: a hybrid approach for XML access control
Proceedings of the 18th ACM symposium on Access control models and technologies
SVMAX: a system for secure and valid manipulation of XML data
Proceedings of the 17th International Database Engineering & Applications Symposium
Hi-index | 0.00 |
In this paper, we ask whether XML access control can be supported when underlying (XML or relational) storage system does not provide adequate security features and propose three alternative solutions --primitive, pre-processing, and post-processing. Toward that scenario, in particular, we advocate a scalable and effective pre-processing approach, called QFilter. QFilter is based on non-deterministic finite automata (NFA) and rewrites user's queries such that parts violating access control rules are pre-pruned. Through analysis and experimental validation, we show that (1) QFilter guarantees that only permissible portion of data is returned to the authorized users, (2) such access controls can be efficiently enforced without relying on security features of underlying storage system, and (3) such independency makes QFilter capable of many emerging applications, such as in-network access control and access control outsourcing.