Toward a multilevel secure relational data model
SIGMOD '91 Proceedings of the 1991 ACM SIGMOD international conference on Management of data
Formal query languages for secure relational databases
ACM Transactions on Database Systems (TODS)
A unified framework for enforcing multiple access control policies
SIGMOD '97 Proceedings of the 1997 ACM SIGMOD international conference on Management of data
The multilevel relational (MLR) data model
ACM Transactions on Information and System Security (TISSEC)
Storing semistructured data with STORED
SIGMOD '99 Proceedings of the 1999 ACM SIGMOD international conference on Management of data
An authorization mechanism for a relational database system
ACM Transactions on Database Systems (TODS)
Design and implementation of an access control processor for XML documents
Proceedings of the 9th international World Wide Web conference on Computer networks : the international journal of computer and telecommunications netowrking
XML document security based on provisional authorization
Proceedings of the 7th ACM conference on Computer and communications security
XRel: a path-based approach to storage and retrieval of XML documents using relational databases
ACM Transactions on Internet Technology (TOIT)
Flexible support for multiple access control policies
ACM Transactions on Database Systems (TODS)
A fine-grained access control system for XML documents
ACM Transactions on Information and System Security (TISSEC)
Secure and selective dissemination of XML documents
ACM Transactions on Information and System Security (TISSEC)
Securing XML Documents with Author-X
IEEE Internet Computing
A Model for Evaluation and Administration of Security in Object-Oriented Databases
IEEE Transactions on Knowledge and Data Engineering
An Authorization Model for a Distributed Hypertext System
IEEE Transactions on Knowledge and Data Engineering
EDBT '00 Proceedings of the 7th International Conference on Extending Database Technology: Advances in Database Technology
Relational Databases for Querying XML Documents: Limitations and Opportunities
VLDB '99 Proceedings of the 25th International Conference on Very Large Data Bases
Regulating access to XML documents
Das'01 Proceedings of the fifteenth annual working conference on Database and application security
The XML benchmark project
XML access control using static analysis
Proceedings of the 10th ACM conference on Computer and communications security
Specifying access control policies for XML documents with XPath
Proceedings of the ninth ACM symposium on Access control models and technologies
A role-based approach to access control for XML databases
Proceedings of the ninth ACM symposium on Access control models and technologies
Secure XML querying with security views
SIGMOD '04 Proceedings of the 2004 ACM SIGMOD international conference on Management of data
QFilter: fine-grained run-time XML access control via NFA-based query rewriting
Proceedings of the thirteenth ACM international conference on Information and knowledge management
What makes the differences: benchmarking XML database implementations
ACM Transactions on Internet Technology (TOIT)
Generalized XML security views
Proceedings of the tenth ACM symposium on Access control models and technologies
DB2/XML: designing for evolution
Proceedings of the 2005 ACM SIGMOD international conference on Management of data
Towards an enterprise XML architecture
Proceedings of the 2005 ACM SIGMOD international conference on Management of data
XML and relational database management systems: inside Microsoft® SQL Server™ 2005
Proceedings of the 2005 ACM SIGMOD international conference on Management of data
Integration and Efficient Lookup of Compressed XML Accessibility Maps
IEEE Transactions on Knowledge and Data Engineering
Designing information-preserving mapping schemes for XML
VLDB '05 Proceedings of the 31st international conference on Very large data bases
Native XML support in DB2 universal database
VLDB '05 Proceedings of the 31st international conference on Very large data bases
Securing XML data in third-party distribution systems
Proceedings of the 14th ACM international conference on Information and knowledge management
The case for access control on XML relationships
Proceedings of the 14th ACM international conference on Information and knowledge management
A function-based access control model for XML databases
Proceedings of the 14th ACM international conference on Information and knowledge management
Access control for XML: a dynamic query rewriting approach
Proceedings of the 14th ACM international conference on Information and knowledge management
IPAC: an interactive approach to access control for semi-structured data
VLDB '06 Proceedings of the 32nd international conference on Very large data bases
XML access control using static analysis
ACM Transactions on Information and System Security (TISSEC)
Compressed accessibility map: efficient access control for XML
VLDB '02 Proceedings of the 28th international conference on Very Large Data Bases
Optimizing the secure evaluation of twig queries
VLDB '02 Proceedings of the 28th international conference on Very Large Data Bases
Client-based access control management for XML documents
VLDB '04 Proceedings of the Thirtieth international conference on Very large data bases - Volume 30
Constraints-preserving transformation from XML document type deffinition to relational schema
ER'00 Proceedings of the 19th international conference on Conceptual modeling
Security-conscious XML indexing
DASFAA'07 Proceedings of the 12th international conference on Database systems for advanced applications
XML access control with policy matching tree
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
QFilter: rewriting insecure XML queries to secure ones using non-deterministic finite automata
The VLDB Journal — The International Journal on Very Large Data Bases
An efficient access control model for schema-based relational storage of XML documents
Proceedings of the 49th Annual Southeast Regional Conference
Storing XML rules in relational storage of XML DTD
Proceedings of the Second International Conference on Computational Science, Engineering and Information Technology
| Hi-index | 0.00 |
As the XML model gets more popular, new needs arise to specify access control within XML model. Various XML access control models and enforcement methods have been proposed recently. However, by and large, these approaches either assume the support of security features from XML databases or use proprietary tools outside of databases. Since there are currently few commercial XML databases with such capabilities, the proposed approaches are not yet practical. Therefore, we explore the problem of "Is is possible to fully support XML access control in RDBMS?" We formalize XML and relational access control models using deep set operators. Then we show that the problem of XML AC atop RDBMS is amount to the problem of converting XML deep set operators into equivalent relational deep set operators. We show the conversion algebra and identify the properties to ensure the correct conversion. Finally, we present three practical implementations of XML access controls using off-the-shelf RDBMS and their performance results.