A model of authorization for next-generation database systems
ACM Transactions on Database Systems (TODS)
Specifying discretionary access control policy for distributed systems
Computer Communications - Special issue: Network management
Role-Based Access Control Models
Computer
Mandatory access control and role-based access control revisited
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
Design and implementation of an access control processor for XML documents
Proceedings of the 9th international World Wide Web conference on Computer networks : the international journal of computer and telecommunications netowrking
XML document security based on provisional authorization
Proceedings of the 7th ACM conference on Computer and communications security
A fine-grained access control system for XML documents
ACM Transactions on Information and System Security (TISSEC)
Containment and equivalence for an XPath fragment
Proceedings of the twenty-first ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems
Secure and selective dissemination of XML documents
ACM Transactions on Information and System Security (TISSEC)
A Model for Evaluation and Administration of Security in Object-Oriented Databases
IEEE Transactions on Knowledge and Data Engineering
An Authorization Model for a Distributed Hypertext System
IEEE Transactions on Knowledge and Data Engineering
The XML benchmark project
XML access control using static analysis
Proceedings of the 10th ACM conference on Computer and communications security
Extending query rewriting techniques for fine-grained access control
SIGMOD '04 Proceedings of the 2004 ACM SIGMOD international conference on Management of data
Compressed accessibility map: efficient access control for XML
VLDB '02 Proceedings of the 28th international conference on Very Large Data Bases
Optimizing the secure evaluation of twig queries
VLDB '02 Proceedings of the 28th international conference on Very Large Data Bases
Client-based access control management for XML documents
VLDB '04 Proceedings of the Thirtieth international conference on Very large data bases - Volume 30
AC-XML documents: improving the performance of a web access control module
Proceedings of the tenth ACM symposium on Access control models and technologies
Incremental adaptation of XPath access control views
ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
The dynamic predicate: integrating access control with query processing in XML databases
The VLDB Journal — The International Journal on Very Large Data Bases
Formalizing XML access control for update operations
Proceedings of the 12th ACM symposium on Access control models and technologies
Automaton segmentation: a new approach to preserve privacy in xml information brokering
Proceedings of the 14th ACM conference on Computer and communications security
A general approach to securely querying XML
Computer Standards & Interfaces
Efficient Secure Labeling Method under Dynamic XML Data Streams
IWSEC '08 Proceedings of the 3rd International Workshop on Security: Advances in Information and Computer Security
F3ildCrypt: End-to-End Protection of Sensitive Information in Web Services
ISC '09 Proceedings of the 12th International Conference on Information Security
Preserving SQL access control policies over published XML data
Proceedings of the 2009 EDBT/ICDT Workshops
Query rewriting algorithm evaluation for XML security views
SDM'07 Proceedings of the 4th VLDB conference on Secure data management
Access control policy translation and verification within heterogeneous data federations
Proceedings of the 15th ACM symposium on Access control models and technologies
Privacy-aware access control in XML databases
ADC '10 Proceedings of the Twenty-First Australasian Conference on Database Technologies - Volume 104
Light-weight access control scheme for XML data
KES'10 Proceedings of the 14th international conference on Knowledge-based and intelligent information and engineering systems: Part II
Privacy preserving event driven integration for interoperating social and health systems
SDM'10 Proceedings of the 7th VLDB conference on Secure data management
Information and Computation
Efficient access control labeling scheme for secure XML query processing
Computer Standards & Interfaces
QFilter: rewriting insecure XML queries to secure ones using non-deterministic finite automata
The VLDB Journal — The International Journal on Very Large Data Bases
ACM Transactions on Information and System Security (TISSEC)
Extracting global policies for efficient access control of XML documents
WISE'05 Proceedings of the 6th international conference on Web Information Systems Engineering
Two phase filtering for XML access control
SDM'06 Proceedings of the Third VLDB international conference on Secure Data Management
An efficient yet secure XML access control enforcement by safe and correct query modification
DEXA'06 Proceedings of the 17th international conference on Database and Expert Systems Applications
Secure XML querying based on authorization graphs
Information Systems Frontiers
Pragmatic XML access control using off-the-shelf RDBMS
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
HyXAC: a hybrid approach for XML access control
Proceedings of the 18th ACM symposium on Access control models and technologies
Hi-index | 0.00 |
At present, most of the state-of-the-art solutions for XML access controls are either (1) document-level access control techniques that are too limited to support fine-grained security enforcement; (2) view-based approaches that are often expensive to create and maintain; or (3) impractical proposals that require substantial security-related support from underlying XML databases. In this paper, we take a different approach that assumes no security support from underlying XML databases and examine three alternative fine-grained XML access control solutions, namely primitive, pre-processing and post-processing approaches. In particular, we advocate a pre-processing method called QFilter that uses Non-deterministic Finite Automata (NFA) to rewrite user's query such that any parts violating access control rules are pruned. We show the construction and execution of a QFilter and demonstrate its superiority to other competing methods.