The dynamic predicate: integrating access control with query processing in XML databases

Authors:
Jae-Gil Lee;Kyu-Young Whang;Wook-Shin Han;Il-Yeol Song
Affiliations:
Department of Computer Science and Advanced Information Technology Research Center (AITrc), Korea Advanced Institute of Science and Technology (KAIST), Daejeon, South Korea 305-701;Department of Computer Science and Advanced Information Technology Research Center (AITrc), Korea Advanced Institute of Science and Technology (KAIST), Daejeon, South Korea 305-701;Department of Computer Engineering, Kyungpook National University, Daegu, South Korea 702-701;College of Information Science and Technology, Drexel University, Philadelphia, USA 19104
Venue:
The VLDB Journal — The International Journal on Very Large Data Bases
Year:
2007

Citing 28
Cited 2

The buddy tree: an efficient and robust access method for spatial data base

Proceedings of the sixteenth international conference on Very large databases
A model of authorization for next-generation database systems

ACM Transactions on Database Systems (TODS)
Query evaluation techniques for large databases

ACM Computing Surveys (CSUR)
Multidimensional access methods

ACM Computing Surveys (CSUR)
Distance browsing in spatial databases

ACM Transactions on Database Systems (TODS)
The Quadtree and Related Hierarchical Data Structures

ACM Computing Surveys (CSUR)
A fine-grained access control system for XML documents

ACM Transactions on Information and System Security (TISSEC)
Holistic twig joins: optimal XML pattern matching

Proceedings of the 2002 ACM SIGMOD international conference on Management of data
Specifying and enforcing access control policies for XML document sources

World Wide Web
R-trees: a dynamic index structure for spatial searching

SIGMOD '84 Proceedings of the 1984 ACM SIGMOD international conference on Management of data
SP-GiST: An Extensible Database Index for Supporting Space Partitioning Trees

Journal of Intelligent Information Systems
Indexing and Querying XML Data for Regular Path Expressions

Proceedings of the 27th International Conference on Very Large Data Bases
The Multilevel Grid File - A Dynamic Hierarchical Multidimensional File Structure

Proceedings of the Second International Symposium on Database Systems for Advanced Applications
Structural Joins: A Primitive for Efficient XML Query Pattern Matching

ICDE '02 Proceedings of the 18th International Conference on Data Engineering
XML access control using static analysis

Proceedings of the 10th ACM conference on Computer and communications security
Containment and equivalence for a fragment of XPath

Journal of the ACM (JACM)
Building a large annotated corpus of English: the penn treebank

Computational Linguistics - Special issue on using large corpora: II
Specifying access control policies for XML documents with XPath

Proceedings of the ninth ACM symposium on Access control models and technologies
A compressed accessibility map for XML

ACM Transactions on Database Systems (TODS)
Secure XML querying with security views

SIGMOD '04 Proceedings of the 2004 ACM SIGMOD international conference on Management of data
QFilter: fine-grained run-time XML access control via NFA-based query rewriting

Proceedings of the thirteenth ACM international conference on Information and knowledge management
AC-XML documents: improving the performance of a web access control module

Proceedings of the tenth ACM symposium on Access control models and technologies
Hippocratic databases

VLDB '02 Proceedings of the 28th international conference on Very Large Data Bases
Efficient structural joins on indexed XML documents

VLDB '02 Proceedings of the 28th international conference on Very Large Data Bases
Optimizing the secure evaluation of twig queries

VLDB '02 Proceedings of the 28th international conference on Very Large Data Bases
XMark: a benchmark for XML data management

VLDB '02 Proceedings of the 28th international conference on Very Large Data Bases
Covering indexes for XML queries: bisimulation - simulation = negation

VLDB '03 Proceedings of the 29th international conference on Very large data bases - Volume 29
Vision paper: enabling privacy for the paranoids

VLDB '04 Proceedings of the Thirtieth international conference on Very large data bases - Volume 30

QFilter: rewriting insecure XML queries to secure ones using non-deterministic finite automata

The VLDB Journal — The International Journal on Very Large Data Bases
XML privacy protection model based on cloud storage

Computer Standards & Interfaces

Quantified Score

Hi-index	0.00

Visualization

Abstract

Recently, access control on XML data has become an important research topic. Previous research on access control mechanisms for XML data has focused on increasing the efficiency of access control itself, but has not addressed the issue of integrating access control with query processing. In this paper, we propose an efficient access control mechanism tightly integrated with query processing for XML databases. We present the novel concept of the dynamic predicate (DP), which represents a dynamically constructed condition during query execution. A DP is derived from instance-level authorizations and constrains accessibility of the elements. The DP allows us to effectively integrate authorization checking into the query plan so that unauthorized elements are excluded in the process of query execution. Experimental results show that the proposed access control mechanism improves query processing time significantly over the state-of-the-art access control mechanisms. We conclude that the DP is highly effective in efficiently checking instance-level authorizations in databases with hierarchical structures.