access control on xml data by narges fazelidoust & maryam masoudian professor : dr. jalili fall...
TRANSCRIPT
Access Control on XML Data
By Narges Fazelidoust & Maryam Masoudian
Professor : Dr. Jalili
Fall 1393
Outline
• Introduction
• XML Database
• Access Control Models
• Query Rewriting
• Conclusion
1/9
Introduction
• Rapid growth of the WWW
• Increasing amount of data
• Self-describing format
• Solution:
XML
2/9
Introduction XML Database
Protecting XML Data Access Control Models Query
Rewriting Conclusion
Introduction 3/9
Introduction XML Database
Protecting XML Data Access Control Models Query
Rewriting Conclusion
XML Database
• XML-enabled databases (XED)
• native XML databases (NXD)
4/9
Unacceptable Performance
MySQL and PostgreSQL BaseX, Sedna, eXist-db
Hybrid XML Database (IBM DB2 and Oracle)
Introduction XML Database
Protecting XML Data Access Control Models Query
Rewriting Conclusion
Protecting XML Data
•GOALread query
returns only data allowed to access
update query
makes changes only data allowed to update
5/9
Introduction XML Database
Protecting XML Data Access Control Models Query
Rewriting Conclusion
Protecting XML Data
• security approaches of relational databases be easily adapted for XML databases
6/9
1. Schema less
2. Node relationship
3. Hierarchical structure
cannot
Introduction XML Database
Protecting XML Data Access Control Models Query
Rewriting Conclusion
Access Control Models 7/9
Traditional Standard
efficient mannersto specify, enforce, and (possibly) exchange access rights
ACL, SAML, OAuth, XACL, XACML
Instance Based
XPathBased
Materialized View
VirtualView
Query Rewriting
Annotation & labeling
permission specifies the subjectis (not) allowed to execute the action on the object nodes
enforce policies during evaluation of users requestsaccess policy is defined as a set of XPath expressionsrequests are rewritten w.r.t the underlying access policies (email//author[name$=name],Read,+)
provide each group of users with a materialized view of all andonly accessible data live for a long time
scalable solution in huge data, animportant number of users, and dynamic policieslive only the time user connected
grants/denies access to the entire resourceannotation repeat for every user, every action a user takes, and each time the policy or the data are changed
lack of support for authorized users to access the data
when the XML data and/or access policies are changed,all users views should be changed
Virtual XML views are often provided in text or HTML formatQuery Answering?!
Introduction XML Database
Protecting XML Data Access Control Models Query
Rewriting Conclusion
Query Rewriting
• XML document T, schema D, security view S, virtual view Tv
8/9
Introduction XML Database
Protecting XML Data Access Control Models Query
Rewriting Conclusion
Query Rewriting
• rewriting algorithms
• query language used
• class of queries supported
• type of the schema considered
• type of the read-access policies
• The rewriting manner
9/9
Introduction XML Database
Protecting XML Data Access Control Models Query
Rewriting Conclusion
[1]. Oasis extensible access control markup language (xacml) tc. https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml. Version 3.0, January 3013.[2]. Maggie Duong and Yanchun Zhang. An integrated access control for securely querying and updating xml data. In Proceedings of the Nineteenth Australasian Database Conference (ADC), volume 75 of CRPIT, pages 7583. Australian Computer Society, 2008.[3]. Mahfoud, Houari. Contrôle d’Acces Efficace pour des Données XML: problemes d’interrogation et de mise-a-jour. Diss. Université de Lorraine, 2014.[4]. Irini Fundulaki and Sebastian Maneth. Formalizing xml access control for update operations. In SACMAT, pages 169174. ACM, 2007.[5]. Anisoara Nica. Incremental maintenance of materialized views with outerjoins. Inf. Syst., 37(5):430-442, 2012.[6]. Benoît Groz, Slawomir Staworko, Anne-Cécile Caron, Yves Roos, and Sophie Tison. Xml security views revisited. In Database Programming Languages - DBPL 2009,12th International Symposium, volume 5708 of Lecture Notes in Computer Science, pages 52-67. Springer, 2009.[7]. Manogna Thimma, Tsam Kai Tsui, and Bo Luo. Hyxac: a hybrid approach for xml access control. In 18th ACM Symposium on Access Control Models and Technologies (SACMAT). ACM, 2013.
Thanks
Thanks Introduction XML
Database Protecting XML Data Access Control Models Query
Rewriting Conclusion