Abstract
In this paper, we first define a logical theory representing an XML database supporting XPath as query language and XUpdate as modification language. We then extend our theory with predicates allowing us to specify the security policy protecting the database. The security policy includes rules addressing the read and write privileges. We propose axioms to derive the database view each user is permitted to see. We also propose axioms to derive the new database content after an update.
This work was supported by funding from the French ministry for research under “ACI Sécurité Informatique 2003-2006. Projet CASC".
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Bertino, E., Castano, S., Ferrari, E., Mesiti, M.: Specifying and Enforcing Access Control Policies for XML Document Sources. World Wide Web Journal 3(3) (2000)
Bray, T., et al.: Extensible Markup Language (XML) 1.0. World Wide Web Consortium (W3C) (October 2000), http://www.w3c.org/TR/REC-xml
Bruno, E., Le Maitre, J., Murisasco, E.: Extending XQuery with Transformation Operators. In: Proceedings of the 2003 ACM Symposium on Document Engineering (DocEng 2003), November 20-22, pp. 1–8. ACM Press, Grenoble (2003) [Réf. F75]
Clark, J., De Rose, S.: XML Path Language (XPath) Version 1.0. In: World Wide Web Consortium (W3C), November 1999 (1999), http://www.w3c.org/TR/xpath
Clark, J.: XSL Transformations (XSLT) Version 1.0. In: World Wide Web Consortium (W3C) (November 1999), http://www.w3c.org/TR/xslt
Cohen, E., Kaplan, H., Milo, T.: Labelling dynamic XML trees. In: Proceedings of PODS 2002 (2002)
Damiani, E., De di Capitani Vimercati, S., Paraboschi, S., Samarati, P.: Securing XML Documents. In: Zaniolo, C., Grust, T., Scholl, M.H., Lockemann, P.C. (eds.) EDBT 2000. LNCS, vol. 1777, p. 121. Springer, Heidelberg (2000)
Duong, M., Zhang, Y.: LSDX: A New Labelling Scheme for Dynamically Updating XML Data. In: proc of ACSW 2005 – 16th Australasian Database Conference, Newcastle, Australia (2005)
Fundulaki, I., Marx, M.: Specifying Acces Control Policies for XML Documents with XPath. In: ACM Symp. on Access Control Models and Technologies, SACMAT (2004)
Gabillon, A.: An Authorization model for XML databases. In: Proc. of the 11th ACM Conference on Computer Security (Workshop Secure Web Services), Fairfax, VA, USA, October 2004, George Mason University (2004)
Gabillon, A., Bruno, E.: Regulating Access to XML documents. In: Fifteenth Annual IFIP WG 11.3 Working Conference on Database Security, Niagara on the Lake, Ontario, Canada, July 15-18 (2001)
Gabillon, A., Fansi, M.: A Persistent Labelling Scheme for XML and tree Database. In: Submitted to the IEEE International Conference on Signal-Image Technology & Internet- Based Systems (2005)
Kudo, M., Hada, S.: XML Document Security based on Provisional Authorisation. In: Proceedings of the 7th ACM conference on Computer and communications security, Athens, Greece (November 2000)
Lim, C., Park, S., Son, S.H.: Access Control of XML Documents considering Update Operations. In: ACM Workshop on XML Security, Fairfax, VA (October 2003)
Martin, A.L., et al.: XML Update (XUpdate) language. XML:DB working draft September 14 (2000), http://www.xmldb.org/xupdate
Reiter, R.: Toward a logical reconstruction of relational database theory. In: On Conceptual Modelling: Perspectives from Artificial Intelligence, Databases and Programming Languages. Springer, Heidelberg (1983)
Sandhu, R.: Role-Based Access Control. Advances in Computers, vol. 48. Academic Press, London (1998)
Stoica, A., Farkas, C.: Secure XML Views. In: Proc. 16th IFIP WG11.3 Working Conference on Database and Application Security (2002)
Sandhu, R., Jajodia, S.: Polyinstantiation for cover stories. In: Deswarte, Y., Quisquater, J.-J., Eizenberg, G. (eds.) ESORICS 1992. LNCS, vol. 648. Springer, Heidelberg (1992)
Sur, G.M., Hammer, J., Simeon, J.: UpdateX - An XQuery-Based Language for Processing Updates in XML. In: International Workshop on Programming Language Technologies for XML (PLAN-X 2004), Venice, Italy (January 2004)
Tatarinov, I., Viglas, S., Beyer, K., Shanmugasundaram, J., Shekita, E., Zhang: Storing and Querying Ordered XML Using a Relational Database System. In: Proceedings of SIGMOD (2002)
Tatarinov, I., Yves, Z.G., Halevy, A.Y., Weld, D.S.: Updating XML. In: ACM SIGMOD 2001, Santa Barbara, California, USA, May 21-24 (2001)
Apache software foundation. Xindice, http://xml.apache.org/xindice
Yu, X.J., Luo, D., Meng, X., Lu, H.: Dynamically Updating XML Data: Numbering Scheme Revisited. In: World Wide Web: Internet and Web Information System, vol. 7 (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Gabillon, A. (2005). A Formal Access Control Model for XML Databases. In: Jonker, W., Petković, M. (eds) Secure Data Management. SDM 2005. Lecture Notes in Computer Science, vol 3674. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11552338_7
Download citation
DOI: https://doi.org/10.1007/11552338_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-28798-8
Online ISBN: 978-3-540-31974-0
eBook Packages: Computer ScienceComputer Science (R0)