Indiana University Bloomington

School of Informatics and Computing

Technical Report TR633:
A Framework for Access Control for XML

Sriram Mohan(srmohan), Arijit Sengupta(asengupt) and Yuqing Wu(yuqwu)
(Jul 2006), 40
[Expected to be published at: ACM Transactions on System and Information Security]
XML is gaining predominance as the standard for data representation and exchange. Access control for XML data is nontrivial as witnessed from the number of access control models presented in literature. Existing models provide the ability to extend access control to data as well as structure and enforce the specified access control via view materialization. However, view materialization based approaches suffer from update issues and maintaining such views may not be realistic. In this context, We introduce ACXESS(Access Control for XML with Enhanced Security Specifications), a framework for formalizing, presenting and enforcing security constraints for XML documents. Through ACXESS, we present SSX - an algebraic view specification language that provides an effective way to capture all the tree transformations achieved by existing access control models using a set of atomic primitives. We choose not to materialize the security views and introduce a notion of virtual security views that enforce the access constraints via query rewrites. A Security Annotated Schema(SAS) is proposed as the internal representation for virtual views expressed using SSX and the virtual security view exposed to the user can be automatically constructed from the SAS. Finally, we propose a rule based rewrite algorithm (SQR) that rewrites user XPath queries on the security view into equivalent XQuery expressions that can be evaluated against the original data, with the guarantee that the users only see information in the security view. Experimental evaluation and theoretical proofs demonstrate the capability of SSX in representing the access constraints expressible in existing access control models and also demonstrate the use of SAS and the SQR rewrite algorithm in enforcing the access constraints without view materialization.

Available as: