A View Based Security Framework for XML Wenfei Fan, Irini Fundulaki, Floris Geerts, Xibei Jia, Anastasios Kementsietsidis University of Edinburgh Digital.

Slides:

Advertisements

Similar presentations

QUN NI 1, SHOUHUAI XU 2, ELISA BERTINO 1, RAVI SANDHU 2, AND WEILI HAN 3 1 PURDUE UNIVERSITY USA 2 UT SAN ANTONIO USA 3 FUDAN UNIVERSITY CHINA PRESENTED.

Advertisements

Senior Solutions Architect, MongoDB James Kerr Security Features Preview Field Level Access Control.

Bottom-up Evaluation of XPath Queries Stephanie H. Li Zhiping Zou.

Twig 2 Stack: Bottom-up Processing of Generalized-Tree-Pattern Queries over XML Documents Songting Chen, Hua-Gang Li *, Junichi Tatemura Wang-Pin Hsiung,

Efficient Keyword Search for Smallest LCAs in XML Database Yu Xu Department of Computer Science & Engineering University of California, San Diego Yannis.

CSE 6331 © Leonidas Fegaras XML and Relational Databases 1 XML and Relational Databases Leonidas Fegaras.

Fine Grained Access Control in XML DataBase Systems Naveen Yajamanam April 27,2006.

Provenance in Open Distributed Information Systems Syed Imran Jami PhD Candidate FAST-NU.

1 CS 561 Presentation: Indexing and Querying XML Data for Regular Path Expressions A Paper by Quanzhong Li and Bongki Moon Presented by Ming Li.

Paper by: A. Balmin, T. Eliaz, J. Hornibrook, L. Lim, G. M. Lohman, D. Simmen, M. Wang, C. Zhang Slides and Presentation By: Justin Weaver.

DYNAMIC ELEMENT RETRIEVAL IN A STRUCTURED ENVIRONMENT MAYURI UMRANIKAR.

1 Secure XML Querying with Security Views Wenfei Fan University of Edinburgh & Bell Laboratories Chee-Yong Chan National University of Singapore Minos.

1 Indexing and Querying XML Data for Regular Path Expressions A Paper by Quanzhong Li and Bongki Moon Presented by Amnon Shochot.

Architecture & Data Management of XML-Based Digital Video Library System Jacky C.K. Ma Michael R. Lyu.

Securing Web Services Using Semantic Web Technologies Brian Shields PhD Candidate, Department of Information Technology, National University of Ireland,

Distributed Collaborations Using Network Mobile Agents Anand Tripathi, Tanvir Ahmed, Vineet Kakani and Shremattie Jaman Department of computer science.

Integrated Hospital Management System. Integrated Hospital Management System software is user-friendly software. The main objectives of the system is.

ELECTRONIC MEDICAL RECORDS By Group 5 members: Kinal Patel David A. Ronca Tolulope Oke.

Indexing XML Data Stored in a Relational Database VLDB`2004 Shankar Pal, Istvan Cseri, Gideon Schaller, Oliver Seeliger, Leo Giakoumakis, Vasili Vasili.

Databases & Data Warehouses Chapter 3 Database Processing.

Module 17 Storing XML Data in SQL Server® 2008 R2.

1 © Talend 2014 XACML Authorization Training Slides 2014 Jan Bernhardt Zsolt Beothy-Elo

MAHI Research Database Project Status Report August 9, 2001.

NUITS: A Novel User Interface for Efficient Keyword Search over Databases The integration of DB and IR provides users with a wide range of high quality.

Information storage: Introduction of database 10/7/2004 Xiangming Mu.

Database Design for DNN Developers Sebastian Leupold.

Xpath Query Evaluation. Goal Evaluating an Xpath query against a given document – To find all matches We will also consider the use of types Complexity.

XPath Processor MQP Presentation April 15, 2003 Tammy Worthington Advisor: Elke Rundensteiner Computer Science Department Worcester Polytechnic Institute.

Context Tailoring the DBMS –To support particular applications Beyond alphanumerical data Beyond retrieve + process –To support particular hardware New.

Efficient Keyword Search over Virtual XML Views Feng Shao and Lin Guo and Chavdar Botev and Anand Bhaskar and Muthiah Chettiar and Fan Yang Cornell University.

Architecture-Based Runtime Software Evolution Peyman Oreizy, Nenad Medvidovic & Richard N. Taylor.

XML as a Boxwood Data Structure Feng Zhou, John MacCormick, Lidong Zhou, Nick Murphy, Chandu Thekkath 8/20/04.

The main mathematical concepts that are used in this research are presented in this section. Definition 1: XML tree is composed of many subtrees of different.

Stephen Booth EPCC Stephen Booth GridSafe Overview.

Querying Structured Text in an XML Database By Xuemei Luo.

1 CS 430 Database Theory Winter 2005 Lecture 17: Objects, XML, and DBMSs.

Document Management System for Healthcare Industry From Crystal Infosystems & Services.

XACML – The Standard Hal Lockhart, BEA Systems. What is XACML? n XML language for access control n Coarse or fine-grained n Extremely powerful evaluation.

The potential to bring huge benefits to Patients..

RRXS Redundancy reducing XML storage in relations O. MERT ERKUŞ A. ONUR DOĞUÇ

Multimodal User Interface with Natural Language Classification for Clinicians At Point of Care Health Informatics Showcase Peter Budd Sponsors: NCCH -

____________________________ XML Access Control for Semantically Related XML Documents & A Role-Based Approach to Access Control For XML Databases BY Asheesh.

Early Profile Pruning on XML-aware Publish- Subscribe Systems Mirella M. Moro, Petko Bakalov, Vassilis J. Tsotras University of California VLDB 2007 Presented.

XML and Database.

Building a Distributed Full-Text Index for the Web by Sergey Melnik, Sriram Raghavan, Beverly Yang and Hector Garcia-Molina from Stanford University Presented.

Streaming XPath Engine Oleg Slezberg Amruta Joshi.

Dr. Bhavani Thuraisingham September 2006 Building Trustworthy Semantic Webs Lecture #5 ] XML and XML Security.

Supporting Privacy Protection in Personalized Web Search.

Visualization Four groups Design pattern for information visualization

Dr. Bhavani Thuraisingham September 24, 2008 Building Trustworthy Semantic Webs Lecture #9: RDF and RDF Security.

1 How can CPR benefit from XML? By Patricio Cobar.

Harnessing the Cloud for Securely Outsourcing Large- Scale Systems of Linear Equations.

Introduction Because database applications today reside in a complicated environment, various standards have been developed for accessing database servers.

1 XACML for RBAC and CADABRA Constrained Delegation and Attribute-Based Role Assignment Brian Garback © Brian Garback 2005.

XML Extensible Markup Language

Context Aware RBAC Model For Wearable Devices And NoSQL Databases Amit Bansal Siddharth Pathak Vijendra Rana Vishal Shah Guided By: Dr. Csilla Farkas Associate.

Advanced Higher Computing Science The Project. Introduction Worth 60% of the total marks for the course Must include: An appropriate interface using input.

Medical Hypothesis Testing July 27, 2006 Bill Bushey Emily Jenkins.

Advanced Higher Computing Science

Normalized bubble chart for Data in the Instructor’s View

Building Trustworthy Semantic Webs

Open Source distributed document DB for an enterprise

Physical Database Design and Performance

XACML and the Cloud.

C.-S. Shieh, EC, KUAS, Taiwan

Ishan Sharma Abhishek Mittal Vivek Raj

OrientX: an Integrated, Schema-Based Native XML Database System

11/15/2018 Drug Side Effects Data Representation and Full Spectrum Inferencing using Knowledge Graphs in Intelligent Telehealth Presented on Student-Faculty.

Lecture #6: RDF and RDF Security Dr. Bhavani Thuraisingham

Magnet & /facet Zheng Liang

Presentation transcript:

A View Based Security Framework for XML Wenfei Fan, Irini Fundulaki, Floris Geerts, Xibei Jia, Anastasios Kementsietsidis University of Edinburgh Digital Curation Center

Introduction XML data management The importance is clearly demonstrated by the wide adoption of XML related technologies in eScience projects Selective exposure of information in XML a primary concern for data providers, curators and consumers. safeguard data confidentiality, privacy and intellectual property

Introduction --- Security View Security View: multiple user groups who wish to query the same XML document different access policies may be imposed, specifying the portions of the document the users are granted or denied access to. Security views are necessarily virtual it is prohibitively expensive to materialize and maintain a large number of views.

Example: a medical records XML database The security admin could see the whole db Hospital Patient Doctor Record Diagnosis Date Name Genetics Psychiatry Record Doctor Date Name Diagnosis Name Patient Name Record Doctor Date Diagnosis Name Patient Name 'David' 'Mary' 'Angela' 'Mark'' Bill Sex Doctor David can only access the records of his patients Patient Mary can access his own medical records

Insurers view An insurer can only read his customers' billing info

Researchers View a medical researcher could retrieve the diagnosis data for research purposes, but not the information on doctors or patients.

System Architecture XML document T View Derivation Security Specification S Query Rewriting Query Evaluation Query Optimization Security View V R for Role U R with XSD D R Query Q R on V R Query Q T on T D R... Security View V D for Role U D with XSD D D Security View V P for Role U P with XSD D P security spec. lang. L S used by admins. view spec. lang. L V transparent to users. view query lang. L QV used by users. doc query lang. L QR transparent to users. legend Indexer Query Editor Security Spec. Editor Result Viewer security admins researchers input module output module core module optional module virtual view XML schema XSD D for document T XML data flow other data flow XML database

Security Specification hospital -> patient* (hospital,patient) = [visit/treatment/medication = autism] patient -> pname, visit*, parent* (patient,pname) = N (patient,visit) = N parent -> patient visit -> treatment, date (visit, treatment) = [medication] treatment -> test + medication (treatment,test) = N

Security Specification Classify the nodes in the XML document accessible nodes inaccessible nodes conditional accessible nodes Support inheritance overriding content-based access privilege context-dependency View derivation module schema availability the availability of an XML schema that specifies the structure of accessible data is critical to the users who can then formulate queries only over this schema.

View Specification hospital -> patient* (hospital, patient) = patient[visit/treatment/medication = autism] patient -> treatment*, parent* (patient, treatment) = visit/treatment[medication] (patient, parent) = parent parent -> patient (parent, patient) = patient treatment -> medication (treatment, medication) = medication

Query Over the View Regular XPath Query a mild extension of XPath that supports the general Kleene closure (.)* instead of the limited recursion //. Why: XPath is not closed under query rewriting i.e. for an XPath query on a recursively defined view there may not exist an equivalent XPath query on the underlying document

Query Over the Document Regular XPath Query However, the size of the rewritten query Q T, if directly represented in Regualar XPath, may be exponential in the size of input query Q V. We overcome this challenge by employing an automaton characterization of Q T, denoted by MFA(mixed finite state automata), which is linear in the size of Q V. Query Rewriting Module

MFA: Internal Query Representation hospital/patient[(parent/patient)*/visit/treatment/test and visit/treatment[medication/text()=headache]]/pname

Query Evaluation: HyPE We propose a novel algorithm, HyPE (Hybrid Pass Evaluation), for processing Regular XPath queries represented by MFAs. A unique feature of HyPE is that it needs only a single top-down depth-first traversal of the XML tree, during which HyPE both evaluates predicates of the input query (equivalently, AFA's of the MFA) and identifies potential answer nodes (by evaluating the NFA of the MFA). previous systems require to traverse the XML document at least twice to evaluate XPath queries.

HyPE: Cans (candidate answers) The potential answer nodes are collected and stored in an auxiliary structure, referred to as Cans (candidate answers), which is often much smaller than the XML document tree. A pass over Cans is needed to retrieve the real result nodes.

HyPE

SMOQE: A Reference Implementation We have developed a reference implementation, called SMOQE(Secure MOdular Query Engine), for the security framework we proposed in this paper. It is implemented in Java. demonstrated in VLDB 2006

Conclusion A generic, flexible view based access control framework for protecting XML data and its implementation: SMOQE able to enforce fine-grained access policies according to the structure and values of the protected XML data schema availability view derivation efficient enforcement of security constraints during XML query evaluation Query rewriting Automaton based representation Evaluation using HyPE and optimization

Thank you!