Presentation is loading. Please wait.

Presentation is loading. Please wait.

Fine Grained Access Control in XML DataBase Systems Naveen Yajamanam April 27,2006.

Published byDinah Fox Modified over 9 years ago

Similar presentations

Presentation on theme: "Fine Grained Access Control in XML DataBase Systems Naveen Yajamanam April 27,2006."— Presentation transcript:

1 Fine Grained Access Control in XML DataBase Systems Naveen Yajamanam April 27,2006

2 References QFilter:Fine-Grained Run-Time XML Access control via NFA-based Query rewriting Bo luo,D.Lee,Wang-chienLee,P.Lee XML Access control using static Analysis Murata,Tozawa,Kudo

3 Introduction XML has emerged as the language to exchange data over web. XML provides for fine granularity of information retrieval because the elements of an XML document can be retrieved by XML queries directly and independently. Fine granularity requires mechanisms to control the access at varying levels of the document. XML Access control ensures only authorised users can access only authorised portion of XML data.

4 Concrete view of XML

5 QFILTER

6 XML ACCESS CONTROL MECHANISMS

7 Different Evaluation Plans No access control Primitive Pre-processing Post-Processing

8 Primitive Approach

9 Primitive Approach (cont’d)

10 Post Processing Approach Intermediate answers are calculated as usual Then, ACR prunes out unsafe data. Suitable when ACR and data are stored separately in some distributed environment Can be implemented by XML data filtering package(YFilter)

11 Pre-Processing Approach Primitive Approach satisfies two goals Non-view based Independent on underlying XML engine But, rewritten-query Q’ is not the most efficient one

12 Pre-Processing-QFilter QFilter reads as input query Q,Acces control rules ACR,schema S,then returns a modified query Q’ as output: Q’=QFilter(Q,ACR,S) QFilter has three types of operations: 1.Accept:Q’=Q 2.Deny:Q’={ } 3.Rewrite

13 QFilter Construction QFilter captures ACR as NFA(Non- deterministic Finite Automata). Given Q,quickly determine if it is Accepted,Denied,Rewrited.

14 QFilter Construction consider following XPath expressions

15 State Transition Map

16 NFA

17 Q:/site/categories/NW/item

18 Q:/site/top//item

19 Q:/site/*/person/name

20 QFilter with predicate handling

21 Q:/site/regions/*/item[quantity]/name Q’:/site/regions/*/item[quantity] [description]/name

22 QFilter performance

23

24 Experimental results Efficient in terms of query execution time Scalable to the number of access control rules specified in the system.

25 STATIC ANALYSIS

26 INTRODUCTION Static Analysis is performed at compile time(when query expression is created rather than each time it is evaluated). Run-time checking is required only when static analysis is unable to grant or deny access requests without examining the actual databases. Key Idea: To use automata for representing and comparing queries, access control policies and schemas.

27 Introduction(conti…) Static Analysis has Two Phases: First Phase:-We create query automata access control automata,schema automata. Second phase:-We compare these Automata While applying the rules.

28 Introduction(cont’d) Schema :Schema is a description of permissible XML documents. A schema is a 5-tuple G=(N,∑E,,∑A,S,P) N is a finite set of non-terminals ∑E is a finite set of element names ∑A is a finite set of attribute names S is a subset of ∑E X N, P is a set of production rules X->r.A where X Є N, r is a regular expression over ∑E XN A is a subset of ∑A.

29

30 Schema G1=

31 Syntax of Access control policy Ex : Role: Docter +R,/record Role: Intern +R, /record -R, //comment

32 Static Analysis Static Analysis has four steps: 1) creating schema automata from schemas 2)creating access control automata from access control policies 3)creating query automata from XQuery queries 4)comparison of schema automata,query automata, and access control automata.

33 Framework of the Analysis

34 Creating schema Automata

35 Schema G1=

36 Schema Automata for this schema is

37 This Automata Accepts the following paths

38 Creating Access control Automata

39 Creating Access control Automata(cont’d) For the role Intern,this policy contains a grant rule and a denial rule,both of which propagate downward.The grant rule contains an XPath /record,while the denial rule contains an XPath //comment.Thus

40 Creating Query Automata Consider the following XQuery and XPath expressions extracted from it

41 Creating Query Automata(cont’d) Let r be /record//comment,then

42 Comparison of Automata The path expression r is always-granted if every path accepted by both the schema automaton and query automaton is accepted by the access control automaton. The path expression is always-denied if no path is accepted by all of the schema automaton,query automaton and access control automaton. The path expression is statically indeterminateif it is neither always-granted, or always-denied.

43 Example

44 Experimental Results Query optimization Static Analysis frequently makes run-time checks unnecessary.

45 QFilter VS Static-Analysis

46 Conclusion QFilter is Superior to Post- processing primitive, no access control approach. Static Analysis can handle only two cases i.e., either access fully granted or access fully denied. QFilter is superior to Static-Analysis.

47 Thank You

Download ppt "Fine Grained Access Control in XML DataBase Systems Naveen Yajamanam April 27,2006."

Similar presentations

Automata Theory Part 1: Introduction & NFA November 2002.

Automata Theory Part 1: Introduction & NFA November 2002.
A View Based Security Framework for XML Wenfei Fan, Irini Fundulaki, Floris Geerts, Xibei Jia, Anastasios Kementsietsidis University of Edinburgh Digital.

A View Based Security Framework for XML Wenfei Fan, Irini Fundulaki, Floris Geerts, Xibei Jia, Anastasios Kementsietsidis University of Edinburgh Digital.
Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.

Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.
XML: Extensible Markup Language

XML: Extensible Markup Language
Compiler Construction

Compiler Construction
1 CS 561 Presentation: Indexing and Querying XML Data for Regular Path Expressions A Paper by Quanzhong Li and Bongki Moon Presented by Ming Li.

1 CS 561 Presentation: Indexing and Querying XML Data for Regular Path Expressions A Paper by Quanzhong Li and Bongki Moon Presented by Ming Li.
Paper by: A. Balmin, T. Eliaz, J. Hornibrook, L. Lim, G. M. Lohman, D. Simmen, M. Wang, C. Zhang Slides and Presentation By: Justin Weaver.

Paper by: A. Balmin, T. Eliaz, J. Hornibrook, L. Lim, G. M. Lohman, D. Simmen, M. Wang, C. Zhang Slides and Presentation By: Justin Weaver.
NaLIX: A Generic Natural Language Search Environment for XML Data Presented by: Erik Mathisen 02/12/2008.

NaLIX: A Generic Natural Language Search Environment for XML Data Presented by: Erik Mathisen 02/12/2008.
DYNAMIC ELEMENT RETRIEVAL IN A STRUCTURED ENVIRONMENT MAYURI UMRANIKAR.

DYNAMIC ELEMENT RETRIEVAL IN A STRUCTURED ENVIRONMENT MAYURI UMRANIKAR.
Visual Web Information Extraction With Lixto Robert Baumgartner Sergio Flesca Georg Gottlob.

Visual Web Information Extraction With Lixto Robert Baumgartner Sergio Flesca Georg Gottlob.
Inbal Yahav A Framework for Using Materialized XPath Views in XML Query Processing VLDB ‘04 DB Seminar, Spring 2005 By: Andrey Balmin Fatma Ozcan Kevin.

Inbal Yahav A Framework for Using Materialized XPath Views in XML Query Processing VLDB ‘04 DB Seminar, Spring 2005 By: Andrey Balmin Fatma Ozcan Kevin.
XML –Query Languages, Extracting from Relational Databases ADVANCED DATABASES Khawaja Mohiuddin Assistant Professor Department of Computer Sciences Bahria.

XML –Query Languages, Extracting from Relational Databases ADVANCED DATABASES Khawaja Mohiuddin Assistant Professor Department of Computer Sciences Bahria.
Automatic Data Ramon Lawrence University of Manitoba

Automatic Data Ramon Lawrence University of Manitoba
XML Technologies and Applications Rajshekhar Sunderraman Department of Computer Science Georgia State University Atlanta, GA 30302

XML Technologies and Applications Rajshekhar Sunderraman Department of Computer Science Georgia State University Atlanta, GA 30302
1 Relational Algebra and Calculus Yanlei Diao UMass Amherst Feb 1, 2007 Slides Courtesy of R. Ramakrishnan and J. Gehrke.

1 Relational Algebra and Calculus Yanlei Diao UMass Amherst Feb 1, 2007 Slides Courtesy of R. Ramakrishnan and J. Gehrke.
CSCD343- Introduction to databases- A. Vaisman1 Relational Algebra.

CSCD343- Introduction to databases- A. Vaisman1 Relational Algebra.
TIBCO Designer TIBCO BusinessWorks is a scalable, extensible, and easy to use integration platform that allows you to develop, deploy, and run integration.

TIBCO Designer TIBCO BusinessWorks is a scalable, extensible, and easy to use integration platform that allows you to develop, deploy, and run integration.
4/20/2017.

4/20/2017.
Efficient Query Evaluation over Temporally Correlated Probabilistic Streams Bhargav Kanagal, Amol Deshpande ΗΥ-562 Advanced Topics on Databases Αλέκα Σεληνιωτάκη.

Efficient Query Evaluation over Temporally Correlated Probabilistic Streams Bhargav Kanagal, Amol Deshpande ΗΥ-562 Advanced Topics on Databases Αλέκα Σεληνιωτάκη.
Information storage: Introduction of database 10/7/2004 Xiangming Mu.

Information storage: Introduction of database 10/7/2004 Xiangming Mu.

Similar presentations

Ads by Google