Presentation is loading. Please wait.

Presentation is loading. Please wait.

Access Control on XML Data By Narges Fazelidoust & Maryam Masoudian Professor : Dr. Jalili Fall 1393.

Published byJoel Philip York Modified over 9 years ago

Similar presentations

Presentation on theme: "Access Control on XML Data By Narges Fazelidoust & Maryam Masoudian Professor : Dr. Jalili Fall 1393."— Presentation transcript:

1 Access Control on XML Data By Narges Fazelidoust & Maryam Masoudian Professor : Dr. Jalili Fall 1393

2 Outline Introduction XML Database Access Control Models Query Rewriting Conclusion 1/9

3 Introduction Rapid growth of the WWW Increasing amount of data Self-describing format Solution: XML 2/9 Introduction XML Database Protecting XML Data Access Control Models Query Rewriting Conclusion

4 Introduction 3/9 Introduction XML Database Protecting XML Data Access Control Models Query Rewriting Conclusion

5 XML Database XML-enabled databases (XED) native XML databases (NXD) 4/9 Unacceptable Performance MySQL and PostgreSQLBaseX, Sedna, eXist-db Hybrid XML Database (IBM DB2 and Oracle) Introduction XML Database Protecting XML Data Access Control Models Query Rewriting Conclusion

6 Protecting XML Data GOAL read query returns only data allowed to access update query makes changes only data allowed to update 5/9 Introduction XML Database Protecting XML Data Access Control Models Query Rewriting Conclusion

7 Protecting XML Data security approaches of relational databases be easily adapted for XML databases 6/9 1.Schema less 2.Node relationship 3.Hierarchical structure cannot Introduction XML Database Protecting XML Data Access Control Models Query Rewriting Conclusion

8 Access Control Models 7/9 Traditional Standard efficient manners to specify, enforce, and (possibly) exchange access rights ACL, SAML, OAuth, XACL, XACML Instance Based XPath Based Materialized View Virtual View Query Rewriting Annotation & labeling permission specifies the subject is (not) allowed to execute the action on the object nodes enforce policies during evaluation of users requests access policy is defined as a set of XPath expressions requests are rewritten w.r.t the underlying access policies (email//author[name$=name],Read,+) provide each group of users with a materialized view of all and only accessible data live for a long time scalable solution in huge data, an important number of users, and dynamic policies live only the time user connected grants/denies access to the entire resource annotation repeat for every user, every action a user takes, and each time the policy or the data are changed lack of support for authorized users to access the data when the XML data and/or access policies are changed, all users views should be changed Virtual XML views are often provided in text or HTML format Query Answering?! Introduction XML Database Protecting XML Data Access Control Models Query Rewriting Conclusion

9 Query Rewriting XML document T, schema D, security view S, virtual view T v 8/9 Introduction XML Database Protecting XML Data Access Control Models Query Rewriting Conclusion

10 Query Rewriting rewriting algorithms query language used class of queries supported type of the schema considered type of the read-access policies The rewriting manner 9/9 Introduction XML Database Protecting XML Data Access Control Models Query Rewriting Conclusion

11 [1]. Oasis extensible access control markup language (xacml) tc. https://www.oasis- open.org/committees/tc_home.php?wg_abbrev=xacml. Version 3.0, January 3013. [2]. Maggie Duong and Yanchun Zhang. An integrated access control for securely querying and updating xml data. In Proceedings of the Nineteenth Australasian Database Conference (ADC), volume 75 of CRPIT, pages 7583. Australian Computer Society, 2008. [3]. Mahfoud, Houari. Contrôle d’Acces Efficace pour des Données XML: problemes d’interrogation et de mise-a-jour. Diss. Université de Lorraine, 2014. [4]. Irini Fundulaki and Sebastian Maneth. Formalizing xml access control for update operations. In SACMAT, pages 169174. ACM, 2007. [5]. Anisoara Nica. Incremental maintenance of materialized views with outerjoins. Inf. Syst., 37(5):430-442, 2012. [6]. Benoît Groz, Slawomir Staworko, Anne-Cécile Caron, Yves Roos, and Sophie Tison. Xml security views revisited. In Database Programming Languages - DBPL 2009,12th International Symposium, volume 5708 of Lecture Notes in Computer Science, pages 52-67. Springer, 2009. [7]. Manogna Thimma, Tsam Kai Tsui, and Bo Luo. Hyxac: a hybrid approach for xml access control. In 18th ACM Symposium on Access Control Models and Technologies (SACMAT). ACM, 2013.

12 Thanks Introduction XML Database Protecting XML Data Access Control Models Query Rewriting Conclusion

Download ppt "Access Control on XML Data By Narges Fazelidoust & Maryam Masoudian Professor : Dr. Jalili Fall 1393."

Similar presentations

Ontology-Based Computing Kenneth Baclawski Northeastern University and Jarg.

Ontology-Based Computing Kenneth Baclawski Northeastern University and Jarg.
A View Based Security Framework for XML Wenfei Fan, Irini Fundulaki, Floris Geerts, Xibei Jia, Anastasios Kementsietsidis University of Edinburgh Digital.

A View Based Security Framework for XML Wenfei Fan, Irini Fundulaki, Floris Geerts, Xibei Jia, Anastasios Kementsietsidis University of Edinburgh Digital.
The Role of Trust Management in Distributed Systems Authors Matt Blaze, John Feigenbaum, John Ioannidis, Angelos D. Keromytis Presented By Akshay Gupte.

The Role of Trust Management in Distributed Systems Authors Matt Blaze, John Feigenbaum, John Ioannidis, Angelos D. Keromytis Presented By Akshay Gupte.
NRL Security Architecture: A Web Services-Based Solution

NRL Security Architecture: A Web Services-Based Solution
XML to Relational Database Mapping

XML to Relational Database Mapping
XML: Extensible Markup Language

XML: Extensible Markup Language
1 Authorization XACML – a language for expressing policies and rules.

1 Authorization XACML – a language for expressing policies and rules.
Using Multi-Encryption to Provide Secure and Controlled Access to XML Documents Tomasz Müldner, Jodrey School of Computer Science, Acadia University, Wolfville,

Using Multi-Encryption to Provide Secure and Controlled Access to XML Documents Tomasz Müldner, Jodrey School of Computer Science, Acadia University, Wolfville,
Access Control Patterns & Practices with WSO2 Middleware Prabath Siriwardena.

Access Control Patterns & Practices with WSO2 Middleware Prabath Siriwardena.
The Web of data with meaning... By Michael Griffiths.

The Web of data with meaning... By Michael Griffiths.
Authz work in GGF David Chadwick

Authz work in GGF David Chadwick
DYNAMIC ELEMENT RETRIEVAL IN A STRUCTURED ENVIRONMENT MAYURI UMRANIKAR.

DYNAMIC ELEMENT RETRIEVAL IN A STRUCTURED ENVIRONMENT MAYURI UMRANIKAR.
Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.

Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.
95-804 Applied Cryptography Week 13 SAML 1 95-804 Applied Cryptography SAML and XACML Mike McCarthy Week 13.

Applied Cryptography Week 13 SAML Applied Cryptography SAML and XACML Mike McCarthy Week 13.
XML and The Relational Data Model

XML and The Relational Data Model
Summary. Chapter 9 – Triggers Integrity constraints Enforcing IC with different techniques –Keys –Foreign keys –Attribute-based constraints –Schema-based.

Summary. Chapter 9 – Triggers Integrity constraints Enforcing IC with different techniques –Keys –Foreign keys –Attribute-based constraints –Schema-based.
“A Service-enabled Access Control Model for Distributed Data” Mark Turner, Philip Woodall Pennine Forum - 16 th September 2004.

“A Service-enabled Access Control Model for Distributed Data” Mark Turner, Philip Woodall Pennine Forum - 16 th September 2004.
A Heterogeneous Network Access Service based on PERMIS and SAML Gabriel López Millán University of Murcia EuroPKI Workshop 2005.

A Heterogeneous Network Access Service based on PERMIS and SAML Gabriel López Millán University of Murcia EuroPKI Workshop 2005.
XACML By Ganesh Godavari Craig Peltier. Information Sharing Information Sharing relates to the sharing of information between two or more entities. Entities.

XACML By Ganesh Godavari Craig Peltier. Information Sharing Information Sharing relates to the sharing of information between two or more entities. Entities.
269200 Web Programming Language Dr. Ken Cosh Week 1 (Introduction)

Web Programming Language Dr. Ken Cosh Week 1 (Introduction)

Similar presentations

Ads by Google