Sciweavers

EDBT
2006
ACM

Authorization-Transparent Access Control for XML Under the Non-Truman Model

15 years 17 days ago
Authorization-Transparent Access Control for XML Under the Non-Truman Model
In authorization-transparent access control, users formulate their queries against the database schema rather than against authorization views that transform and hide data. The Truman and the Non-Truman are two approaches to authorization transparency where in a Truman model, queries that violate the access restrictions are modified transparently by the system to only reveal accessible data, while in a Non-Truman model, such queries are rejected. The advantage of a Non-Truman model is that the semantics of user queries is not changed by the access control mechanism. This work presents an access control mechanism for XML under the Non-Truman model. Security policies are specified as parameterized rules formulated using XPath. The rules specify relationships between elements that should be concealed from users. Hence, not only elements, but also edges and paths within an XML document, can be concealed. The access control mechanism authorizes only valid queries, i.e., queries that do not ...
Alberto O. Mendelzon, Renée J. Miller, Yaro
Added 08 Dec 2009
Updated 08 Dec 2009
Type Conference
Year 2006
Where EDBT
Authors Alberto O. Mendelzon, Renée J. Miller, Yaron Kanza, Zheng Zhang 0002
Comments (0)