Fine Grained Access Control in XML DataBase Systems Naveen Yajamanam April 27,2006.

Slides:

Advertisements

Similar presentations

Automata Theory Part 1: Introduction & NFA November 2002.

Advertisements

A View Based Security Framework for XML Wenfei Fan, Irini Fundulaki, Floris Geerts, Xibei Jia, Anastasios Kementsietsidis University of Edinburgh Digital.

Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.

XML: Extensible Markup Language

Compiler Construction

1 CS 561 Presentation: Indexing and Querying XML Data for Regular Path Expressions A Paper by Quanzhong Li and Bongki Moon Presented by Ming Li.

Paper by: A. Balmin, T. Eliaz, J. Hornibrook, L. Lim, G. M. Lohman, D. Simmen, M. Wang, C. Zhang Slides and Presentation By: Justin Weaver.

NaLIX: A Generic Natural Language Search Environment for XML Data Presented by: Erik Mathisen 02/12/2008.

DYNAMIC ELEMENT RETRIEVAL IN A STRUCTURED ENVIRONMENT MAYURI UMRANIKAR.

Visual Web Information Extraction With Lixto Robert Baumgartner Sergio Flesca Georg Gottlob.

Inbal Yahav A Framework for Using Materialized XPath Views in XML Query Processing VLDB ‘04 DB Seminar, Spring 2005 By: Andrey Balmin Fatma Ozcan Kevin.

XML –Query Languages, Extracting from Relational Databases ADVANCED DATABASES Khawaja Mohiuddin Assistant Professor Department of Computer Sciences Bahria.

Automatic Data Ramon Lawrence University of Manitoba

XML Technologies and Applications Rajshekhar Sunderraman Department of Computer Science Georgia State University Atlanta, GA 30302

1 Relational Algebra and Calculus Yanlei Diao UMass Amherst Feb 1, 2007 Slides Courtesy of R. Ramakrishnan and J. Gehrke.

CSCD343- Introduction to databases- A. Vaisman1 Relational Algebra.

TIBCO Designer TIBCO BusinessWorks is a scalable, extensible, and easy to use integration platform that allows you to develop, deploy, and run integration.

Efficient Query Evaluation over Temporally Correlated Probabilistic Streams Bhargav Kanagal, Amol Deshpande ΗΥ-562 Advanced Topics on Databases Αλέκα Σεληνιωτάκη.

Information storage: Introduction of database 10/7/2004 Xiangming Mu.

1 Static Type Analysis of Path Expressions in XQuery Using Rho-Calculus Wang Zhen (Selina) Oct 26, 2006.

Comparing XSLT and XQuery Michael Kay XTech 2005.

XML Overview. Chapter 8 © 2011 Pearson Education 2 Extensible Markup Language (XML) A text-based markup language (like HTML) A text-based markup language.

Event-Condition-Action Rule Languages over Semistructured Data George Papamarkos.

Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 5 “Database and Cloud Security”.

Interoperability in Information Schemas Ruben Mendes Orientador: Prof. José Borbinha MEIC-Tagus Instituto Superior Técnico.

XML as a Boxwood Data Structure Feng Zhou, John MacCormick, Lidong Zhou, Nick Murphy, Chandu Thekkath 8/20/04.

A Metadata Based Approach For Supporting Subsetting Queries Over Parallel HDF5 Datasets Vignesh Santhanagopalan Graduate Student Department Of CSE.

DANIEL J. ABADI, ADAM MARCUS, SAMUEL R. MADDEN, AND KATE HOLLENBACH THE VLDB JOURNAL. SW-Store: a vertically partitioned DBMS for Semantic Web data.

Chapter 13 Query Processing Melissa Jamili CS 157B November 11, 2004.

Distributed Information Retrieval Using a Multi-Agent System and The Role of Logic Programming.

11 Usage policies for end point access control  XACML is Oasis standard to express enterprise security policies with a common XML based policy language.

BNCOD07Indexing & Searching XML Documents based on Content and Structure Synopses1 Indexing and Searching XML Documents based on Content and Structure.

1 Relational Algebra and Calculas Chapter 4, Part A.

The Volcano Optimizer Generator Extensibility and Efficient Search.

Lexical Analysis: Finite Automata CS 471 September 5, 2007.

1 Relational Algebra Chapter 4, Sections 4.1 – 4.2.

____________________________ XML Access Control for Semantically Related XML Documents & A Role-Based Approach to Access Control For XML Databases BY Asheesh.

XML and Database.

CS 157B: Database Management Systems II February 11 Class Meeting Department of Computer Science San Jose State University Spring 2013 Instructor: Ron.

XML Access Control Koukis Dimitris Padeleris Pashalis.

Sept. 27, 2002 ISDB’02 Transforming XPath Queries for Bottom-Up Query Processing Yoshiharu Ishikawa Takaaki Nagai Hiroyuki Kitagawa University of Tsukuba.

Database Management Systems, R. Ramakrishnan1 Relational Algebra Module 3, Lecture 1.

Compiler Introduction 1 Kavita Patel. Outlines 2  1.1 What Do Compilers Do?  1.2 The Structure of a Compiler  1.3 Compilation Process  1.4 Phases.

Issues in Ontology-based Information integration By Zhan Cui, Dean Jones and Paul O’Brien.

DBMS_Week 3-4 DBMS. Three-Schema Architecture – Internal schema (one view) describes physical storage structures access paths, indexes used Typically.

Chapter 9: Web Services and Databases Title: NiagaraCQ: A Scalable Continuous Query System for Internet Databases Authors: Jianjun Chen, David J. DeWitt,

Overview of Previous Lesson(s) Over View  A token is a pair consisting of a token name and an optional attribute value.  A pattern is a description.

1 Storing and Maintaining Semistructured Data Efficiently in an Object- Relational Database Mo Yuanying and Ling Tok Wang.

XML Stream Processing Yanlei Diao University of Massachusetts Amherst.

Processing XML Streams with Deterministic Automata Denis Mindolin Gaurav Chandalia.

CS 404Ahmed Ezzat 1 CS 404 Introduction to Compiler Design Lecture 1 Ahmed Ezzat.

Chapter 13: Query Processing

Defects of UML Yang Yichuan. For the Presentation Something you know Instead of lots of new stuff. Cases Instead of Concepts. Methodology instead of the.

1 Chapter 2 Finite Automata (part a) Hokkaido, Japan.

XML Databases Presented By: Pardeep MT15042 Anurag Goel MT15006.

Database and Cloud Security

XML: Extensible Markup Language

Efficient Evaluation of XQuery over Streaming Data

Chapter 1 Introduction.

High-Performance XML Filtering with YFilter

Chapter 1 Introduction.

Two issues in lexical analysis

Recognizer for a Language

Chapter 15 QUERY EXECUTION.

OrientX: an Integrated, Schema-Based Native XML Database System

Relational Algebra Chapter 4, Sections 4.1 – 4.2

Nondeterministic Finite Automata

CPSC-608 Database Systems

Presentation transcript:

Fine Grained Access Control in XML DataBase Systems Naveen Yajamanam April 27,2006

References QFilter:Fine-Grained Run-Time XML Access control via NFA-based Query rewriting Bo luo,D.Lee,Wang-chienLee,P.Lee XML Access control using static Analysis Murata,Tozawa,Kudo

Introduction XML has emerged as the language to exchange data over web. XML provides for fine granularity of information retrieval because the elements of an XML document can be retrieved by XML queries directly and independently. Fine granularity requires mechanisms to control the access at varying levels of the document. XML Access control ensures only authorised users can access only authorised portion of XML data.

Concrete view of XML

QFILTER

XML ACCESS CONTROL MECHANISMS

Different Evaluation Plans No access control Primitive Pre-processing Post-Processing

Primitive Approach

Primitive Approach (cont’d)

Post Processing Approach Intermediate answers are calculated as usual Then, ACR prunes out unsafe data. Suitable when ACR and data are stored separately in some distributed environment Can be implemented by XML data filtering package(YFilter)

Pre-Processing Approach Primitive Approach satisfies two goals Non-view based Independent on underlying XML engine But, rewritten-query Q’ is not the most efficient one

Pre-Processing-QFilter QFilter reads as input query Q,Acces control rules ACR,schema S,then returns a modified query Q’ as output: Q’=QFilter(Q,ACR,S) QFilter has three types of operations: 1.Accept:Q’=Q 2.Deny:Q’={ } 3.Rewrite

QFilter Construction QFilter captures ACR as NFA(Non- deterministic Finite Automata). Given Q,quickly determine if it is Accepted,Denied,Rewrited.

QFilter Construction consider following XPath expressions

State Transition Map

NFA

Q:/site/categories/NW/item

Q:/site/top//item

Q:/site/*/person/name

QFilter with predicate handling

Q:/site/regions/*/item[quantity]/name Q’:/site/regions/*/item[quantity] [description]/name

QFilter performance

Experimental results Efficient in terms of query execution time Scalable to the number of access control rules specified in the system.

STATIC ANALYSIS

INTRODUCTION Static Analysis is performed at compile time(when query expression is created rather than each time it is evaluated). Run-time checking is required only when static analysis is unable to grant or deny access requests without examining the actual databases. Key Idea: To use automata for representing and comparing queries, access control policies and schemas.

Introduction(conti…) Static Analysis has Two Phases: First Phase:-We create query automata access control automata,schema automata. Second phase:-We compare these Automata While applying the rules.

Introduction(cont’d) Schema :Schema is a description of permissible XML documents. A schema is a 5-tuple G=(N,∑E,,∑A,S,P) N is a finite set of non-terminals ∑E is a finite set of element names ∑A is a finite set of attribute names S is a subset of ∑E X N, P is a set of production rules X->r.A where X Є N, r is a regular expression over ∑E XN A is a subset of ∑A.

Schema G1=

Syntax of Access control policy Ex : Role: Docter +R,/record Role: Intern +R, /record -R, //comment

Static Analysis Static Analysis has four steps: 1) creating schema automata from schemas 2)creating access control automata from access control policies 3)creating query automata from XQuery queries 4)comparison of schema automata,query automata, and access control automata.

Framework of the Analysis

Creating schema Automata

Schema G1=

Schema Automata for this schema is

This Automata Accepts the following paths

Creating Access control Automata

Creating Access control Automata(cont’d) For the role Intern,this policy contains a grant rule and a denial rule,both of which propagate downward.The grant rule contains an XPath /record,while the denial rule contains an XPath //comment.Thus

Creating Query Automata Consider the following XQuery and XPath expressions extracted from it

Creating Query Automata(cont’d) Let r be /record//comment,then

Comparison of Automata The path expression r is always-granted if every path accepted by both the schema automaton and query automaton is accepted by the access control automaton. The path expression is always-denied if no path is accepted by all of the schema automaton,query automaton and access control automaton. The path expression is statically indeterminateif it is neither always-granted, or always-denied.

Example

Experimental Results Query optimization Static Analysis frequently makes run-time checks unnecessary.

QFilter VS Static-Analysis

Conclusion QFilter is Superior to Post- processing primitive, no access control approach. Static Analysis can handle only two cases i.e., either access fully granted or access fully denied. QFilter is superior to Static-Analysis.

Thank You