XML Access Control Based on Security Views

基于安全视图的XML访问控制

• 批准号: DDG-2015-00050
• 负责人: Passi, Kalpdrum
• 金额: $ 0.73万
• 依托单位: Laurentian University of Sudbury
• 依托单位国家: 加拿大
• 项目类别: Discovery Development Grant
• 财政年份: 2016
• 资助国家: 加拿大
• 起止时间: 2016-01-01 至 2017-12-31
• 项目状态: 已结题
• 来源: https://www.nserc-crsng.gc.ca/ase-oro/Details-Detailles_eng.asp?id=612451
• 关键词: XML; Access; Control; Based; Security

The nature of data on the web and the flexibility of XML have resulted in data encoded in XML to be semistructured. The availability of large amounts of heterogeneous distributed data necessitates integrating XML data from multiple XML sources. The XML data sources may be based either or no schema, DTD (Document Type Definition) schemas, XML Schema, or any other schema that has been proposed by different companies. Due to the nature of data available on the web that may include patient data in a healthcare system, employee data in a banking industry or any big organization or student data in a university system, all require securing the data. This further necessitates that authorized users with access rights and privileges are able to access the required data in in order to accomplish their jobs efficiently. In order to provide secure access of XML data to authorized users with given access privileges requires the development of a fine grained access control mechanism to provide access to either parts of a document tree or certain nodes in the tree. To enforce such access control models requires availability of XML Schema that specifies the structure of accessible XML data as the schemas provide the mechanism for data exchange, integration, query formulation and optimization. The objective of this research is to develop mechanisms to define security specifications using XML Schema and to effective enforce such constraints during query processing. Enforcing of these constraints will be based on security views. Security views represent a restricted view of the original document and the accompanying XML Schema that can be derived based on a security specification. Further, a security view would expose only the required schema structure and document content to authorized users with access privileges. Authorized users will be able to pose queries over the security view of the XML Schema to formulate their queries.

Web上数据的性质和XML的灵活性导致了用XML编码的数据是半结构化的。大量异构分布式数据的可用性要求集成来自多个XML源的XML数据。XML数据源可以基于或不基于模式、DTD（文档类型定义）模式、XML模式或由不同公司提出的任何其他模式。由于网络上可用数据的性质，可能包括医疗保健系统中的患者数据，银行业或任何大型组织中的员工数据或大学系统中的学生数据，所有这些都需要保护数据。这进一步要求具有访问权限和特权的授权用户能够访问所需的数据，以便有效地完成其工作。为了向具有给定访问权限的授权用户提供XML数据的安全访问，需要开发细粒度的访问控制机制，以提供对文档树的部分或树中的某些节点的访问。为了实施这样的访问控制模型，需要XML模式的可用性，该模式指定了可访问的XML数据的结构，因为模式提供了数据交换、集成、查询公式化和优化的机制。本研究的目的是开发机制，定义使用XML模式的安全规范，并有效地执行这种约束在查询处理。这些约束的实施将基于安全视图。安全视图表示原始文档和随附的XML架构的受限视图，XML架构可以根据安全规范派生。此外，安全视图将只向具有访问权限的授权用户公开所需的模式结构和文档内容。授权用户将能够在XML模式的安全视图上提出查询，以制定他们的查询。