Affiliation:
1. IBM Tokyo Research Lab, Kanagawa-ken, Japan
Abstract
Access control policies for XML typically use regular path expressions such as XPath for specifying the objects for access-control policies. However such access-control policies are burdens to the query engines for XML documents. To relieve this burden, we introduce static analysis for XML access-control. Given an access-control policy, query expression, and an optional schema, static analysis determines if this query expression is guaranteed not to access elements or attributes that are hidden by the access-control policy but permitted by the schema. Static analysis can be performed without evaluating any query expression against actual XML documents. Run-time checking is required only when static analysis is unable to determine whether to grant or deny access requests. A side effect of static analysis is query optimization: access-denied expressions in queries can be evaluated to empty lists at compile time. We further extend static analysis for handling value-based access-control policies and introduce view schemas.
Publisher
Association for Computing Machinery (ACM)
Subject
Safety, Risk, Reliability and Quality,General Computer Science
Reference43 articles.
1. Atkinson B. 2002. Schema centric XML canonicalization version 1.0. OASIS Committee Specification. http://uddi.org/pubs/SchemaCentricCanonicalization.htm.]] Atkinson B. 2002. Schema centric XML canonicalization version 1.0. OASIS Committee Specification. http://uddi.org/pubs/SchemaCentricCanonicalization.htm.]]
2. XQL and proximal nodes
Cited by
30 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献