Filtering XPath expressions for XML access control

Jae Myeong Jeon, Yon Dohn Chung, Myoung Ho Kim, Yoon Joon Lee

Research output: Contribution to journalArticlepeer-review

9 Citations (Scopus)

Abstract

XPath is a standard for specifying parts of XML documents and a suitable language for both query processing and access control of XML. In this paper, we use the XPath expression for representing user queries and access control for XML. And we propose an access-control method for XML, where we control accesses to XML documents by filtering query XPath expressions through access-control XPath expressions. For filtering the access-denied parts out of query XPath expressions, set operations (such as, intersection and difference) between the XPath expressions are essential. However, it is known that the containment problem of two XPath expressions is coNP-hard when the XPath expressions contain predicates (or branch), wildcards and descendant axes. To solve the problem, we directly search XACT (XML Access Control Tree) for a query XPath expression and extract the access-granted parts. The XACT is our proposed structure, where the edges are structural summary of XML elements and the nodes contain access-control information. We show that the query XPath expressions are successfully filtered through the XACT by our proposed method, and also show the performance improvement by comparing the proposed method with the previous work.

Original languageEnglish
Pages (from-to)591-605
Number of pages15
JournalComputers and Security
Volume23
Issue number7
DOIs
Publication statusPublished - 2004 Oct

Bibliographical note

Funding Information:
This work was supported by the Korea Research Foundation Grant (KRF-2003-003-D00350). Jae-Myeong Jeon received his B.S. and M.S. degrees in Computer Science from Korea Air Force Academy, Cheongjoo, Korea, in 1988 and from Oklahoma State University, Stillwater, OK, in 1995, respectively. And he is currently a Ph.D. candidate in the Department of Computer Science at Korea Advanced Institute of Science and Technology (KAIST), Daejon, Korea. His research interests include security, XML and database systems. Yon Dohn Chung received his B.S. degree in Computer Science from Korea University, Seoul, Korea, in 1994, and his M.S. and Ph.D. degrees in Computer Engineering from KAIST in 1996 and 2000, respectively. In 2003, he joined the faculty of the Department of Computer Engineering, Dongguk University, Seoul, Korea, where currently he is an assistant professor. Before joining the department, he worked in the Department of Computer Science of KAIST as a post-doctoral research associate and a research professor. His research interests include mobile databases, spatio-temporal databases, XML databases, data stream processing, and database systems. Myoung Ho Kim received his B.S. and M.S. degrees in Computer Engineering from Seoul National University, Seoul, Korea, in 1982 and 1984, respectively, and his Ph.D. degree in Computer Science from Michigan State University, East Lansing, MI, in 1989. In 1989 he joined the faculty of the Department of Computer Science at KAIST, Taejon, Korea, where currently he is a professor. His research interests include database systems, OLAP, XML, mobile computing, transaction management, information retrieval, workflow and distributed processing. He is a member of the ACM and IEEE computer Society. Yoon Joon Lee received his B.S. degree in Computer Science from Seoul National University, Seoul, Korea, in 1977 and his M.S. degree in Computer Science from KAIST 1979. And he received his Ph.D. degree in Computer Science from INPG-ENSIMAG, France, in 1983. In 1984 he joined the faculty of the Department of Computer Science at KAIST, Taejon, Korea, where currently he is a professor. His research interests include database systems, Internet, Web databases and distributed systems. He is a member of the ACM and IEEE computer Society.

Keywords

  • Access control
  • Query processing
  • Security
  • XML
  • XPath

ASJC Scopus subject areas

  • General Computer Science
  • Law

Fingerprint

Dive into the research topics of 'Filtering XPath expressions for XML access control'. Together they form a unique fingerprint.

Cite this