Filtering XPath expressions for XML access control

Jae Myeong Jeon, Yon Dohn Chung, Myoung H. Kim, Yoon Joon Lee

Research output: Contribution to journalArticle

9 Citations (Scopus)

Abstract

XPath is a standard for specifying parts of XML documents and a suitable language for both query processing and access control of XML. In this paper, we use the XPath expression for representing user queries and access control for XML. And we propose an access-control method for XML, where we control accesses to XML documents by filtering query XPath expressions through access-control XPath expressions. For filtering the access-denied parts out of query XPath expressions, set operations (such as, intersection and difference) between the XPath expressions are essential. However, it is known that the containment problem of two XPath expressions is coNP-hard when the XPath expressions contain predicates (or branch), wildcards and descendant axes. To solve the problem, we directly search XACT (XML Access Control Tree) for a query XPath expression and extract the access-granted parts. The XACT is our proposed structure, where the edges are structural summary of XML elements and the nodes contain access-control information. We show that the query XPath expressions are successfully filtered through the XACT by our proposed method, and also show the performance improvement by comparing the proposed method with the previous work.

Original languageEnglish
Pages (from-to)591-605
Number of pages15
JournalComputers and Security
Volume23
Issue number7
DOIs
Publication statusPublished - 2004 Oct 1
Externally publishedYes

Fingerprint

Access control
XML
Query processing
language
performance

Keywords

  • Access control
  • Query processing
  • Security
  • XML
  • XPath

ASJC Scopus subject areas

  • Computer Science(all)

Cite this

Filtering XPath expressions for XML access control. / Jeon, Jae Myeong; Chung, Yon Dohn; Kim, Myoung H.; Lee, Yoon Joon.

In: Computers and Security, Vol. 23, No. 7, 01.10.2004, p. 591-605.

Research output: Contribution to journalArticle

Jeon, Jae Myeong ; Chung, Yon Dohn ; Kim, Myoung H. ; Lee, Yoon Joon. / Filtering XPath expressions for XML access control. In: Computers and Security. 2004 ; Vol. 23, No. 7. pp. 591-605.
@article{e15119b3f3984b6e92eaf6ad87d70592,
title = "Filtering XPath expressions for XML access control",
abstract = "XPath is a standard for specifying parts of XML documents and a suitable language for both query processing and access control of XML. In this paper, we use the XPath expression for representing user queries and access control for XML. And we propose an access-control method for XML, where we control accesses to XML documents by filtering query XPath expressions through access-control XPath expressions. For filtering the access-denied parts out of query XPath expressions, set operations (such as, intersection and difference) between the XPath expressions are essential. However, it is known that the containment problem of two XPath expressions is coNP-hard when the XPath expressions contain predicates (or branch), wildcards and descendant axes. To solve the problem, we directly search XACT (XML Access Control Tree) for a query XPath expression and extract the access-granted parts. The XACT is our proposed structure, where the edges are structural summary of XML elements and the nodes contain access-control information. We show that the query XPath expressions are successfully filtered through the XACT by our proposed method, and also show the performance improvement by comparing the proposed method with the previous work.",
keywords = "Access control, Query processing, Security, XML, XPath",
author = "Jeon, {Jae Myeong} and Chung, {Yon Dohn} and Kim, {Myoung H.} and Lee, {Yoon Joon}",
year = "2004",
month = "10",
day = "1",
doi = "10.1016/j.cose.2004.06.009",
language = "English",
volume = "23",
pages = "591--605",
journal = "Computers and Security",
issn = "0167-4048",
publisher = "Elsevier Limited",
number = "7",

}

TY - JOUR

T1 - Filtering XPath expressions for XML access control

AU - Jeon, Jae Myeong

AU - Chung, Yon Dohn

AU - Kim, Myoung H.

AU - Lee, Yoon Joon

PY - 2004/10/1

Y1 - 2004/10/1

N2 - XPath is a standard for specifying parts of XML documents and a suitable language for both query processing and access control of XML. In this paper, we use the XPath expression for representing user queries and access control for XML. And we propose an access-control method for XML, where we control accesses to XML documents by filtering query XPath expressions through access-control XPath expressions. For filtering the access-denied parts out of query XPath expressions, set operations (such as, intersection and difference) between the XPath expressions are essential. However, it is known that the containment problem of two XPath expressions is coNP-hard when the XPath expressions contain predicates (or branch), wildcards and descendant axes. To solve the problem, we directly search XACT (XML Access Control Tree) for a query XPath expression and extract the access-granted parts. The XACT is our proposed structure, where the edges are structural summary of XML elements and the nodes contain access-control information. We show that the query XPath expressions are successfully filtered through the XACT by our proposed method, and also show the performance improvement by comparing the proposed method with the previous work.

AB - XPath is a standard for specifying parts of XML documents and a suitable language for both query processing and access control of XML. In this paper, we use the XPath expression for representing user queries and access control for XML. And we propose an access-control method for XML, where we control accesses to XML documents by filtering query XPath expressions through access-control XPath expressions. For filtering the access-denied parts out of query XPath expressions, set operations (such as, intersection and difference) between the XPath expressions are essential. However, it is known that the containment problem of two XPath expressions is coNP-hard when the XPath expressions contain predicates (or branch), wildcards and descendant axes. To solve the problem, we directly search XACT (XML Access Control Tree) for a query XPath expression and extract the access-granted parts. The XACT is our proposed structure, where the edges are structural summary of XML elements and the nodes contain access-control information. We show that the query XPath expressions are successfully filtered through the XACT by our proposed method, and also show the performance improvement by comparing the proposed method with the previous work.

KW - Access control

KW - Query processing

KW - Security

KW - XML

KW - XPath

UR - http://www.scopus.com/inward/record.url?scp=8344261653&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=8344261653&partnerID=8YFLogxK

U2 - 10.1016/j.cose.2004.06.009

DO - 10.1016/j.cose.2004.06.009

M3 - Article

AN - SCOPUS:8344261653

VL - 23

SP - 591

EP - 605

JO - Computers and Security

JF - Computers and Security

SN - 0167-4048

IS - 7

ER -