Fine Grained Access Control in XML DataBase Systems

1
Fine Grained Access Control in XML DataBase
Systems

• Naveen Yajamanam
• April 27,2006

2
References

• QFilterFine-Grained Run-Time XML Access control
  via NFA-based Query rewriting
• Bo luo,D.Lee,Wang-chienLee,P.Lee
• XML Access control using static Analysis
• Murata ,Tozawa,Kudo

3
Introduction

• XML has emerged as the language to exchange data
  over web.
• XML provides for fine granularity of information
  retrieval because the elements of an XML document
  can be retrieved by XML queries directly and
  independently.
• Fine granularity requires mechanisms to control
  the access at varying levels of the document.
• XML Access control ensures only authorised
• users can access only authorised portion of
  XML data.

4
Concrete view of XML
5
QFILTER
6
XML ACCESS CONTROL MECHANISMS
7
Different Evaluation Plans

• No access control
• Primitive
• Pre-processing
• Post-Processing

8
Primitive Approach
9
Primitive Approach (contd)
10
Post Processing Approach

• Intermediate answers are calculated as usual
• Then, ACR prunes out unsafe data.
• Suitable when ACR and data are stored
• separately in some distributed environment
• Can be implemented by XML data filtering
  package(YFilter)

11
Pre-Processing Approach

• Primitive Approach satisfies two goals
• Non-view based
• Independent on underlying XML
• engine
• But, rewritten-query Q is not the most efficient
  one

12
Pre-Processing-QFilter

• QFilter reads as input query Q,Acces control
  rules ACR,schema S,then returns a modified query
  Q as output
• QQFilter(Q,ACR,S)
• QFilter has three types of operations
• 1.AcceptQQ
• 2.DenyQ
• 3.Rewrite

13
QFilter Construction

• QFilter captures ACR as NFA(Non-deterministic
  Finite Automata).
• Given Q ,quickly determine if it is
  Accepted,Denied,Rewrited.

14
QFilter Construction consider following XPath
expressions
15
State Transition Map
16
NFA
17
Q/site/categories/NW/item
18
Q/site/top//item
19
Q/site//person/name
20
QFilter with predicate handling
21
Q/site/regions//itemquantity/nameQ/site/reg
ions//itemquantitydescription/name
22
QFilter performance
23
QFilter performance
24
Experimental results

• Efficient in terms of query execution time
• Scalable to the number of access control
• rules specified in the system.

25
STATIC ANALYSIS
26
INTRODUCTION

• Static Analysis is performed at compile time(when
  query expression is created rather than each time
  it is evaluated).
• Run-time checking is required only when static
  analysis is unable to grant or deny access
  requests without examining the actual databases.
• Key Idea To use automata for representing and
  comparing queries, access control policies and
  schemas.

27
Introduction(conti)

• Static Analysis has Two Phases
• First Phase-We create query automata
• access control automata,schema automata.
• Second phase-We compare these
• Automata While applying the rules .
  

28
Introduction(contd)

• Schema Schema is a description of permissible
  XML documents.
• A schema is a 5-tuple G(N,?E, ,?A,S,P)
• N is a finite set of non-terminals
• ?E is a finite set of element names
• ?A is a finite set of attribute names
• S is a subset of ?E X N,
• P is a set of production rules
• X-gtr.A where X ? N,
• r is a regular expression over ?E XN
• A is a subset of ?A .

29
(No Transcript)
30
Schema G1
31
Syntax of Access control policy

• Ex
• Role Docter
• R,/record
• Role Intern
• R, /record
• -R, //comment

32
Static Analysis

• Static Analysis has four steps
• 1) creating schema automata from schemas
• 2)creating access control automata from access
  control policies
• 3)creating query automata from XQuery
• queries
• 4)comparison of schema automata ,query
• automata, and access control automata.

33
Framework of the Analysis
34
Creating schema Automata
35
Schema G1
36
Schema Automata for this schema is
37
This Automata Accepts the following paths
38
Creating Access control Automata
39
Creating Access control Automata(contd)

• For the role Intern ,this policy contains a grant
  rule and a denial rule,both of which propagate
  downward.The grant rule contains an XPath
• /record,while the denial rule contains an
  XPath
• //comment.Thus

40
Creating Query Automata

• Consider the following XQuery and XPath
  expressions extracted from it

41
Creating Query Automata(contd)

• Let r be /record//comment ,then

42
Comparison of Automata

• The path expression r is always-granted if
  every path accepted by both the schema automaton
  and query automaton is accepted by the access
  control
• automaton .
• 
  
• The path expression is always-denied if no
  path is accepted by all of the schema automaton
  ,query automaton and access control automaton.
  
  
• The path expression is statically
  indeterminateif it is neither always-granted, or
  always-denied.

43
Example
44
Experimental Results

• Query optimization
• Static Analysis frequently makes run-time checks
  unnecessary.

45
QFilter VS Static-Analysis
46
Conclusion

• QFilter is Superior to Post- processing
  primitive, no access control approach.
• Static Analysis can handle only two cases
  i.e., either access fully granted or access fully
  denied. QFilter is superior to Static-Analysis .

47
Thank You