This Article 
   
 Share 
   
 Bibliographic References 
   
 Add to: 
 
Digg
Furl
Spurl
Blink
Simpy
Google
Del.icio.us
Y!MyWeb
 
 Search 
   
Presto Authorization: A Bitmap Indexing Scheme for High-Speed Access Control to XML Documents
July 2006 (vol. 18 no. 7)
pp. 971-987
XML (eXtensible Markup Language) is fast becoming the de facto standard for information exchange over the Internet. As more and more sensitive information gets stored in the form of XML, proper access control to the XML documents becomes increasingly important. However, traditional access control methodologies that have been adapted for XML documents do not address the performance issue of access control. This paper proposes a bitmap-indexing scheme in which access control decisions can be sped up. Authorization policies of the form (subject, object, and action) are encoded as bitmaps in the same manner as XML document indexes are constructed. These two are then efficiently pipelined and manipulated for "fast” access control and "secure” retrieval of XML documents.

[1] A. Arsanjani, B. Hailpern, J. Martin, and P. Tarr, “Web Services: Promises and Compromises,” ACM Queue, vol. 1, no. 1, pp. 48-58, 2003.
[2] E. Bertino, B. Catania, E. Ferrari, and P. Perlasca, “A Logical Framework for Reasoning about Access Control Models,” ACM Trans. Information and System Security, vol. 6, pp. 71-127, 2003.
[3] E. Bertino, S. Jajodia, and P. Samarati, “A Flexible Authorization Mechanism for Relational Data Management Systems,” ACM Trans. Information Systems, vol. 17, pp. 101-140, 1999.
[4] S. Barker and P. Stuckey, “Flexible Access Control Policy Specification with Constraint Logic Programming,” ACM Trans. Information and System Security, vol. 6, pp. 501-546, 2003.
[5] E. Bertino, P. Samarati, and S. Jajodia, “Authorizations in Relational Database Management Systems,” Proc. First ACM Conf. Computer and Comm. Security, pp. 130-139, 1993.
[6] P. Bonatti, S. Di Vimercati, and P. Samarati, “An Algebra for Composing Access Control Policies,” ACM Trans. Information and System Security, vol. 5, pp. 1-35, 2002.
[7] S. Castano, M. Fugini, G. Martella, and P. Samarati, Database Security. Addison-Wesley, 1995.
[8] C. Chan and Y. Ioannidis, “Bitmap Index Design and Evaluation,” Proc. Int'l ACM SIGMOD Conf., pp. 355-366, 1998.
[9] A. Deutsch, M. Fernandez, A. Levy, and D. Suciu, “XML-QL: A Query Language for XML,” www.w3.org/TRNOTE-xml-ql/, 1998.
[10] D. Denning, T. Lunt, R. Schell, M. Heckman, and W. Shockley, “A Multilevel Relational Data Model,” Proc. IEEE Symp. Security and Privacy, pp. 220-234, 1987.
[11] E. Damiani, S. Di Vimercati, S. Paraboschi, and P. Samarati, “A Fine-Grained Access Control System for XML Documents,” ACM Trans. Information and System Security, vol. 5, pp. 169-202, 2002.
[12] D. Ferraiolo, R. Sandhu, S. Gavrila, D. Kuhn, and R. Chandramouli, “Proposed NIST Standard for Role-Based Access Control,” ACM Trans. Information and System Security, vol. 4, pp. 224-274, 2001.
[13] T. Grust, M. vanKeulen, and J. Teubner, “Accelerating XPath Evaluation in Any RDBMS,” ACM Trans. Database Systems, vol. 29, pp. 91-131, 2004.
[14] R. Hamming, “Error Detecting and Error Correcting Codes,” Bell System Technical J., vol. 9, pp. 147-160, 1950.
[15] S. Jajodia, P. Samarati, and V. Subrahmanian, “A Logical Language for Expressing Authorizations,” Proc. IEEE Symp. Security and Privacy, 1997.
[16] S. Jajodia, P. Samarati, M. Sapino, and V. Subrahmanian, “Flexible Support for Multiple Access Control Policies,” ACM Trans. Databases Systems, vol. 26, pp. 214-260, 2001.
[17] T. Jaeger, X. Zhang, and J. Tidswell, “Policy Management Using Access Control Spaces,” ACM Trans. Information and System Security, vol. 6, pp. 327-364, 2003.
[18] B. Miller, F. Fredrikson, and B. So, “An Empirical Study of the Reliability of UNIX Utilities,” Comm. ACM, vol. 33, pp. 32-44, 1990.
[19] M. Murata, A. Tozawa, M. Kudo, and S. Hada, “XML Access Control Using Static Analysis,” Proc. ACM Conf. Computer and Comm. Security, pp. 73-84, 2003.
[20] An Introduction to Computer Security: the NIST Handbook (Special Publication 800-12), Nat'l Inst. of Standard and Technology, Technology Administration, US Dept. of Commerce, http://csrc.nist.gov/publications/nistpubs 800-12/, 2004.
[21] N. Qi, M. Kudo, “Access-Condition-Table-Driven Access Control for XML Databases,” Proc. European Symp. Research in Computer Security (ESORICS), 2004.
[22] S. Rizvi, A. Mendelzon, S. Sudarshan, and P. Roy, “Extending Query Rewriting Techniques for Fine-Grained Access Control,” Proc. ACM Conf. Management of Data, 2004.
[23] http://www.oasis-open.org/specsindex.php#samlv2.0 , 2004.
[24] H. Shen and P. Dewan, “Access Control for Collaborative Environments,” Proc. ACM Conf. Computer Supported Cooperative Work, pp. 51-58, 1992.
[25] B. Shah, A. Gummadi, J. Yoon, and V. Raghavan, “Efficient Dynamic Indexing and Retrieval of XML Documents Using Three-Dimensional Quasi-BitCube,” Proc. First Int'l Workshop High Performance XML Processing, 2004.
[26] T. vandenAkker, Q. Snell, and M. Clement, “The Guard Access Control Model: Set-Based Access Control,” Proc. Sixth ACM Symp. Access Control Models and Technologies, pp. 75-84, 2001.
[27] D. Wijesekera and S. Jajodia, “A Propositional Policy Algebra for Access Control,” ACM Trans. Information and System Security, vol. 6, pp. 286-325, 2003.
[28] M. Wu, “Query Optimization for Selections Using Bitmaps,” Proc. Int'l ACM SIGMOD Conf., pp. 227-238, 1999.
[29] http://www.oasis-open.org/specsindex.php#xacmlv1.0 , 2004.
[30] K. Yi, H. He, I. Stanoi, and J. Yang, “Incremental Maintenance of XML Structural Indexes,” Proc. ACM SIGMOD Int'l Conf. Management of Data, pp. 491-502, 2004.
[31] J. Yoon, “High-Speed Access Control for XML Documents— A Bitmap-Based Approach,” Proc. 17th Ann. IFIP 11.3 Working Conf. Database and Applications Security, 2003.

Index Terms:
Information security, authorization enforcement, bitmap indexing, XML access control.
Citation:
Jong P. Yoon, "Presto Authorization: A Bitmap Indexing Scheme for High-Speed Access Control to XML Documents," IEEE Transactions on Knowledge and Data Engineering, vol. 18, no. 7, pp. 971-987, July 2006, doi:10.1109/TKDE.2006.113
Usage of this product signifies your acceptance of the Terms of Use.