An Approach of Query Request Authorization Process for the Access Control System to XML Documents

摘要

Access control is one of the fundamental security mechanisms in information systems. When a multi-user system uses XML documents as data storage, the need of access control to XML documents arises. Due to the hierarchical structure, XML access control is finegrained in nature. For this criterion, instead of controlling access to the whole XML document, it is possible to limit user access to substructures of the document. One of the key problems on which XML access control is centered is to find techniques for efficient enforcement of access control policy over XML data, thus user access authorization. In general, XML access control model uses XPath expressions for specifying the substructure of the document to define policy. Authorization process needs to find the substructure which is referring from the policy in order to evaluate user access to requested data. Thus, authorization process needs to access the data file every time user requests access to data. Evaluating concurrent requests on large data slow down the data access process especially on the Internet where large number of user accesses at any given time is very common. In this paper, we use classification of user requests and the user policy, and compare them to get the authorization result. Our experiment shows that the process significantly minimizes the need of data access in the process of evaluating user access.