The erosion of trust put in traditional database servers and in Database Service Providers, the growing interest for different forms of data dissemination and the concern for protecting children from suspicious Internet content are different factors that lead to move the access control from servers to clients. Several encryption schemes can be used to serve this purpose but all suffer from a static way of sharing data. With the emergence of hardware and software security elements on client devices, more dynamic client-based access control schemes can be devised. This paper proposes an efficient client-based evaluator of access control rules for regulating access to XML documents. This evaluator takes benefit from a dedicated index to quickly converge towards the authorized parts of a – potentially streaming – document. Additional security mecanisms guarantee that prohibited data can never be disclosed during the processing and that the input document is protected from any form of tampering. Experiments on synthetic and real datasets demonstrate the effectiveness of the approach. 1.
|
2771
|
Introduction to Automata Theory, Languages and Computation
– Hopcroft, Ullman
- 1979
|
|
185
|
A certified digital signature
– Merkle
- 1990
|
|
102
|
Efficient filtering of XML documents with XPath expressions
– Chan, Felber, et al.
- 2002
|
|
101
|
Containment and equivalence for an XPath fragment
– Miklau, Suciu
|
|
97
|
Applied Cryptography, 2nd Edition
– Schneier
- 1996
|
|
84
|
Minimization of tree pattern queries
– Amer-Yahia, Cho, et al.
|
|
71
|
Executing SQL over encrypted data in the database service provider model
– Hacigumus, Iyer, et al.
- 2002
|
|
68
|
A Fine-Grained Access Control System for XML Documents
– Damiani, Vimercati, et al.
|
|
66
|
XML document security based on provisional authorization
– Kudo, Hada
|
|
65
|
Processing XML Streams with Deterministic Automata
– Green, Miklau, et al.
- 2003
|
|
64
|
PeerDB: A P2P-based system for Distributed Data Sharing
– Ng, Ooi, et al.
- 2003
|
|
55
|
XPath queries on streaming data
– Peng, Chawathe
- 2003
|
|
49
|
R.: XGRIND: A Query-Friendly XML Compressor
– Tolani, Haritsa
- 2002
|
|
42
|
Cryptographic solution to a problem of access control in a hierarchy
– Akl, Taylor
- 1983
|
|
38
|
Specifying and Enforcing Access Control Policies for XML Document Sources
– Bertino, Castano, et al.
|
|
33
|
Securing XML documents with Author-X
– Bertino, Castano, et al.
- 2001
|
|
31
|
Regulating access to XML documents
– Gabillon, Bruno
- 2001
|
|
25
|
Organization Based Access Control
– Kalam, Baida, et al.
- 2003
|
|
24
|
Optimizing the secure evaluation of twig queries
– Cho, Amer-Yahia, et al.
- 2002
|
|
20
|
Chip-Secured Data Access: Confidential Data on Untrusted Servers
– Bouganim, Pucheral
- 2002
|
|
15
|
High-Performance XML Filtering: An Overview of YFilter
– Diao, Franklin
- 2003
|
|
14
|
Controlling Access to Published Data Using Cryptography
– Miklau, Suciu
- 2003
|
|
11
|
Application of xml tools for enterprise-wide rbac implementation tasks
– Chandramouli
- 2000
|
|
11
|
Cryptography and relational database management systems
– He, Wang
|
|
10
|
A cryptographic solution to implement access control in a hierarchy and more
– Ray, Ray, et al.
- 2002
|
|
9
|
GnatDb: A Small-Footprint, Secure Database System
– Vingralek
- 2002
|
|
2
|
Efficient Query Evaluation over Compressed Data
– Arion, Bonifati, et al.
- 2004
|
|
1
|
Optimizing the secure evaluation of twig queries - VLDB
– Cho, Amer-Yahia, et al.
- 2002
|
|
1
|
Haritsa - XGRIND: A Query-Friendly XML
– Tolani, J
- 2002
|
|
1
|
JMangler team: JMangler homepage (http://javalab.cs.uni-bonn.de/research/jmangler
– unknown authors
- 2002
|
