Popis: |
As a large quantity of information is presented in XML format on the Web, there are increasing demands for XML security. Until now, research on XML security has been focused on the security of data communication using digital signatures or encryption technologies. As XML is also used for a data representation of data storage, XML security comes to involve not only communication security but also managerial security. Managerial security is guaranteed through access control, but existing XML access control models consider only read queries. These models may make some problems when unauthorized users try to change XML documents or their structure. Therefore the access control of update queries must be executed correctly and efficiently as well as read queries. In this paper, we discuss an XML access control model and propose a technique that supports not only read operations but also update operations. We define new action types to systematically manage complex information of access right and to process various update queries in an efficient manner. Using these action types, the system can save memory and other system resources that are used in DOM-based DTD verification process, and shortens the overall steps of access control by filtering unnecessary queries out at the early stage. Although for read queries the proposed access control model introduces a minor overhead in determining action types, for update queries it shows better performance compared to existing access control models. |