Gregory Leighton

Efficient incremental validation of XML documents after composite updates

We describe an efficient method for the incremental validation of XML documents after composite updates. We introduce the class of Bounded-Edit (BE) DTDs and XML Schemas, and give a simple incremental revalidation algorithm that yields optimal performance for them, in the sense that its time complexity is linear in the number of operations in the update. We give extensive experimental results showing that our algorithm exhibits excellent scalability. Finally, we provide a statistical analysis of over 250 DTDs and XML Schema specifications found on the Web, showing that over 99% of them are in fact in BE.

Parameterized Role-Based Access Control Policies for XML Documents

ABSTRACT Role-based access control policies (RBAC) are often used to provide access to fragments of static XML documents. Existing implementations of such RBACs often disseminate a single document encrypted with multiple cryptographic keys. However, most existing approaches are subject to role proliferation, especially in the case of large organizations where the number of defined roles may be several hundred. In such circumstances, correctly administering access control becomes much more difficult and error-prone. In this article, we present a novel approach to RBACs, which supports role parameterization to mitigate the potential of role proliferation. Our approach supports the association of specific user and/or session-specific credentials (i.e., parameters) with roles. We first define parameterized RBAC (PRABC), and then provide an algorithm for generating the minimal set of keys required to enforce a particular parameterized policy. We present another algorithm for efficiently encrypting an XML document in a single pass, using a technique that disguises the original structure of hidden subtrees. Finally, we include a key distribution algorithm that ensures each user receives only those keys that are needed for decrypting accessible fragments of the document. We analyze the complexity of our implementation and provide experiments to demonstrate its scalability.

Optimizing XML Compression

The eXtensible Markup Language (XML) provides a powerful and flexible means of encoding and exchanging data. As it turns out, its main advantage as an encoding format (namely, its requirement that all open and close markup tags are present and properly balanced) yields also one of its main disadvantages: verbosity. XML-conscious compression techniques seek to overcome this drawback. Many of these techniques first separate XML structure from the document content, and then compress each independently. Further compression gains can be realized by identifying and compressing together document content that is highly similar, thereby amortizing the storage costs of auxiliary information required by the chosen compression algorithm. Additionally, the proper choice of compression algorithm is an important factor not only for the achievable compression gain, but also for access performance. Hence, choosing a compression configuration that optimizes compression gain requires one to determine (1) a partitioning strategy for document content, and (2) the best available compression algorithm to apply to each set within this partition. In this paper, we show that finding an optimal compression configuration with respect to compression gain is an NP-hard optimization problem. This problem remains intractable even if one considers a single compression algorithm for all content. We also describe an approximation algorithm for selecting a partitioning strategy for document content based on the branch-and-bound paradigm.

Access Control Policy Translation, Verification, and Minimization within Heterogeneous Data Federations

Data federations provide seamless access to multiple heterogeneous and autonomous data sources pertaining to a large organization. As each source database defines its own access control policies for a set of local identities, enforcing such policies across the federation becomes a challenge. In this article, we first consider the problem of translating existing access control policies defined over source databases in a manner that allows the original semantics to be observed while becoming applicable across the entire data federation. We show that such a translation is always possible, and provide an algorithm for automating the translation. We show that verifying whether a translated policy obeys the semantics of the original access control policy defined over a source database is intractable, even under restrictive scenarios. We then describe a practical algorithmic framework for translating relational access control policies into their XML equivalent, expressed in the eXtensible Access Control Markup Language. Finally, we examine the difficulty of minimizing translated policies, and contribute a minimization algorithm applicable to nonrecursive translated policies.

Access control policy translation and verification within heterogeneous data federations

Data federations provide seamless access to multiple heterogeneous and autonomous data sources pertaining to a large organization. As each source database defines its own access control policies for a set of local identities, enforcing such policies across the federation becomes a challenge. In this paper, we first consider the problem of translating existing access control policies defined over source databases in a manner that allows the original semantics to be observed, while becoming applicable across the entire data federation. We show that such a translation is always possible, and provide an algorithm for automating the translation. We then show that verifying that a translated policy obeys the semantics of the original access control policy defined over a source database is intractable, even under restrictive scenarios. Finally, we describe a practical algorithmic framework for translating relational access control policies into their XML equivalent, expressed in the eXtensible Access Control Markup Language.

Preserving SQL access control policies over published XML data

Controlling access to data is of paramount importance to many database applications. In data integration and data interchange scenarios, relational data is published as XML, and it is natural to require that all existing access control policies defined over the relational data be completely -- and verifiably -- preserved over the XML representation. While many XML-specific access control models have been proposed, there currently is no automated method for converting an SQL access control policy to an equivalent policy in one of these models. Instead, the database administrator must carry out such translations manually, a tedious and error-prone process which can easily lead to the unintentional granting of user access to restricted data. This work seeks to develop such an automated solution, and to examine various related issues such as optimization and verification of generated XML access control policies.

Security issues in heterogeneous data federations

Data federations allow the contents of multiple source databases to be accessed in a consistent manner. Since each source database is typically administered independently, heterogeneity often results, both in terms of how data is represented (i.e., the database schema), and in how controlled access to data is regulated. Typically, each data source exports data in relational format where it is combined into a semi-structured representation (e.g., XML). In this thesis, we address two aspects of securing heterogeneous data federations. The first deals with the accurate translation of access control policies specified over source databases into a single, unified access control policy applicable to the wider data federation. Such a translation involves mapping each local identity to one or federated identities, and ensuring that the semantics of each original source policy are preserved (i.e., that no federated identity receives access to a larger region of federated data than intended by any source policy). We outline an efficient algorithm for automating policy translation. We also underscore the importance of automated translation methods by showing that in many realistic scenarios, verifying that a federated policy satisfies all source policies is intractable. Finally, we contribute an algorithm for minimizing the size of a translated policy. The second problem we address is the prevention of information disclosures at the federated level. A disclosure risk is present when a user is able to combine the result of one or more allowable queries (i.e., queries which are permitted under the federated access control policy) with prior background knowledge in order to obtain a sufficiently high certainty of the answer to a disallowed query. We classify potential disclosure risks based on whether they can be detected at database design-time, or only when the contents of the database are known. We also describe a new measure for evaluating the magnitude of instance-based disclosure risks at query-time. Finally, we discuss the implementation of a prototype system, and conduct experiments that demonstrate the effectiveness and scalability of the proposed solution.

Schema‐level access control policies for XML documents

Purpose – The purpose of this paper is to consider the secure publishing of XML documents, where a single copy of an XML document is disseminated and a stated role‐based access control policy (RBACP) is enforced via selective encryption. It describes a more efficient solution over previously proposed approaches, in which both policy specification and key generation are performed once, at the schema‐level. In lieu of the commonly used super‐encryption technique, in which nodes residing in the intersection of multiple roles are encrypted with multiple keys, it describes a new approach called multi‐encryption that guarantees each node is encrypted at most once.Design/methodology/approach – This paper describes two alternative algorithms for key generation and single‐pass algorithms for multi‐encrypting and decrypting a document. The solution typically results in a smaller number of keys being distributed to each user.Findings – The paper proves the correctness of the presented algorithms, and provides experi...