Font Size: a A A

Research On XML Database Access Control Techniques

Posted on:2009-10-04Degree:DoctorType:Dissertation
Country:ChinaCandidate:X B FengFull Text:PDF
GTID:1118360275470872Subject:Information security
Abstract/Summary:PDF Full Text Request
Since released by W3C, XML has been widely used in many fields for its semi-structure, flexibility, extensibility. With the speedy development of the INTERNET and the rapid explosion of the information, XML has become prevalent in data exchange and data storage, and the XML database security has been an urgent research topic. Until now, many research works have been done on the XML access control, which obtain many achievements. However, some important issues are still left unsolved and further researches should be done.The security of XML database is much more concerned in information sensitive environment such as government, military, etc, which demands the highest levels of security. The B3 or higher level of"military computer security evaluation criteria"requires that"the TCB is structured to exclude code not essential to security policy enforcement, and minimize its complexity."Based on the kernelized atchitecture, an access control model for XML multilevel database is proposed, whose TCB can meet the requirements of high security levels for its independent and simplificity. By investigating the multilevel integrity property of XML, an integrity based approach of decomposition and recovery of XML database is proposed, which is entity-integrity-preserving. The syntax rule of main operations for fragemented XML databse is proposed, and model's security is proved conforming to the confidential policy of"Read-down and Write-up".The trusted subject architecture relay on DBMS itself to enforce access control on database objects, whose complexity often lead more security problems and require more cautious security policy consideration. One vulnerable of XML database is that there may result in covert chnnel when deleting node. Some researchers proposed a"strict-read-down"policy to maintain availability of multilevel XML databse. Unfortunately, the"strict-read-down"could be vulnerable by the"third participant's convert channel"discovered by this paper. In order to avoid covert channels (including the third participant's) and preserve availability, a"delayed-removing"mechanism is proposed. The entity integrity property of the delayed node and the operation syntax rule for XML multilevel database is proposed. The security of the syntax rule is proved to be non-inferference which means that the operation of higher user is invisible to lower user.Integrity is one of principles that information security must maintain. Untill now few research work on the database integrity has been done for the complexity of database object relationship. An access control model which can maintain the confidential and integrity of XML database is proposed in this paper. By analyzing the requirement of XPath, XML hierarchical constraint and key constraint for integrity is pointed out, the syntax rule for operations of XML database is proposed, and an extension of Biba integrity model onto XML database is made. A definition of XML database supporting integrity label and multilevel label is provided, the syntax of operations of XML database is further analyzed to maintain both confidentiality and integrity of XML database.The widely spreading of network technology especially the INTERNET raises the security demand for multi-domain environments. The IRBAC 2000 model provides a solution for role translation foreign domain into local domain. The paper focuses the confliction in role translation of IRBAC 2000 by analyzing the source of confliction and further proposing policies to minimize the confliction and the security risks. A formal definition of conflict is made and the detection algorithm is proposed and tested. The policy based on the separation of duty is proposed to eliminate the conflict. The XML based implementation is also discussed at the final.
Keywords/Search Tags:XML, Multilevel security, Covert channel, Integrity, IRBAC
PDF Full Text Request
Related items