| As the eXtensible Markup Language (XML) has emerged as the de facto standard for storing and exchanging information in the Internet Age, the needs for efficient yet secure access of XML data naturally arise. It becomes increasingly important to be able to tailor information in XML data for various users and applications, while preserving confidentiality. In this dissertation, we ask how fine-grained XML access control can be supported when underlying (XML or relational) DBMS does not provide any security features for XML data.;We first present deep set operators for XML as an extension of conventional set operators, and use them to algebraically describe XML access control. We introduce a general framework to capture design principles and operations of existing XML access control mechanisms across centralized and distributed environments.;In the native XML environment (XDB), we advocate an efficient, view-free, Non-deterministic Finite Automata (NFA) based access control enforcement mechanism, called QFilter. It supports fine-grained XML access control and works independently from the underlying XML engine, thus provides great exibility. In RDBMS-supported XML database systems (XRDB), we first introduce object and operation equivalency as a bridge between relational and XML data models. Then we present theoretical results on how one can (or cannot) support fine-grained XML access control using relational access control features. We also show implementation choices and the required security features from underlying RDBMS. Finally, we implement our approach and exhibit its superior performance against native XML DBMS. |
