| "Database as a Service"architecture for data publishing today is receiving growing attention, due to their scalability properties and the ability of efficiently managing large numbers of users and great amounts of data. An important issue in this architecture is the data privacy. There is thus the need for models and mechanisms enabling the specification and enforcement of access control policies for data which is XML documents in our context and for mechanisms guaranteeing data privacy during the process of storing, transmitting and query processing.The paper makes several contributions to the problems of data privacy in this architecture. First, the UP-RBAC (User Profile Supported Role-Based Access Control) Model is presented to manage the access control for XML documents, which support fine-grained protection levels, schema-based and content-based access control and dynamically assigning user to roles based on a finite set of rules defined by the enterprise, which take into consideration the user profile and any constraints set forth by the enterprise's security policy. Second, to guarantee the data privacy, an approach based on the use of encryption and Merkle hash tree techniques is proposed. In particular, we show that, by encrypting different portions of the same document with different encryption keys which be implied by different access control policies, only the user with appropriate keys can get access to the corresponding portions of documents; by inserting in the query response one Merkle hash value generated by the owner and some other hash values, a user is able to locally verify the authenticity of the query response. |
PDF Full Text Request