Research Of XML Access Control Model Based On Security View

XML is a new technology for information exchange, storage and retrieval. And its sensitive information should be protected by some mechanisms. Access control is one of the mechanisms. Researches related to fine-grained XML control model are the most. Access control based on security view are most front and successful, which can properly solve the problem of structure leak and inference using constraints. With the purpose of implementing flexible, secure and effective model, research into access control of XML document based on security view is comprehensively conducted in this paper. Some main results of this paper are as follows.1. As a core subclass of XQuery, XPath plays a crucial role in the process of standard XML query and XML security policy specification. However, as the contents of the new recommend XPath 2.0 standard are too bigger, a key ,typical but simplified subclass is chosen .And a concise, rigorous method described by formal method are present by this paper.2. Propose a perfected RBAC model base on XML, model extend the XPath expression with involvement of parameter function which enable the allocation of privileges more flexible, model divide the role into several hierarchy,divide the role to public privileges and private privileges, which can further reach minimum principle and enhance the security of the model.3. After deep research and analysis into the methods of XML access control, combined with perfected RBAC model based on XML in 2 and fine-grained access control model based on security view as core,this paper proposes a multiply-grained access control model SV-XAC with general management function, presents an overall framework figure and DTD description of the model. Combined with conventional XML access control policy based on security view and the definition of privilege class in RBAC model, the paper also raises a definition of new comprehensive security policy,which is compatible to SV-XAC,then elaborates file-level and node-level access control mothed in SV-XAC model, and finally describes how to achieve the algorithm related to SV-XAC model.