| XML access control is an important technology to ensure XML security. In order to provide an effective solution of access control for the XML data stored in the database, a technology for XML access control executed in the relation database has been researched, including architecture design, information input and access-contol rule operation. And an XML Access Control Subsystem has been implemented based on the DaMeng relation database system.After analyzing architectures of three different approaches of XML access control and making reference to the architectures of existing models, the architecture of the XML Access Control Subsystem in DaMeng database has been designed. The subsystem is implemented in the core of the database. When the database has finished the XML query but dosen't return the result to the users, the subsystem checks every node in the result using the access-control rules, which are set based on DTD, and only returns the nodes qualified the rules to the users. In this way, the access control of XML data takes effect. In order to put the XML and related DTD information into the database, an algorithm called Synchronous Traversing has been designed for maintaining the corresponding relationship between the XML node and related DTD node, and an algorithm called Sequence-number Pair Generating has been designed for maintaining the relationship between the nodes in the same file. The Synchronous Traversing algorithm is used when put the XML data into the database. It traverses both the XML tree and the related DTD tree in preorder at the same time in a synchronous pace, and records every XML node and related DTD node. In this way, it can maintain the corresponding relationship between the XML node and related DTD node. The Sequence-number Pair Generating algorithm is also used during the process inputting the data. It traverses the tree in preorder and generates a sequence-number pair (prefix, suffix) for each node it visits.The sequence-number pair varies from node to node. So it can be used to differentiate the nodes in the tree and the structure of the tree. In this way, it can maintains the relationship between the nodes in the same file.As to the operation of the access-control rules, a new algorithm is proposed. The new algorithm uses the rules to build a list according to nodes'prefixes. If two or more rules in the list relate to the same node, they are compared according to the the rules'priorities. Only the most effective rule can remains in the list.The experimental results obtained from the tests show that the XML Access Control Subsystem of the DaMeng relation database system can accomplish the task of XML access control effectively. |
PDF Full Text Request