| XML access control is an important technology to ensure XML security. In order to provide an effective solution of mandatory access control for the XML documents stored in XML database, after analyzing the shortcomings of the existing fine-Grained mandatory access control models for XML documents and making reference to architectures of existing XML access control systems, the architecture of the XML flexible mandatory access control system has been designed. After that we implement our own XML flexible mandatory access control system.In order to address the requirements from a variety of application domains, creating security policy according to application's requirements by system security official is allowed in our system. This system is based on XML schema technology that is more powerful than DTD. Label can be propagated from XML schema document to XML instance documents. The label conflict resolution policies are also given to assure every element in XML documents has only one label.Our system mainly include policy manage module, policy service module and query dealt module. Policy manage module mainly create and organize security policy. Policy service module mainly assign label to subjects and objects according to the security policy. Query dealt module mainly prevent user accessing the information he/she has no right to know. The technology of dynamical query modification has been adopted, this can solve the problem that the user maybe use query statement with conditions to deduce some information he/she has no right to know, which can cause information leaking. When the database has executed the modified query statement but doesn't return the result to user, our system checks every node in the result, and only returns the nodes qualified security policy to the user.The experimental results obtained from the tests show that our system can accomplish the task of XML mandatory access control effectively. |
PDF Full Text Request