Pragmatic XML access control using off-the-shelf RDBMS

Research output: Chapter in Book/Report/Conference proceedingConference contribution

4 Scopus citations


As the XML model gets more popular, new needs arise to specify access control within XML model. Various XML access control models and enforcement methods have been proposed recently. However, by and large, these approaches either assume the support of security features from XML databases or use proprietary tools outside of databases. Since there are currently few commercial XML databases with such capabilities, the proposed approaches are not yet practical. Therefore, we explore the problem of "Is is possible to fully support XML access control in RDBMS?" We formalize XML and relational access control models using deep set operators. Then we show that the problem of XML AC atop RDBMS is amount to the problem of converting XML deep set operators into equivalent relational deep set operators. We show the conversion algebra and identify the properties to ensure the correct conversion. Finally, we present three practical implementations of XML access controls using off-the-shelf RDBMS and their performance results.

Original languageEnglish (US)
Title of host publicationComputer Security - ESORICS 2007 - 12th European Symposium on Research in Computer Security, Proceedings
PublisherSpringer Verlag
Number of pages17
ISBN (Print)9783540748342
StatePublished - 2007
Event12th European Symposium on Research in Computer Security, ESORICS 2007 - Dresden, Germany
Duration: Sep 24 2007Sep 26 2007

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume4734 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Other12th European Symposium on Research in Computer Security, ESORICS 2007

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • General Computer Science


Dive into the research topics of 'Pragmatic XML access control using off-the-shelf RDBMS'. Together they form a unique fingerprint.

Cite this