HyXAC: Hybrid XML Access Control Integrating View-Based and Query-Rewriting Approaches

Abstract

With the increasing usage of XML on information sharing over the Internet, a mechanism for defining and enforcing XML access control is demanded, such that only authorized entities can access the sets of XML data that they are allowed to. The research interests in these areas have grown significantly in recent years. Various access control enforcement solutions have been proposed, each with its inherent advantages and disadvantages. Yet, there is still no solution that can provide superior performance in all situations. In this paper, we present HyXAC, a hybrid approach to enforce XML access control. HyXAC integrates the two most popular categories of XML access control enforcement mechanisms, and earns the benefits from both. In particular, HyXAC first preprocesses user queries by rewriting queries and removing parts violating access control rules, and evaluates the re-written queries using subviews, if they are available. In HyXAC, views are not defined on a per-role basis. Instead, a sub-view is defined for each access control rule, and roles sharing identical rules will share sub-views. Moreover, HyXAC dynamically allocates memory and secondary storage resources to materialize and cache sub-views to improve query performance. We have conducted extensive experiments, and the results show that HyXAC improves query processing efficiency while optimizes the use of system resources.