A Rule-Based Relational XML Access Control Model in the Presence of Authorization Conflicts

TL;DR

This paper proposes a rule-based XML access control model for relational databases that handles fine-grained permissions and conflicts in hierarchical XML data, addressing a gap in existing models.

Contribution

It introduces a novel conflict handling mechanism with conditions for fine-grained XML authorization in relational databases.

Findings

Developed a rule-based model for conflict resolution.

Enhanced security by managing conflicting policies.

Addresses a gap in existing XML access control models.

Abstract

There is considerable amount of sensitive XML data stored in relational databases. It is a challenge to enforce node level fine-grained authorization policies for XML data stored in relational databases which typically support table and column level access control. Moreover, it is common to have conflicting authorization policies over the hierarchical nested structure of XML data. There are a couple of XML access control models for relational XML databases proposed in the literature. However, to our best knowledge, none of them discussed handling authorization conflicts with conditions in the domain of relational XML databases. Therefore, we believe that there is a need to define and incorporate effective fine-grained XML authorization models with conflict handling mechanisms in the presence of conditions into relational XML databases. We address this issue in this study.