Fansheng Kong

2005-01-01

Abstract:This paper describes a model of accessing object-relational data in object-relational database based on XML document,which has so many advantages such as opening,extending and replicating and can be used in exchanging and sharing data between heterogeneous systems.In the last,the paper gives an instance implementing the model in Oracle 9i and.NET(development) environment.

Di Wu,Xiyuan Chen,Jian Lin,Miaoliang Zhu

DOI: https://doi.org/10.1007/11836025_19

2006-01-01

Abstract:Today, the formulation, specification, and verification of adequate data protection policies in open distributed environment appear as the main challenge to address concerning authorization Role-based access control models have attracted considerable research interest in recent years due to their innate ability to model organizational structure and their potential to reduce administrative overheads This paper proposes ontology specification to describe Role-based Access Control model and extend it with a general context expression Based on these definitions, the specification for interoperation in distributed environment is introduced The works include a definition of ontology to describe the concepts and a declaration of rules to explicit the relationship between concepts The ontology based approach can express security policy with semantic information and provide a machine interpretation for descriptions of policy in open distributed environment.

Xiyuan Chen,Miaoliang Zhu

DOI: https://doi.org/10.4028/www.scientific.net/kem.439-440.178

2010-01-01

Abstract:Semantic; Trust Management; RBAC; User-role Assignment Abstract. The application of RBAC in access management of the enterprise services and resources is very widely. With phenomenal growth of information interaction and cooperation between distributed systems, the number of users can be in the hundreds of thousands or millions. This renders manual user-to-role assignment a formidable task. In this paper, we propose a semantic and trust based framework to automatically assign users to roles based on a finite set of assignment rules defined by authorized people in the enterprise. These rules take into consideration the attributes users own and any constraints set forth by the enterprise including the assignment history and the credit of the requester. We choose OWL to specify the user attributes.

Shao-hua TANG

DOI: https://doi.org/10.3969/j.issn.1000-1220.2005.03.025

2005-01-01

Abstract:An authorization and access control model for XML documents is proposed in this paper. The model consists of subject, object, security rules and access control algorithm. The subject is the user or the user group. The object is the protected object. The security rules are used to specify the users privileges to the XML document. The access control algorithm is used to conduct XML document protection according to the security rules. The protection objects of our model can the schema of the XML documents or the instance of the schema. The protection granularity specified by the security rules can be based on document tree structure or based on content. Some concepts, such as authorization conflict, are explained, and the conflict resolution strategy based on the highest priority principle in proposed, which is effective and makes the semantics of authorization rules unique. The access control algorithm is implemented in Java, and SOAP is adopted as communication mechanism, which makes it easier to integrate with other systems. XML is widely used in e-business, so the model in this paper will surely have considerable significant on e-business.

L Feng,T Dillon,H Weigand,E Chang

DOI: https://doi.org/10.1007/978-3-540-45227-0_10

2003-01-01

Abstract:With the sheer amount of data stored, presented and exchanged using XML nowadays, the ability to extract knowledge from XML data sources becomes increasingly important and desirable. This paper aims to integrate the newly emerging XML technology with data mining technology, using association rule mining as a case in point. Compared with traditional association mining in the well-structured world (e.g., relational databases), mining from XML data is faced with more challenges due to the inherent flexibilities of XML in both structure and semantics. The primary challenges include 1) a more complicated hierarchical data structure; 2) an ordered data context; and 3) a much bigger data size. To tackle these challenges, in this paper, we propose an extended XML-enabled association rule framework, which is flexible and powerful enough to represent both simple and complex structured association relationships inherent in XML data.

Wei Sun,Da-xin Liu,Tong Wang

DOI: https://doi.org/10.1007/11610496_109

2006-01-01

Abstract:XML becomes a standard format for data interchanges on Internet, especially in E-commerce. Although XML technology has been widely used, the research and development on XML security is still at the early stage. The control of XML access is important for protecting XML documents from being illegally modified or accessed. Most of available models utilize a single level check point. In this paper, we proposed an access control model with dual level access control: file-level and element-level (or attribute-level). The model allows adopt the XBLP policy with file-level security, while employs Hide-Node View for element-level security. The architecture framework of the access control model and implementation are briefly described.

Wei Sun,Da-xin Liu,Tong Wang

DOI: https://doi.org/10.1007/11599517_64

2005-01-01

Abstract:As large corporations and organizations increasingly exploit the Internet as a means of improving business-transaction efficiency and productivity, it is increasingly common to find operational data and other business information in XML format. Access control for XML database is non-trivial subjects. A number of recent research efforts have considered access control models for XML data[1−5]. Our first contribution is a novel model for specifying XML security access control. Given an XML document accompanied by a document DTD, we allow a two-stage access control policies to pledge to security access XML document at file-level and element-level respectively. On the element-level access control, our approach for these access control policies is based on the novel notion of hide-node views. While the hide-node view DTD is exposed to authorized users, neither the internal XPath annotations nor the full document DTD is visible. Authorized users can only operate data over the hide-node view, making use of the exposed view DTD to access data. Our hide-node view mechanism guarantees that unauthorized user cannot access sensitive data and protects the schema information from access by unauthorized users. We think that the schema information also is sensitive data and should be protected from gain through the data accessing.

FU Yisheng,YUE Lihua,CAI Rongfeng,JIN Peiquan

DOI: https://doi.org/10.3969/j.issn.1000-3428.2007.07.020

2007-01-01

Abstract:This paper proposes an extensible mapping rule model to make up for the deficiency of conflict resolution only by mapping to global ontology in ontology-based XML data integration systems.Based on this model,a conflict resolution algorithm is given to solve the problem of incorrect result from interoperations among local data sources,such as joint operation and unification of query results from heterogeneous data sources.

Tao Peng,Jiang Minghua,Hu Ming

2008-01-01

Abstract:Nowaday, the status of XML as a standard for storing and exchanging data in Internet and XML documents is becoming a de facto standard for storing and exchanging information. So, access control of XML documents is a key in network environment. In this paper, we propose an approach that exploits the semantics associated with subject and information in XML documents to facilitate automatic access control policies while resource sharing occurs among coalition members. Our approach relies on identifying the necessary attributes required by users to gain access to specific XML documents information. Specifically, it consists of extracting user attribute sets that semantically mach with the attributes of the information in XML documents. This relies on a closer examination of why a user is assigned a specific role.

Tian-lei Hu,Gang Chen

DOI: https://doi.org/10.1631/jzus.a0720103

2008-01-01

Abstract:Storing and querying XML (eXtensible Markup Language) data in relational form can exploit various services offered by modern relational database management systems (RDBMSs). Due to structural complexity of XML, there are many equivalent relational mapping schemes for the same XML data and queries. In this paper, we propose the adaptive XML to relational mapping (AX2RM) system, which considers finding optimal XML to relational (X2R) mapping as four separate but correlated procedures: logical database design, data scale estimation, workload transformation, and physical database design. We view the whole process as an autonomic computing problem and formalize the adaptive X2R mapping problem. Search spaces for each procedure are investigated individually, and five approaches for finding the optimal mapping are studied. We propose an integrated approach with greedy pruning (IT-GP), which views the mapping procedures as a whole and exploits heuristic rules in each procedure to prune impossible mappings as early as possible. Evaluation of these approaches shows the validity and high efficiency of IT-GP.

Li Lan,Dan Feng

2004-01-01

Journal of Software

Abstract:Information stored in XML documents should be protected by access control policy. Current access control models for XML documents are all based on DAC (discretionary access control) or RBAC (role-based access control). High security system uses MAC (mandatory access control) to secure information in system. XML document model is extended to include label information in this paper, and some rules that the extended model has to satisfy with are presented. Fine-grained MAC model for XML documents is described in detail by discussing four operations on XML documents. The fine-grained MAC model is based on XML schema, and its finest granularity of access control is element or attribute. The architecture and some mechanisms used to implement the fine-grained MAC model are discussed too.

Ping-ping ZHOU,Tian-fang YAO

DOI: https://doi.org/10.3969/j.issn.1007-757X.2009.05.003

2009-01-01

Abstract:It is very meaningful to store the XML document in relational database because of index、storage and query of relational database are well-developed.But many complicated problems appear in the process of storage because of the unmatching between the complicated hierarchical structure of XML document and the flat structure of relational database.Beginning from the background applied above,this paper addresses a general relational schema based on model mapping and Nested Sets Model which is called General Relational XML Model.After analyzing of the validity and performance of the system in various scenes,we can draw the conclusion that the middleware can implements efficient storage for XML document in relational schema and satisfy the querying request.

Zhikun ZHANG,Jianguo XIAO,Xiangning KONG

DOI: https://doi.org/10.4156/jnit.vol2.issue1.3

2011-01-01

Journal of Next Generation Information Technology

Abstract:With concern of the current research results as well as the features of the demands for access control of the Web-based application system,the authors propose a context constraint access control theory model on the level of standard reference model,from the perspective of flexibility,generality,and feasibility,and elaborate on the theory of this model and the architecture of access control system.Then the authors give the description and modeling of the access control policy and defines the entities and relations in the model by using a XML-based policy specification grammar called X-Grammar.Finally the overall function description and structure design is given,and an engineering method to elicit and define context constraints is raised.

DeQiang Wang,Feng Xu,Bing Mao,Li Xie

2004-01-01

Abstract:Proposed in this paper is a new algorithm of access control labeling on an XML document based on the authorization-tree. The algorithm improves the performance effectively through avoiding matching authorizations, solving the authorization conflict and labeling at every node of the XML-tree. Meanwhile, a flexible and user-configurable mode of solving the authorization conflict is proposed. And the mode is integrated into the authorization-tree algorithm seamlessly.

R. Rajugan,Elizabeth Chang,Tharam S. Dillon,Ling Feng

DOI: https://doi.org/10.1007/11568322_6

2005-01-01

Abstract:Since the early software models, abstraction and conceptual semantics have proven their importance in software engineering methodologies. For example, Object-Oriented conceptual modeling offers the power in describing and modeling real-world data semantics and their inter-relationships in a form that is precise and comprehensible to users. Conversely, XML is becoming the dominant standard for storing, describing and interchanging data among various Enterprises Information Systems and databases. With the increased reliance on such self-describing, schema-based, semi-structured data language/(s), there exists a requirement to model, design, and manipulate XML data and associated semantics at a higher level of abstraction than at the instance level. But, existing Object-Oriented conceptual modeling languages provide insufficient modeling constructs for utilizing XML schema like data descriptions and constraints, and most semi-structured schema languages lack the ability to provide higher levels of abstraction (such as conceptual models) that are easily understood by humans. To this end, it is interesting to investigate conceptual and schema formalisms as a means of providing higher level semantics in the context of XML-related data engineering. In this paper, we use XML view as a case in point and present a three-layered view model with illustrated examples taken from a real-world application domain. We focus on conceptual and schema view definitions, view constraints, and the conceptual query operators.

肖灵,李斓,李建华

DOI: https://doi.org/10.3969/j.issn.1009-2552.2010.01.001

2010-01-01

Abstract:The prevalent use of XML highlights the need for a flexible,fine-grained access-control mechanism for XML documents.View is an efficient way to achieve fine-grained access control.And RBAC is a flexible and effective access control method.This paper introduces the design of authorization based on Schema and the definition of XML Schema view.An algorithm for deriving XML Schema view is proposed.The structure of access control based on XML Schema view is proposed too.

Ling Feng

DOI: https://doi.org/10.4018/978-1-60566-010-3.ch324

2009-01-01

Abstract:The discovery of association rules from large amounts of structured or semi-structured data is an important data mining problem [Agrawal et al. 1993, Agrawal and Srikant 1994, Miyahara et al. 2001, Termier et al. 2002, Braga et al. 2002, Cong et al. 2002, Braga et al. 2003, Xiao et al. 2003, Maruyama and Uehara 2000, Wang and Liu 2000]. It has crucial applications in decision support and marketing strategy. The most prototypical application of association rules is market basket analysis using transaction databases from supermarkets. These databases contain sales transaction records, each of which details items bought by a customer in the transaction. Mining association rules is the process of discovering knowledge such as “80% of customers who bought diapers also bought beer, and 35% of customers bought both diapers and beer”, which can be expressed as “diaper ? beer” (35%, 80%), where 80% is the confidence level of the rule, and 35% is the support level of the rule indicating how frequently the customers bought both diapers and beer. In general, an association rule takes the form X ? Y (s, c), where X and Y are sets of items, and s and c are support and confidence, respectively. In the XML Era, mining association rules is confronted with more challenges than in the traditional well-structured world due to the inherent flexibilities of XML in both structure and semantics [Feng and Dillon 2005]. First, XML data has a more complex hierarchical structure than a database record. Second, elements in XML data have contextual positions, which thus carry the order notion. Third, XML data appears to be much bigger than traditional data. To address these challenges, the classic association rule mining framework originating with transactional databases needs to be re-examined.

Ling Feng,Tharam Dillon

2004-01-01

Abstract:XML-enabled association rule framework (8) extends the no- tion of associated items to XML fragments to present associations among trees rather than simple-structured items of atomic values. They are more ∞exible and powerful in representing both simple and complex structured association relationships inherent in XML data. Compared with traditional association mining in the well-structured world, min- ing from XML data, however, is confronted with more challenges due to the inherent ∞exibilities of XML in both structure and semantics. The primary challenges include 1) a more complicated hierarchical data structure; 2) an ordered data context; and 3) a much bigger data size. In order to make XML-enabled association rule mining truly practical and computationally tractable, in this study, we present a template model to help users specify the interesting XML-enabled associations to be mined. Techniques for template-guided mining of association rules from large XML data are also described in the paper. We demonstrate the efiectiveness of these techniques through a set of experiments on both synthetic and real-life data.

Chen-hua Ma,Guo-dong Lu,Jiong Qiu

DOI: https://doi.org/10.1631/jzus.c0910564

2010-01-01

Journal of Zhejiang University SCIENCE C

Abstract:Collaborative access control is receiving growing attention in both military and commercial areas due to an urgent need to protect confidential resources and sensitive tasks. Collaborative access control means that multiple subjects should participate to make access control decisions to prevent fraud or the abuse of rights. Existing approaches to access control cannot satisfy the requirements of collaborative access control. To address this concern, we propose an authorization model for collaborative access control. The central notions of the model are collaborative permission, collaboration constraint, and collaborative authorization policy, which make it possible to define the collaboration among multiple subjects involved in gaining a permission. The implementation architecture of the model is also provided. Furthermore, we present effective conflict detection and resolution methods for maintaining the consistency of collaborative authorization policies.

Tao Peng,Minghua Jiang,Ming Hu

DOI: https://doi.org/10.1109/iih-msp.2008.310

2008-01-01

Abstract:In a dynamic coalition environment, organizations should be able to exercise their own local fine-grained access control policies while sharing resources with external entities. At the same time, the status of XML as a standard for storing and exchanging data in Internet and XML documents is becoming a de facto standard for storing and exchanging information. So, access control of XML documents is a key in dynamic coalition environment. In this paper, we propose an approach that exploits the semantics associated with subject and information in XML documents to facilitate automatic access control policies while resource sharing occurs among coalition members. Our approach relies on identifying the necessary attributes required by users to gain access to specific XML documents information. Specifically, it consists of extracting user attribute sets that semantically mach with the attributes of the information in XML documents. This relies on a closer examination of why a user is assigned a specific role.