The project has produced an array of results
for effectively preventing inappropriate disclosure of sensitive
and confidential information of XML data, without incurring
any drastic degradation in either performance or functionality
for the underlying XML query-execution engine. The key findings
include the following.
(1) An access control model for XML data stored in either its native
format or in relational databases. The model supports (a) an expressive
language for specifying access-control policies, (b) a novel notion
of security views characterising all and only the information that
a user group is authorised to access, (c) techniques for deriving
security views from access control policies for XML data, and
(d) a novel form of transducers for generating security views from
XML data stored in relations.
(2) Query rewriting and optimisation algorithms for enforcing XML
security without extra costs of materialising and maintaining views.
The algorithms support XPath, a widely used XML query language,
for XML data stored in its native format or in relations.
(3) Effective techniques for supporting updates to XML data
via security views, for XML data stored in its native format
or in relations.
(4) Fundamental results and techniques for reasoning about
the validity and consistency of access control specifications for
(5) A functional prototype system, SMOQE, for providing
access control for XML data.
The results were reported in 18 publications in journals
and international database conferences, including top-ranked
computer science journals (J. ACM, SICOMP, TODS) and
first-tier database conferences (SIGMOD, PODS, VLDB, ICDE).
The system was demonstrated at VLDB 2006, a leading all-around
international database conference.