In-broker Access Control for Information Brokerage Systems

An XML brokerage system is a distributed XML database system that comprises data sources and brokers which, respectively, hold XML documents and document distribution information. Databases can be queried through brokers with no schema-relevant or geographical difference being noticed. However, all...

Full description

Saved in:
Bibliographic Details
Main Authors: LI, Fengjun, LUO, Bo, LIU, Peng, LEE, Dongwon, Mitra, Prasenjit, LEE, Wang-Chien, CHU, Chao-Hsien
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2007
Subjects:
XML
Online Access:https://ink.library.smu.edu.sg/sis_research/1783
http://www.asmemesa.org/ezconf/IJICS/issue.php?id=16
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
Description
Summary:An XML brokerage system is a distributed XML database system that comprises data sources and brokers which, respectively, hold XML documents and document distribution information. Databases can be queried through brokers with no schema-relevant or geographical difference being noticed. However, all existing information brokerage systems view or handle query brokering and access control as two orthogonal issues: query brokering is a system issue that concerns costs and performance, while access control is a security issue that concerns information confidentiality. As a result, access control deployment strategies (in terms of where and when to do access control) and the impact of such strategies on end-to-end system performance are neglected by existing information brokerage systems. In addition, data source side access control deployment is taken-for-granted as the ``right'' thing to do. In this paper, we challenge this traditional, taken-for-granted access control deployment methodology, and we show that query brokering and access control are {\bf not} two orthogonal issues because access control deployment strategies can have significant impact on the ``whole'' system's end-to-end performance. We propose the first in-broker access control deployment strategy where access control is ``pushed'' from the boundary into the ``heart'' of the information brokerage system. We design and evaluate the in-broker access control scheme for information brokerage systems. Our experimental results indicate that information brokerage system builders should treat access control as a system issue as well.