With XML becoming a promising standard for data storage, describing, transferring and exchanging information on the Internet, data security and privacy protection of XML become the focus of research in recent years. In order to achieve the authorization of legitimate user and ensure the secure access to sensitive information, in this paper, in the context of cloud storage, with the purpose of sharing sensitive XML information, a polynomial authorization scheme with Kerberos authentication was proposed, which was based on the users’ access purpose and privacy policy. In this scheme, first, Kerberos authentication was used to identify the user, and then the polynomial whose coefficients were from the leaf node address was used to complete the authorization of user. For the legitimate user, under the interaction of authorization polynomials and the global structure view, authorization matrix is generated dynamically, its temporary and dynamic characteristics greatly improves the security of the system. Finally, with the help of authorization matrix and auxiliary information tables, security queries were successfully completed. The experimental results show that the scheme not only effectively protects XML sensitive data, but also reduces the server’s storage pressure, at the same time it is beneficial to the rapid search and information positioning.

中文翻译：

---

基于Kerberos身份验证和多项式授权的XML安全保护方案

随着XML成为数据存储，在Internet上描述，传输和交换信息的有前途的标准，XML的数据安全性和隐私保护成为近年来研究的重点。为了实现对合法用户的授权并确保对敏感信息的安全访问，在云存储环境下，为了共享敏感的XML信息，提出了一种采用Kerberos身份验证的多项式授权方案。根据用户的访问目的和隐私政策。在该方案中，首先使用Kerberos身份验证来标识用户，然后使用系数来自叶节点地址的多项式来完成用户的授权。对于合法用户，在授权多项式和全局结构视图的交互作用下，授权矩阵是动态生成的，其临时性和动态性大大提高了系统的安全性。最后，借助授权矩阵和辅助信息表，安全查询成功完成。实验结果表明，该方案不仅可以有效保护XML敏感数据，而且可以减轻服务器的存储压力，同时有利于快速搜索和信息定位。