We present the concepts of a simple security object and an association
security object. Our model allows us to express and enforce access
control on XML trees and their associations. In this paper we present
our experiences from the implementation of node and association level
access control in native XML database eXist. Our model performs
security checks at three stages: query pre-processing, query
evaluation and post query evaluation. We present results from
performance analysis tests that show our access control model is
scalable and introduces only marginal overhead. We also discuss
introduction of possible covert channels in implementation of XML
access control models and suggest solutions.