Secure XML querying with security views

Abstract: The prevalent use of XML highlights the need for a generic, flexible access-control mechanism for XML documents that supports efficient and secure query access, without revealing sensitive information to unauthorized users. This paper introduces a novel paradigm for specifying XML security constraints and investigates the enforcement of such constraints during XML query evaluation. Our approach is based on the novel concept of security views, which provide for each user group (a) an XML view consisting of all … Show more

“…This framework has been widely studied from both the theoretical and practical angle [12,19,13,27,34,28,14].…”

“…The rewriting technique for downward queries [12] relies on the knowledge of the DTD. Our rewriting method works independently of the DTD.…”

“…Previous research often imposed various restrictions on these two parameters in order to facilitate the tasks relevant to the framework. For instance, taking the class of downward XPath queries allows to use the knowledge of the document DTD to benefit the query rewriting [12]. The task can be further simplified if the node accessibility is downward closed i.e., all descendants of an inaccessible node are inaccessible as well [2].…”

“…The task can be further simplified if the node accessibility is downward closed i.e., all descendants of an inaccessible node are inaccessible as well [2]. For similar reasons, in some works only non-recursive DTDs are considered [12,27].…”

“…Recall that in the case of the standard XPath queries [12], there are queries that cannot be rewritten, because the language is not powerful enough to capture node accessibility, and consequently, various restrictions need to be employed. Our work shows that both X Reg and MSO enjoy the closure on rewriting under views.…”

Static analysis of XML security views and query rewriting

“…This framework has been widely studied from both the theoretical and practical angle [12,19,13,27,34,28,14].…”

“…The rewriting technique for downward queries [12] relies on the knowledge of the DTD. Our rewriting method works independently of the DTD.…”

“…Previous research often imposed various restrictions on these two parameters in order to facilitate the tasks relevant to the framework. For instance, taking the class of downward XPath queries allows to use the knowledge of the document DTD to benefit the query rewriting [12]. The task can be further simplified if the node accessibility is downward closed i.e., all descendants of an inaccessible node are inaccessible as well [2].…”

“…The task can be further simplified if the node accessibility is downward closed i.e., all descendants of an inaccessible node are inaccessible as well [2]. For similar reasons, in some works only non-recursive DTDs are considered [12,27].…”

“…Recall that in the case of the standard XPath queries [12], there are queries that cannot be rewritten, because the language is not powerful enough to capture node accessibility, and consequently, various restrictions need to be employed. Our work shows that both X Reg and MSO enjoy the closure on rewriting under views.…”

Static analysis of XML security views and query rewriting

Detecting Privacy Violations in Sensitive XML Databases

Protection of Relationships in XML Documents with the XML-BB Model