Secure XML Views

Stoica, Andrei G.; Farkas, Csilla

doi:10.1007/978-0-387-35697-6_11

Cited by 38 publications

(43 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In [29], a security view is defined from a DTD specifying nodes accessible by the user. This framework has been widely studied from both the theoretical and practical angle [12,19,13,27,34,28,14].…”

Section: Annotated Dtdsmentioning

confidence: 99%

Static analysis of XML security views and query rewriting

Groz

Staworko

Caron

et al. 2014

Information and Computation

View full text Add to dashboard Cite

In this paper, we revisit the view based security framework for XML without imposing any of the previously considered restrictions on the class of queries, the class of DTDs, and the type of annotations used to define the view. First, we study query rewriting with views when the classes used to defined queries and views are Regular XPath and MSO. Next, we investigate problems of static analysis of security access specifications (SAS): we introduce the novel class of interval-bounded SAS and we define three different manners to compare views (i.e. on queries), with a security point of view. We provide a systematic study of the complexity for deciding these three comparisons, when the depth of the XML documents is bounded, when the document may have an arbitrary depth but the queries defining the views are restricted to guarantee the interval-bounded property, and in the general setting without restriction on queries and document.

show abstract

Section: Annotated Dtdsmentioning

confidence: 99%

Static analysis of XML security views and query rewriting

Groz

Staworko

Caron

et al. 2014

Information and Computation

View full text Add to dashboard Cite

show abstract

“…Two main approaches have been suggested in the literature: view materialization [7,8,9,10,11,12] and query transformation [13]. Most proposals are actually based on view materialization.…”

Section: Related Workmentioning

confidence: 99%

fQuery: SPARQL Query Rewriting to Enforce Data Confidentiality

Oulmakhzoune¹,

Cuppens-Boulahia²,

Cuppens³

et al. 2010

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. RDF is an increasingly used framework for describing Web resources, including sensitive and confidential resources. In this context, we need an expressive language to query RDF databases. SPARQL has been defined to easily localize and extract data in an RDF graph. Since confidential data are accessed, SPARQL queries must be filtered so that only authorized data are returned with respect to some confidentiality policy. In this paper, we model a confidentiality policy as a set of positive and negative filters (corresponding respectively to permissions and prohibitions) that apply to SPARQL queries. We then define rewriting algorithms that transform the queries so that the results returned by transformed queries are compliant with the confidentiality policy.

show abstract

“…In the last few years, several XML access control models have been proposed (after the initial proposal appeared in [1], refinements were described in [2], [22], [18], [6], [13], [17]) which use access policies to compute secure views on XML data sets. These models addressed issues like granularity of access, access-control inheritance, overriding, and conflict resolution.…”

Section: Related Workmentioning

confidence: 99%

A general approach to securely querying XML

Damiani

Fansi

Gabillon

et al. 2008

Computer Standards & Interfaces

View full text Add to dashboard Cite

Access control models for XML data can be classified in two major categories: node filtering and query rewriting systems. The first category includes approaches that use access policies to compute secure user views on XML data sets. User queries are then evaluated on those views. In the second category of approaches, authorization rules are used to transform user queries to be evaluated against the original XML dataset. The aim of this paper is to describe a model combining the advantages of these approaches and overcoming their limitations. The model specification is given using a Finite State Automata, ensuring generality and easiness of standardization w.r.t. specific implementation techniques

show abstract

Secure XML Views

Cited by 38 publications

References 11 publications

Static analysis of XML security views and query rewriting

Static analysis of XML security views and query rewriting

fQuery: SPARQL Query Rewriting to Enforce Data Confidentiality

A general approach to securely querying XML

Contact Info

Product

Resources

About