A Static Analysis Using Tree Automata for XML Access Control

Yagi, Isao; Takata, Yoshiaki; Seki, Hiroyuki

doi:10.1007/11562948_19

Isao Yagi¹⁸,
Yoshiaki Takata¹⁸ &
Hiroyuki Seki¹⁸

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 3707))

Included in the following conference series:

International Symposium on Automated Technology for Verification and Analysis

482 Accesses
1 Citations

Abstract

Recently, an access control for XML database is one of the key issues in database security. Given an access control policy and a query expression, static analysis determines whether the query does not access any elements nor attributes that are prohibited by the access control policies. In a related work, policies and queries were modeled as regular sets of paths in trees. However, this model loses information on the structure of the trees, and some policies cannot be represented by the model accurately. In this paper, we propose a formal model for access control of XML databases and provide a static analysis method based on tree automata theory. Both an access control policy and a query are modeled as tree automata, and a policy is provided with two alternative semantics; AND-semantics and OR-semantics. We investigate the computational complexity of the static analysis problem, and show that the problem in AND-semantics is solvable in square time while the problem in OR-semantics is EXPTIME-complete.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Bertino, E., Castano, S., Ferrari, E., Mesiti, M.: Author-X: A Java-based system for XML data protection, IFIP WG 11.3 Working Conf on Database Security (2000)
Google Scholar
Boag, S., Chamberlin, D., Fernandez, M.F., Florescu, D., Robie, J., Simeon, J.: XQuery 1.0: An XML query language. W3C working draft (August 16, 2002), http://www.w3.org/TR/xquery/
Clark, J., DeRose, S.: XML Path Language (XPath) version 1.0. W3C Recommendation (1999), http://www.w3.org/TR/xpath
Clarke, E.M., Grumberg, O., Peled, D.: Model Checking. MIT Press, Cambridge (2000)
Google Scholar
Comon, H., Dauchet, M., Gilleron, R., Jacquemard, F., Lugiez, D., Tison, S., Tommasi, M.: Tree Automata Techniques and Applications (1997), http://www.grappa.univ-lille3.fr/tata
Damiani, E., di Vimercati, S.D.C., Paraboschi, S., Samarati, P.: Securing XML documents. In: Zaniolo, C., Grust, T., Scholl, M.H., Lockemann, P.C. (eds.) EDBT 2000. LNCS, vol. 1777, pp. 121–135. Springer, Heidelberg (2000)
Chapter Google Scholar
Esparza, J., Hansel, D., Rossmanith, P., Schwoon, S.: Efficient algorithms for model-checking pushdown systems. In: Emerson, E.A., Sistla, A.P. (eds.) CAV 2000. LNCS, vol. 1855, pp. 232–247. Springer, Heidelberg (2000)
Chapter Google Scholar
Hopcroft, J., Motwani, R., Ullman, J.: Introduction to Automata Theory, Languages, and Computation. Addison-Wesley, Reading (2000)
Google Scholar
Koch, M., Mancini, L., Parisi-Presicce, F.: Conflict detection and resolution in access control policy specifications. In: Nielsen, M., Engberg, U. (eds.) FOSSACS 2002. LNCS, vol. 2303, pp. 223–237. Springer, Heidelberg (2002)
Chapter Google Scholar
Kudo, M., Harada, S.: XML document security based on provisional authorization. In: 7th ACM CCS, pp. 87–96 (2001)
Google Scholar
Lupu, E.C., Sloman, M.: Conflicts in policy-based distributed systems management. IEEE Trans. on Software Eng. 25(6), 852–869 (1999)
Article Google Scholar
Mayr, R.: Process Rewrite System. Inform. & Comput. 156, 264–286 (1999)
Article MathSciNet Google Scholar
Murata, M., Lee, D., Mani, M.: Taxonomy of XML schema languages using formal language theory. ACM Trans. on Internet Technology 5(4) (2005), http://www.cs.wpi.edu/~mmani/publications.html
Murata, M., Tozawa, A., Kudo, M.: XML access control using static analysis. In: ACM CCS 2003, pp. 73–84 (2003)
Google Scholar
Neven, F.: Automata theory for XML researchers. SIGMOD Record 31(3), 39–46 (2002)
Article Google Scholar
Nitta, N., Takata, Y., Seki, H.: An efficient security verification method for programs with stack inspection. In: 8th ACM CCS, pp. 68–77 (2001)
Google Scholar

Download references

Author information

Authors and Affiliations

Graduate School of Information Science, Nara Institute of Science and technology,
Isao Yagi, Yoshiaki Takata & Hiroyuki Seki

Authors

Isao Yagi
View author publications
You can also search for this author in PubMed Google Scholar
Yoshiaki Takata
View author publications
You can also search for this author in PubMed Google Scholar
Hiroyuki Seki
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Department of Computer Science, Bar Ilan University, 52900, Ramat Gan, Israel
Doron A. Peled
Department of Information Management, National Taiwan University, Taiwan
Yih-Kuen Tsay

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Yagi, I., Takata, Y., Seki, H. (2005). A Static Analysis Using Tree Automata for XML Access Control. In: Peled, D.A., Tsay, YK. (eds) Automated Technology for Verification and Analysis. ATVA 2005. Lecture Notes in Computer Science, vol 3707. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11562948_19

Download citation

DOI: https://doi.org/10.1007/11562948_19
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-29209-8
Online ISBN: 978-3-540-31969-6
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics