Abstract
We investigate the experimental effectiveness of query rewriting over XML security views. Our model consists of access control policies specified over DTDs with XPath expression for data-dependent access control policies. We provide the notion of security views for characterizing information accessible to authorized users. This is a transformed (sanitized) DTD schema that is used by users for query formulation. To avoid the overhead of view materialization in query answering, these queries later undergo rewriting so that they are valid over the original DTD schema, and thus the query answer is computed from the original XML data. We provide an algorithm for query rewriting and show its performance compared with the naive approach, i.e. the approach that requires view materialization.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
XMark – An XML Benchmark Project. http://monetdb.cwi.nl/xml/index.html
Anutariya, C., Chatvichienchai, S., Iwaihara, M., Wuwongse, V., Kambayashi, Y.: A rule-based XML access control model. In: RuleML, pp. 35–48 (2003)
Benedikt, M., Chan, C., Fan, W., Rastogi, R., Zheng, S., Zhou, A.: DTD-directed publishing with attribute translation grammars. In: Bressan, S., Chaudhri, A.B., Lee, M.L., Yu, J.X., Lacroix, Z. (eds.) CAiSE 2002 and VLDB 2002. LNCS, vol. 2590, Springer, Heidelberg (2003)
Bertino, E., Jajodia, S., Samarati, P.: A flexible authorization mechanism for relational data management systems. ACM Transactions on Information Systems (TOIS) 17(2), 101–140 (1999)
Bertino, E., Braun, M., Castano, S., Ferrari, E., Mesiti, M.: Author-X: A Java-based system for XML data protection. In: Proceedings of the IFIP TC11/ WG11.3 Fourteenth Annual Working Conference on Database Security, pp. 15–26. Kluwer Academic Publishers, B.V (2001)
Bertino, E., Ferrari, E.: Secure and selective dissemination of XML documents. ACM Transactions on Information and System Security (TISSEC) 5(3), 290–331 (2002)
Bouganim, L., Ngoc, F.D., Pucheral, P.: Client-based access control management for xml documents. In: Proceedings of the 30th Conference on Very Large Data Bases (VLDB 2004), pp. 84–95 (2004)
Boulahia-Cuppens, N., Cuppens, F., Gabillon, A., Yazdanian, K.: Multiview model for object-oriented database. In: Proceedings of the Annual Computer Security Applications Conference, pp. 222–231 (1993)
Cho, S., Amer-Yahia, S., Lakshmanan, L.V.S., Srivastava, D.: LockX: a system for efficiently querying secure XML. In: Proceedings of the 2003 ACM SIGMOD international conference on Management of data (SIGMOD 2003), pp. 669–669. ACM Press, San Diego, California (2003)
Cho, S., Amer-Yahia, S., Lakshmanan, L.V.S., Srivastava, D.: Optimizing the secure evaluation of twig queries. In: Bressan, S., Chaudhri, A.B., Lee, M.L., Yu, J.X., Lacroix, Z. (eds.) CAiSE 2002 and VLDB 2002. LNCS, vol. 2590, pp. 490–501. Springer, Heidelberg (2003)
Clark, J., DeRose, S.: XML path language (XPath) version 1.0. w3c recommendation (1999), http://www.w3.org/TR/xpath
Crampton, J.: Applying hierarchical and role-based access control to XML documents. In: Proceedings of ACM Workshop on Secure Web Services (SWS 2004), Fairfax, VA, USA, ACM Press, New York (2004)
Damiani, E., De Capitani di Vimercati, S., Paraboschi, S., Samarati, P.: A fine-grained access control system for XML documents. ACM Transactions on Information and System Security (TISSEC) 5(2), 169–202 (2002)
Fan, W., Chan, C.-Y., Garofalakis, M.: Secure XML querying with security views. In: Proceedings of the 2004 ACM SIGMOD International Conference on Management of Data (SIGMOD 2004), pp. 587–598. ACM Press, New York (2004)
Fan, W., Geerts, F., Jia, X., Kementsietsidis, A.: SMOQE: a system for providing secure access to XML. In: SMOQE: a system for providing secure access to XML. VLDB Endowment, pp. 1227–1230 (2006)
Gabillon, A., Bruno, E.: Regulating access to XML documents. In: Proceedings of the IFIP TC11/WG11.3 fifteenth annual working conference on Database and application security, Niagara, Ontario, Canada, pp. 299–314. Kluwer Academic Publishers, Dordrecht (2001)
Goel, S.K., Clifton, C., Rosenthal, A.: Derived access control specification for XML. In: Proceedings of the 2nd ACM Workshop On XML Security (XMLSEC 2003), pp. 1–14. ACM Press, New York (2003)
Gottlob, G., Koch, C., Pichler, R.: Efficient algorithm for processing XPath queries. In: Bressan, S., Chaudhri, A.B., Lee, M.L., Yu, J.X., Lacroix, Z. (eds.) CAiSE 2002 and VLDB 2002. LNCS, vol. 2590, Springer, Heidelberg (2003)
Gowadia, V., Farkas, C.: RDF metadata for XML access control. In: Proceedings of the 2nd ACM Workshop On XML Security (XMLSEC 2003), Fairfax, Virginia, pp. 39–48. ACM Press, New York (2003)
Jiang, M., Fu, A.W.-C.: Integration and efficient lookup of compressed XML accessibility maps. IEEE Transactions on Knowledge and Data Engineering (TKDE) 17(7), 939–953 (2005)
Kudo, M., Hada, S.: XML document security based on provisional authorization. In: Proceedings of the 7th ACM Conference on Computer and Communications Security (CCS 2000), pp. 87–96. ACM Press, New York (2000)
Kuper, G., Massacci, F., Rassadko, N.: Generalized XML security views. In: Proceedings of the tenth ACM symposium on Access control models and technologies (SACMAT 2005), pp. 77–84. ACM Press, New York (2005)
Lunt, T.F., Schell, R.R., Shockley, W.R., Heckman, M., Warren, D.: A near-term design for the SeaView multilevel database system. In: Proceedings of IEEE Symposium on on Security and Privasy (SSP-1988), pp. 234–244. IEEE Computer Society Press, Los Alamitos (1988)
Lunt, T.F., Denning, D.E., Schell, R.R., Heckman, M., Shockley, W.R.: The SeaView security model. IEEE Transactions on Software Engineering (TOSE) 16(6), 593–607 (1990)
Luo, B., Lee, D., Lee, W.-C., Liu, P.: QFilter: Fine-grained run-time XML access control via NFA-based query rewriting. In: Proceedings of the thirteenth ACM international conference on Information and knowledge management (CIKM 2004), pp. 543–552. ACM Press, New York (2004)
Miklau, G., Suciu, D.: Controlling access to published data using cryptography. In: Aberer, K., Koubarakis, M., Kalogeraki, V. (eds.) Databases, Information Systems, and Peer-to-Peer Computing. LNCS, vol. 2944, pp. 898–909. Springer, Heidelberg (2004)
Mohan, S., Sengupta, A., Wu, Y., Klinginsmith, J.: Access control for XML - a dynamic query rewriting approach. In: Proceedings of the 32th Conference on Very Large Data Bases (VLDB 2006). VLDB Endowment, Seoul, Korea, pp. 1–12 (2006)
Murata, M., Tozawa, A., Kudo, M., Hada, S.: XML access control using static analysis. In: Proceedings of the 10th ACM Conference on Computer and Communication Security (CCS 2003), pp. 73–84. ACM Press, New York (2003)
Qi, N., Kudo, M.: XML access control with policy matching tree. In: de Capitani di Vimercati, S., Syverson, P.F., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 3–23. Springer, Heidelberg (2005)
Qian, X.: View-based access control with high assurance. In: Proceedings of the 1996 IEEE Symposium on Security and Privacy (SP’96), Washington, DC, USA, p. 85. IEEE Computer Society Press, Los Alamitos (1996)
Rassadko, N.: Policy classes and query rewriting algorithm for XML security views. In: Damiani, E., Liu, P. (eds.) Data and Applications Security XX. LNCS, vol. 4127, pp. 104–118. Springer, Heidelberg (2006)
Stachour, P.D., Thuraisingham, B.: Design of LDV: A multilevel secure relational database management system. IEEE Transactions on Knowledge and Data Engineering (TKDE) 2(2), 190–209 (1990)
Stoica, A., Farkas, C.: Secure XML views. In: Proceedings of the 16th International Conference on Data and Applications Security (IFIP 2002). IFIP Conference Proceedings, vol. 256, pp. 133–146. Kluwer, Dordrecht (2002)
Wang, J., Osborn, S.L.: A role-based approach to access control for XML databases. In: Proceedings of the 9th ACM symposium on Access control models and technologies (SACMAT 2004), pp. 70–77. ACM Press, New York (2004)
Wilson, J.: Views as the security objects in a multilevel secure relational database management system. In: Proceedings of IEEE Symposium on Security and Privacy (SSP 1988), pp. 70–84. IEEE Computer Society Press, Los Alamitos (1988)
Yang, X., Li, C.: Secure XML publishing without information leakage in the presence of data inference. In: Proceedings of the 30th Conference on Very Large Data Bases (VLDB 2004), pp. 96–107 (2004)
Yu, T., Srivastava, D., Lakshmanan, L.V.S., Jagadish, H.V.: A compressed accessibility map for XML. ACM Transactions on Database Systems (TODS) 29(2), 363–402 (2004)
Zhang, H., Zhang, N., Salem, K., Zhuo, D.: Compact access control labeling for efficient secure XML query evaluation. In: Proceedings of the 21st International Conference on Data Engineering Workshops (ICDEW 2005), p. 1275 (2005)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Rassadko, N. (2007). Query Rewriting Algorithm Evaluation for XML Security Views. In: Jonker, W., Petković, M. (eds) Secure Data Management. SDM 2007. Lecture Notes in Computer Science, vol 4721. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-75248-6_5
Download citation
DOI: https://doi.org/10.1007/978-3-540-75248-6_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-75247-9
Online ISBN: 978-3-540-75248-6
eBook Packages: Computer ScienceComputer Science (R0)