Skip to main content
SpringerLink
Log in
Book cover

Workshop on Secure Data Management

SDM 2007: Secure Data Management pp 64–80Cite as

Query Rewriting Algorithm Evaluation for XML Security Views

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 4721))

Abstract

We investigate the experimental effectiveness of query rewriting over XML security views. Our model consists of access control policies specified over DTDs with XPath expression for data-dependent access control policies. We provide the notion of security views for characterizing information accessible to authorized users. This is a transformed (sanitized) DTD schema that is used by users for query formulation. To avoid the overhead of view materialization in query answering, these queries later undergo rewriting so that they are valid over the original DTD schema, and thus the query answer is computed from the original XML data. We provide an algorithm for query rewriting and show its performance compared with the naive approach, i.e. the approach that requires view materialization.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. XMark – An XML Benchmark Project. http://monetdb.cwi.nl/xml/index.html

  2. Anutariya, C., Chatvichienchai, S., Iwaihara, M., Wuwongse, V., Kambayashi, Y.: A rule-based XML access control model. In: RuleML, pp. 35–48 (2003)

    Google Scholar 

  3. Benedikt, M., Chan, C., Fan, W., Rastogi, R., Zheng, S., Zhou, A.: DTD-directed publishing with attribute translation grammars. In: Bressan, S., Chaudhri, A.B., Lee, M.L., Yu, J.X., Lacroix, Z. (eds.) CAiSE 2002 and VLDB 2002. LNCS, vol. 2590, Springer, Heidelberg (2003)

    Google Scholar 

  4. Bertino, E., Jajodia, S., Samarati, P.: A flexible authorization mechanism for relational data management systems. ACM Transactions on Information Systems (TOIS) 17(2), 101–140 (1999)

    Article  Google Scholar 

  5. Bertino, E., Braun, M., Castano, S., Ferrari, E., Mesiti, M.: Author-X: A Java-based system for XML data protection. In: Proceedings of the IFIP TC11/ WG11.3 Fourteenth Annual Working Conference on Database Security, pp. 15–26. Kluwer Academic Publishers, B.V (2001)

    Google Scholar 

  6. Bertino, E., Ferrari, E.: Secure and selective dissemination of XML documents. ACM Transactions on Information and System Security (TISSEC) 5(3), 290–331 (2002)

    Article  Google Scholar 

  7. Bouganim, L., Ngoc, F.D., Pucheral, P.: Client-based access control management for xml documents. In: Proceedings of the 30th Conference on Very Large Data Bases (VLDB 2004), pp. 84–95 (2004)

    Google Scholar 

  8. Boulahia-Cuppens, N., Cuppens, F., Gabillon, A., Yazdanian, K.: Multiview model for object-oriented database. In: Proceedings of the Annual Computer Security Applications Conference, pp. 222–231 (1993)

    Google Scholar 

  9. Cho, S., Amer-Yahia, S., Lakshmanan, L.V.S., Srivastava, D.: LockX: a system for efficiently querying secure XML. In: Proceedings of the 2003 ACM SIGMOD international conference on Management of data (SIGMOD 2003), pp. 669–669. ACM Press, San Diego, California (2003)

    Chapter  Google Scholar 

  10. Cho, S., Amer-Yahia, S., Lakshmanan, L.V.S., Srivastava, D.: Optimizing the secure evaluation of twig queries. In: Bressan, S., Chaudhri, A.B., Lee, M.L., Yu, J.X., Lacroix, Z. (eds.) CAiSE 2002 and VLDB 2002. LNCS, vol. 2590, pp. 490–501. Springer, Heidelberg (2003)

    Google Scholar 

  11. Clark, J., DeRose, S.: XML path language (XPath) version 1.0. w3c recommendation (1999), http://www.w3.org/TR/xpath

  12. Crampton, J.: Applying hierarchical and role-based access control to XML documents. In: Proceedings of ACM Workshop on Secure Web Services (SWS 2004), Fairfax, VA, USA, ACM Press, New York (2004)

    Google Scholar 

  13. Damiani, E., De Capitani di Vimercati, S., Paraboschi, S., Samarati, P.: A fine-grained access control system for XML documents. ACM Transactions on Information and System Security (TISSEC) 5(2), 169–202 (2002)

    Article  Google Scholar 

  14. Fan, W., Chan, C.-Y., Garofalakis, M.: Secure XML querying with security views. In: Proceedings of the 2004 ACM SIGMOD International Conference on Management of Data (SIGMOD 2004), pp. 587–598. ACM Press, New York (2004)

    Chapter  Google Scholar 

  15. Fan, W., Geerts, F., Jia, X., Kementsietsidis, A.: SMOQE: a system for providing secure access to XML. In: SMOQE: a system for providing secure access to XML. VLDB Endowment, pp. 1227–1230 (2006)

    Google Scholar 

  16. Gabillon, A., Bruno, E.: Regulating access to XML documents. In: Proceedings of the IFIP TC11/WG11.3 fifteenth annual working conference on Database and application security, Niagara, Ontario, Canada, pp. 299–314. Kluwer Academic Publishers, Dordrecht (2001)

    Google Scholar 

  17. Goel, S.K., Clifton, C., Rosenthal, A.: Derived access control specification for XML. In: Proceedings of the 2nd ACM Workshop On XML Security (XMLSEC 2003), pp. 1–14. ACM Press, New York (2003)

    Chapter  Google Scholar 

  18. Gottlob, G., Koch, C., Pichler, R.: Efficient algorithm for processing XPath queries. In: Bressan, S., Chaudhri, A.B., Lee, M.L., Yu, J.X., Lacroix, Z. (eds.) CAiSE 2002 and VLDB 2002. LNCS, vol. 2590, Springer, Heidelberg (2003)

    Google Scholar 

  19. Gowadia, V., Farkas, C.: RDF metadata for XML access control. In: Proceedings of the 2nd ACM Workshop On XML Security (XMLSEC 2003), Fairfax, Virginia, pp. 39–48. ACM Press, New York (2003)

    Chapter  Google Scholar 

  20. Jiang, M., Fu, A.W.-C.: Integration and efficient lookup of compressed XML accessibility maps. IEEE Transactions on Knowledge and Data Engineering (TKDE) 17(7), 939–953 (2005)

    Article  Google Scholar 

  21. Kudo, M., Hada, S.: XML document security based on provisional authorization. In: Proceedings of the 7th ACM Conference on Computer and Communications Security (CCS 2000), pp. 87–96. ACM Press, New York (2000)

    Chapter  Google Scholar 

  22. Kuper, G., Massacci, F., Rassadko, N.: Generalized XML security views. In: Proceedings of the tenth ACM symposium on Access control models and technologies (SACMAT 2005), pp. 77–84. ACM Press, New York (2005)

    Chapter  Google Scholar 

  23. Lunt, T.F., Schell, R.R., Shockley, W.R., Heckman, M., Warren, D.: A near-term design for the SeaView multilevel database system. In: Proceedings of IEEE Symposium on on Security and Privasy (SSP-1988), pp. 234–244. IEEE Computer Society Press, Los Alamitos (1988)

    Chapter  Google Scholar 

  24. Lunt, T.F., Denning, D.E., Schell, R.R., Heckman, M., Shockley, W.R.: The SeaView security model. IEEE Transactions on Software Engineering (TOSE) 16(6), 593–607 (1990)

    Article  Google Scholar 

  25. Luo, B., Lee, D., Lee, W.-C., Liu, P.: QFilter: Fine-grained run-time XML access control via NFA-based query rewriting. In: Proceedings of the thirteenth ACM international conference on Information and knowledge management (CIKM 2004), pp. 543–552. ACM Press, New York (2004)

    Chapter  Google Scholar 

  26. Miklau, G., Suciu, D.: Controlling access to published data using cryptography. In: Aberer, K., Koubarakis, M., Kalogeraki, V. (eds.) Databases, Information Systems, and Peer-to-Peer Computing. LNCS, vol. 2944, pp. 898–909. Springer, Heidelberg (2004)

    Google Scholar 

  27. Mohan, S., Sengupta, A., Wu, Y., Klinginsmith, J.: Access control for XML - a dynamic query rewriting approach. In: Proceedings of the 32th Conference on Very Large Data Bases (VLDB 2006). VLDB Endowment, Seoul, Korea, pp. 1–12 (2006)

    Google Scholar 

  28. Murata, M., Tozawa, A., Kudo, M., Hada, S.: XML access control using static analysis. In: Proceedings of the 10th ACM Conference on Computer and Communication Security (CCS 2003), pp. 73–84. ACM Press, New York (2003)

    Chapter  Google Scholar 

  29. Qi, N., Kudo, M.: XML access control with policy matching tree. In: de Capitani di Vimercati, S., Syverson, P.F., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 3–23. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  30. Qian, X.: View-based access control with high assurance. In: Proceedings of the 1996 IEEE Symposium on Security and Privacy (SP’96), Washington, DC, USA, p. 85. IEEE Computer Society Press, Los Alamitos (1996)

    Chapter  Google Scholar 

  31. Rassadko, N.: Policy classes and query rewriting algorithm for XML security views. In: Damiani, E., Liu, P. (eds.) Data and Applications Security XX. LNCS, vol. 4127, pp. 104–118. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  32. Stachour, P.D., Thuraisingham, B.: Design of LDV: A multilevel secure relational database management system. IEEE Transactions on Knowledge and Data Engineering (TKDE) 2(2), 190–209 (1990)

    Article  Google Scholar 

  33. Stoica, A., Farkas, C.: Secure XML views. In: Proceedings of the 16th International Conference on Data and Applications Security (IFIP 2002). IFIP Conference Proceedings, vol. 256, pp. 133–146. Kluwer, Dordrecht (2002)

    Google Scholar 

  34. Wang, J., Osborn, S.L.: A role-based approach to access control for XML databases. In: Proceedings of the 9th ACM symposium on Access control models and technologies (SACMAT 2004), pp. 70–77. ACM Press, New York (2004)

    Chapter  Google Scholar 

  35. Wilson, J.: Views as the security objects in a multilevel secure relational database management system. In: Proceedings of IEEE Symposium on Security and Privacy (SSP 1988), pp. 70–84. IEEE Computer Society Press, Los Alamitos (1988)

    Chapter  Google Scholar 

  36. Yang, X., Li, C.: Secure XML publishing without information leakage in the presence of data inference. In: Proceedings of the 30th Conference on Very Large Data Bases (VLDB 2004), pp. 96–107 (2004)

    Google Scholar 

  37. Yu, T., Srivastava, D., Lakshmanan, L.V.S., Jagadish, H.V.: A compressed accessibility map for XML. ACM Transactions on Database Systems (TODS) 29(2), 363–402 (2004)

    Article  Google Scholar 

  38. Zhang, H., Zhang, N., Salem, K., Zhuo, D.: Compact access control labeling for efficient secure XML query evaluation. In: Proceedings of the 21st International Conference on Data Engineering Workshops (ICDEW 2005), p. 1275 (2005)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. The University of Trento, via Sommarive 14, 38050 Povo(TN), Italy

    Nataliya Rassadko

Authors
  1. Nataliya Rassadko
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Willem Jonker Milan Petković

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Rassadko, N. (2007). Query Rewriting Algorithm Evaluation for XML Security Views. In: Jonker, W., Petković, M. (eds) Secure Data Management. SDM 2007. Lecture Notes in Computer Science, vol 4721. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-75248-6_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-75248-6_5

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-75247-9

  • Online ISBN: 978-3-540-75248-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation