Skip to main content

XML Security Views Revisited

  • Conference paper
Database Programming Languages (DBPL 2009)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 5708))

Included in the following conference series:

Abstract

In this paper, we revisit the view based security framework for XML without imposing any of the previously considered restrictions on the class of queries, the class of DTDs, and the type of annotations used to define the view. First, we show that the full class of Regular XPath queries is closed under query rewriting. Next, we address the problem of constructing a DTD that describes the view schema, which in general needs not be regular. We propose three different methods of approximating the view schema and we show that the produced DTDs are indistinguishable from the exact schema (with queries from a class specific for each method). Finally, we investigate problems of static analysis of security access specifications.

This work was partially supported by the Enumeration project ANR-07-blanc-.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Benedikt, M., Fundulaki, I.: XML subtree queries: Specification and composition. In: Bierman, G., Koch, C. (eds.) DBPL 2005. LNCS, vol. 3774, pp. 138–153. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  2. Courcelle, B.: On constructing obstruction sets of words. Bulletin of the EATCS 44, 178–186 (1991)

    MATH  Google Scholar 

  3. Fan, W., Chan, C.-Y., Garofalakis, M.N.: Secure XML querying with security views. In: ACM SIGMOD International Conference on Management of Data, pp. 587–598 (2004)

    Google Scholar 

  4. Fan, W., Geerts, F., Jia, X., Kementsietsidis, A.: SMOQE: A system for providing secure access to XML. In: International Conference on Very Large Data Bases (VLDB), pp. 1227–1230. ACM, New York (2006)

    Google Scholar 

  5. Fan, W., Geerts, F., Jia, X., Kementsietsidis, A.: Rewriting regular XPath queries on XML views. In: International Conference on Data Engineering (ICDE), pp. 666–675 (2007)

    Google Scholar 

  6. Fan, W., Yu, J.X., Li, J., Ding, B., Qin, L.: Query translation from XPath to SQL in the presence of recursive DTDs. VLDB Journal (to appear, 2009)

    Google Scholar 

  7. Goldstine, J.: A simplified proof of Parikh’s theorem. Discrete Mathematics 19(3), 235–239 (1977)

    Article  MathSciNet  MATH  Google Scholar 

  8. Greibach, S.A.: A note on undecidable properties of formal languages. Mathematical Systems Theory 2(1), 1–6 (1968)

    Article  MathSciNet  MATH  Google Scholar 

  9. Kuper, G., Massacci, F., Rassadko, N.: Generalized XML security views. In: ACM Symposium on Access Control Models and Technologies (SACMAT), pp. 77–84. ACM, New York (2005)

    Google Scholar 

  10. Libkin, L., Sirangelo, C.: Reasoning about XML with temporal logics and automata. In: Cervesato, I., Veith, H., Voronkov, A. (eds.) LPAR 2008. LNCS, vol. 5330, pp. 97–112. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  11. Martens, W., Neven, F., Schwentick, T.: Complexity of decision problems for simple regular expressions. In: Fiala, J., Koubek, V., Kratochvíl, J. (eds.) MFCS 2004. LNCS, vol. 3153, pp. 889–900. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  12. Martens, W., Neven, F., Schwentick, T., Bex, G.J.: Expressiveness and complexity of XML schema. ACM Transactions on Database Systems (TODS) 31(3), 770–813 (2006)

    Article  Google Scholar 

  13. Marx, M.: XPath with conditional axis relations. In: Bertino, E., Christodoulakis, S., Plexousakis, D., Christophides, V., Koubarakis, M., Böhm, K., Ferrari, E. (eds.) EDBT 2004. LNCS, vol. 2992, pp. 477–494. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  14. Neven, F., Schwentick, T.: XPath containment in the presence of disjunction, DTDs, and variables. In: Calvanese, D., Lenzerini, M., Motwani, R. (eds.) ICDT 2003. LNCS, vol. 2572, pp. 312–326. Springer, Heidelberg (2002)

    Google Scholar 

  15. Papakonstantinou, Y., Vianu, V.: DTD inference for views of XML data. In: ACM Symposium on Principles of Database Systems (PODS), pp. 35–46 (2000)

    Google Scholar 

  16. Parikh, R.J.: On context-free languages. Journal of the ACM 13(4), 570–581 (1966)

    Article  MathSciNet  MATH  Google Scholar 

  17. Rassadko, N.: Policy classes and query rewriting algorithm for XML security views. In: Damiani, E., Liu, P. (eds.) Data and Applications Security 2006. LNCS, vol. 4127, pp. 104–118. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  18. Rassadko, N.: Query rewriting algorithm evaluation for XML security views. In: Jonker, W., Petković, M. (eds.) SDM 2007. LNCS, vol. 4721, pp. 64–80. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  19. Stoica, A., Farkas, C.: Secure XML views. In: IFIP WG 11.3 International Conference on Data and Applications Security, pp. 133–146. Kluwer, Dordrecht (2002)

    Google Scholar 

  20. Szymanski, T.G., Williams, J.H.: Non-canonical parsing. In: 14th Annual Symposium on Foundations of Computer Science, pp. 122–129. IEEE, Los Alamitos (1973)

    Google Scholar 

  21. ten Cate, B., Segoufin, L.: XPath, transitive closure logic, and nested tree walking automata. In: ACM Symposium on Principles of Database Systems (PODS), pp. 251–260 (2008)

    Google Scholar 

  22. Vercammen, R., Hidders, J., Paredaens, J.: Query translation for XPath-based security views. In: Grust, T., Höpfner, H., Illarramendi, A., Jablonski, S., Mesiti, M., Müller, S., Patranjan, P.-L., Sattler, K.-U., Spiliopoulou, M., Wijsen, J. (eds.) EDBT 2006. LNCS, vol. 4254, pp. 250–263. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Groz, B., Staworko, S., Caron, AC., Roos, Y., Tison, S. (2009). XML Security Views Revisited . In: Gardner, P., Geerts, F. (eds) Database Programming Languages. DBPL 2009. Lecture Notes in Computer Science, vol 5708. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-03793-1_4

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-03793-1_4

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-03792-4

  • Online ISBN: 978-3-642-03793-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics