Article

Secure XML querying with security views

Authors:
Wenfei Fan

University of Edinburgh & Bell Laboratories

University of Edinburgh & Bell Laboratories
View Profile

,
Chee-Yong Chan

National University of Singapore

National University of Singapore
View Profile

,
Minos Garofalakis

Bell Laboratories

Bell Laboratories
View Profile

SIGMOD '04: Proceedings of the 2004 ACM SIGMOD international conference on Management of dataJune 2004Pages 587–598https://doi.org/10.1145/1007568.1007634

Published:13 June 2004Publication History

SIGMOD '04: Proceedings of the 2004 ACM SIGMOD international conference on Management of data

Pages 587–598

ABSTRACT

The prevalent use of XML highlights the need for a generic, flexible access-control mechanism for XML documents that supports efficient and secure query access, without revealing sensitive information unauthorized users. This paper introduces a novel paradigm for specifying XML security constraints and investigates the enforcement of such constraints during XML query evaluation. Our approach is based on the novel concept of security views, which provide for each user group (a) an XML view consisting of all and only the information that the users are authorized to access, and (b) a view DTD that the XML view conforms to. Security views effectively protect sensitive data from access and potential inferences by unauthorized user, and provide authorized users with necessary schema information to facilitate effective query formulation and optimization. We propose an efficient algorithm for deriving security view definitions from security policies (defined on the original document DTD) for different user groups. We also develop novel algorithms for XPath query rewriting and optimization such that queries over security views can be efficiently answered without materializing the views. Our algorithms transform a query over a security view to an equivalent query over the original document, and effectively prune query nodes by exploiting the structural properties of the document DTD in conjunction with approximate XPath containment tests. Our work is the first to study a flexible, DTD-based access-control model for XML and its implications on the XML query-execution engine. Furthermore, it is among the first efforts for query rewriting and optimization in the presence of general DTDs for a rich a class of XPath queries. An empirical study based on real-life DTDs verifies the effectiveness of our approach.

References

S. Abiteboul, P. Buneman, and D. Suciu. Data on Web. From Relations to Semistructured Data and XML. Morgan Kaufman. 2000.]] Google ScholarDigital Library
S. Amer-Yahia, S. Cho, L. V. S. Lakshmanan, and D. Srivastava. Minimization of tree pattern queries. In SIGMOD, 2001.]] Google ScholarDigital Library
E. Bertino and E. Ferrari. Secure and selective dissemination of XML documents. TISSEC, 5(3):290--331, 2002.]] Google ScholarDigital Library
T. Bray, J. Paoli, and C. M. Sperberg-McQueen. Extensible Markup Language (XML) 1.0 W3C Recommendation, Feb. 1998.]]Google Scholar
S. Castano, M. G. Fugini, G. Martella, and P. Samarati. "Database Security". Addison-Wesley. 1995.]] Google ScholarDigital Library
S. Cho, S. Amer-Yahia, L. Lakshmanan, and D. Srivastava. Optimizing the secure evaluation of twig queries. In VLDB, 2002.]]Google ScholarDigital Library
J. Clark and S. DeRose. XML Path Languages (XPath). W3C Working Draft, Nov. 1999.]]Google Scholar
E. Damiani, S. di Vimercati, S. Paraboschi, and P. Samarati. Securing XML documents. In EDBT, 2000.]] Google ScholarDigital Library
E. Damiani S. di Vemercati, S. Paraboschi, and P. Samarati. A fine-grained access control system for XML documents TISSEC, 5(2):169--202, 2002.]] Google ScholarDigital Library
A. Deutsch. L. Popa, and V. Tannen. Physical data independence, constraints, and optimization with universal plans. In VLDB, 1999.]] Google ScholarDigital Library
A. Deutsch and V. Tannen. Reformulation of XML queries and constraints. in ICDT, 2003]] Google ScholarDigital Library
A. Diaz and D. Lovell, XML generator, 1999.]]Google Scholar
M. F. Fernandez, Y. Kadiyska, D. S. A. Morishima, and W. Tan. SilkRoute: A framework for publishing relational data in XML. TODS, 27(4):438--493, 2002.]] Google ScholarDigital Library
M. F. Fernandez and D. Suciu. Optimizing regular path expressions using graph schemas. In ICDE, 1998.]] Google ScholarDigital Library
G, Gottlob, C. Koch, and R, Pichler, Efficient algorithms for processing XPath queries. In VLDB, 2002.]]Google Scholar
S. Hada and M. Kudo. XML access control language: Provisional authorization for XML documents. http://www.trl.ibm.com/projects/xml/xacl/xacl-spec.html.]]Google Scholar
C. Koch. XML Task Force, 2003.]]Google Scholar
G. Miklau and D. Suciu. Containment and equivalence of XPath expressions. In PODS, 2002.]] Google ScholarDigital Library
G. Miklau and D. Suciu. controlling access to published data using cryptography. In VLDB, 2003.]]Google ScholarDigital Library
R. Milner. "Communication and Concurrency". Prentice Hall (Intl. Series in Computer Science), 1989.]] Google ScholarDigital Library
T. Milo and D. Suciu. Index structures for path expressions. In ICDT, 1999.]] Google ScholarDigital Library
M. Murata, A. Tozawa, M. Kudo, and S. Hada. XML access control using static analysis. In CCS, 2003.]] Google ScholarDigital Library
NAA Classified advertising standard task force. Adex DTD, 1999.]]Google Scholar
F. Neven and T. Schwentick. XPath containment in the presence of disjunction, DTDs, and variables, In ICDT, 2003.]] Google ScholarDigital Library
Oasis. eXtensible Access Control Markup Language (XACML). http://www.oasis-open.org/committees/xcaml.]]Google Scholar
Y. Papakonstantinou and V. Vassalos. Query rewriting for semistructured data. In SIGMOD, 1999.]] Google ScholarDigital Library
P. Ramanan. Efficient algorithms for minimizing tree pattern queries. In SIGMOD, 2002.]] Google ScholarDigital Library
T., Asano, K. Hori, T. Ono, and T. Hirata, A theoretical framework of hybrid approaches to MAX SAT. In Proc. 8th Ann. Int. Symp. on Algorithms and Computation., 1997.]] Google ScholarDigital Library

Secure XML querying with security views

Recommendations

Generalized XML security views
SACMAT '05: Proceedings of the tenth ACM symposium on Access control models and technologies

We investigate a generalization of the notion of XML security view introduced by Stoica and Farkas [17] and later refined by Fan et al. [8]. The model consists of access control policies specified over DTDs with XPath expression for data-dependent ...
Read More
Secure querying of recursive XML views: a standard xpath-based technique
WWW '12 Companion: Proceedings of the 21st International Conference on World Wide Web

Most state-of-the art approaches for securing XML documents allow users to access data only through authorized views defined by annotating an XML grammar (e.g. DTD) with a collection of XPath expressions. To prevent improperdisclosure of confidential ...
Read More
Updating XML views and querying XML views with update syntax

XML has become a standard medium for data exchange, and XML views are frequently used as an interface to relational database and XML data. Although building and querying XML views have received extensive attention, updating XML views is less studied. In ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
SIGMOD '04: Proceedings of the 2004 ACM SIGMOD international conference on Management of data
June 2004
988 pages
ISBN:1581138598
DOI:10.1145/1007568
Conference Chairs:
Arnd Christian König
Microsoft Research
,
Stefan Dessloch
University of Kaiserslautern, Germany
,
General Chair:
Patrick Valduriez
INRIA, France
,
Program Chair:
Gerhard Weikum
University of the Saarland
Copyright © 2004 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 13 June 2004
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Qualifiers
- Article
Conference

Acceptance Rates
Overall Acceptance Rate785of4,003submissions,20%
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 160
  Total Citations
  View Citations
- 1,648
  Total Downloads
- Downloads (Last 12 months)12
- Downloads (Last 6 weeks)2
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Secure XML querying with security views

SIGMOD '04: Proceedings of the 2004 ACM SIGMOD international conference on Management of data

ABSTRACT

References

Cited By

Recommendations

Generalized XML security views

Secure querying of recursive XML views: a standard xpath-based technique

Updating XML views and querying XML views with update syntax