Skip to main content
SpringerLink
Log in

Efficient Querying of XML Data Through Arbitrary Security Views

  • Chapter
  • First Online:
Transactions on Large-Scale Data- and Knowledge-Centered Systems XXII

Part of the book series: Lecture Notes in Computer Science ((TLDKS,volume 9430))

  • 428 Accesses

Abstract

We study the problem of querying virtual security views of XML data that has received a great attention during the past years. A major concern here is that user XPath queries posed on recursive views cannot be rewritten to be evaluated on the underlying XML data. Existing rewriting solutions are based on the non-standard language, “Regular XPath”, which makes rewriting possible under recursion. However, query rewriting under Regular XPath can be of exponential size. We show that query rewriting is always possible for arbitrary security views (recursive or not) by using only the expressive power of the standard XPath. We propose a more expressive language to specify XML access control policies as well as an efficient algorithm to enforce such policies. Finally, we present our system, called SVMAX, that implements our solutions and we show that it scales well through an extensive experimental study based on real-life DTD.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    The original name is the DMP, that refers in French to “Dossier Médical Personnel”.

  2. 2.

    Available at: http://www.hl7standards.com/.

  3. 3.

    A recursive schema has at least an element defined (in)directly in terms of itself.

  4. 4.

    Paths composed by only inaccessible nodes.

  5. 5.

    This fragment is more used both in practice and in theory, and several theoretical results have been found around this fragment [29, 30].

  6. 6.

    We recall that indices in our examples of XML trees are used to distinguish between elements of the same type, e.g. \(course_1\) and \(course_2\). Moreover, because of space limitation we focus only on some nodes while \(\bigtriangleup \) denotes the remaining ones.

  7. 7.

    This translation is necessary only if the views of the data are virtual, i.e. not materialized.

  8. 8.

    A security view is recursive if it is defined over a recursive DTD.

  9. 9.

    According to [44], this may happen when the required treatment is outside the area of expertise of the current responsible doctor.

  10. 10.

    We use ancestors(n) to refer to all ancestors of the node n.

  11. 11.

    For \(\alpha _{i}\in \{\downarrow ^{+},\downarrow ^{*}\}\), \(\alpha ^{-1}_{i}\)=\(\uparrow ^{+}\) if \(\alpha _i\)=\(\downarrow ^{+}\) and \(\uparrow ^{*}\) otherwise.

  12. 12.

    This is still an ongoing work: we deal only with simple kinds of DTDs and update operations, however, the global case is part of our perspective.

  13. 13.

    It is undecidable in general to find a regular solution for a context-free grammar.

  14. 14.

    Genealogy Markup Language: http://xml.coverpages.org/gedml-dtd9808.txt.

  15. 15.

    The size of an XPath expression is the occurrence number of all its element types, \(*\)-labels, and text() functions.

  16. 16.

    In the following figures, the numbers of queried nodes are depicted at the middle.

  17. 17.

    Note that no tool exists in practice to evaluate Regular XPath queries.

References

  1. Robie, J., Chamberlin, D., Dyck, M., Florescu, D., Melton, J., Siméon, J.: Extensible Markup Language (XML) 1.0 (Fifth Edition). W3C Recommendation (2008). http://www.w3.org/TR/2008/REC-xml-20081126/

  2. Bray, T., Paoli, J., Sperberg-McQueen, C.M., Maler, E., Yergeau, F., Cowan, J.: Extensible Markup Language (XML) 1.1 (Second Edition). W3C Recommendation (2006). http://www.w3.org/TR/2006/REC-xml11-20060816/

  3. Amavi, J., Chabin, J., Halfeld-Ferrari, M., Réty, P.: A toolbox for conservative XML schema evolution and document adaptation. In: Decker, H., Lhotská, L., Link, S., Spies, M., Wagner, R.R. (eds.) DEXA 2014, Part I. LNCS, vol. 8644, pp. 299–307. Springer, Heidelberg (2014)

    Google Scholar 

  4. Chabin, J., Halfeld Ferrari, M., Musicante, M.A., Réty, P.: Conservative type extensions for XML data. In: Hameurlain, A., Küng, J., Wagner, R. (eds.) TLDKS IX. LNCS, vol. 7980, pp. 65–94. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  5. Gerald, B., Sleeper, H., Gregorowicz, A., Dingwell, R.: hData - a simple XML framework for health data exchange. In: Proceedings of Balisage: The Markup Conference, Montral, Canada, August 11–14, 2009, vol. 3, pp. 299–307 (2009)

    Google Scholar 

  6. Fried, E., Geng, Y., Ullrich, S., Kneer, D., Grottke, O., Rossaint, R., Deserno, T.M., Kuhlen, T.: MEDOX: an XML-based approach of medical data organization for segmentation and simulation. In: Bildverarbeitung für die Medizin 2010 - Algorithmen - Systeme - Anwendungen, Aachen, Germany, March 14–16, 2010. CEUR Workshop Proceedings, vol. 574, 251–255. CEUR-WS.org (2010)

    Google Scholar 

  7. Cavalini, L.T., Cook, T.W.: Use of XML schema definition for the development of semantically interoperable healthcare applications. In: Gibbons, J., MacCaull, W. (eds.) FHIES 2013. LNCS, vol. 8315, pp. 125–145. Springer, Heidelberg (2014)

    Chapter  Google Scholar 

  8. la Rosa Algarin, A.D., Demurjian, S.A., Berhe, S., Pavlich-Mariscal, J.A.: A security framework for XML schemas and documents for healthcare. In: 2012 IEEE International Conference on Bioinformatics and Biomedicine Workshops, BIBMW 2012, Philadelphia, USA, October 4–7, 2012, pp. 782–789. IEEE (2012)

    Google Scholar 

  9. Steele, R., Gardner, W., Chandra, D., Dillon, T.S.: Framework and prototype for a secure XML-based electronic health records system. IJEH 3(2), 151–174 (2007)

    Article  Google Scholar 

  10. Kumar, C.S., Govardhan, A., Rao, C.V.G.: Usage of XML technology in electronic health record for effective heterogeneous systems integration in healthcare. IJMEI 1(4), 399–406 (2009)

    Article  Google Scholar 

  11. Thuy, P.T.T., Lee, Y., Lee, S.: Semantic and structural similarities between XML schemas for integration of ubiquitous healthcare data. Pers. Ubiquit. Comput. 17(7), 1331–1339 (2013)

    Article  Google Scholar 

  12. IBM jStart team: IBM Emerging Technology’s client engagement team. http://www-01.ibm.com/software/ebusiness/jstart/

  13. DITA OASIS Standard: An XML architecture for designing, writing, managing, and publishing information. http://dita.xml.org/

  14. ebXML consortium: Electronic Business using eXtensible Markup Language. http://www.ebxml.org/

  15. Oracle White Paper: Sun Storage 7000 Unified Storage Systems and XML-Based Archiving for SAP Systems, April 2010. http://www.oracle.com/us/solutions/sap/database/ss7000-sap-implementation-guide-352637.pdf

  16. Rassadko, N.: Policy classes and query rewriting algorithm for XML security views. In: Damiani, E., Liu, P. (eds.) Data and Applications Security 2006. LNCS, vol. 4127, pp. 104–118. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  17. Fan, W., Geerts, F., Jia, X., Kementsietsidis, A.: Rewriting regular xpath queries on XML views. In: ICDE, pp. 666–675. IEEE (2007)

    Google Scholar 

  18. Groz, B., Staworko, S., Caron, A.-C., Roos, Y., Tison, S.: XML security views revisited. In: Gardner, P., Geerts, F. (eds.) DBPL 2009. LNCS, vol. 5708, pp. 52–67. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  19. Luo, B., Lee, D., Lee, W.C., Liu, P.: Qfilter: rewriting insecure XML queries to secure ones using non-deterministic finite automata. VLDB J. 20(3), 397–415 (2011)

    Article  Google Scholar 

  20. Cong, G.: Query and update through XML views. In: Bhalla, S. (ed.) DNIS 2007. LNCS, vol. 4777, pp. 81–95. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  21. Damiani, E., Fansi, M., Gabillon, A., Marrara, S.: A general approach to securely querying XML. Comput. Stand. Interfaces 30(6), 379–389 (2008)

    Article  Google Scholar 

  22. Clark, J., DeRose, S.: XML path language (XPath) 1.0. W3C Recommendation, November 1999. http://www.w3.org/TR/xpath/

  23. Berglund, A., Boag, S., Chamberlin, D., Fernández, M.F., Kay, M., Robie, J., Siméon, J.: XML path language (XPath) 2.0 (second edition). W3C Recommendation, December 2010. http://www.w3.org/TR/2010/REC-xpath20-20101214/

  24. Kuper, G.M., Massacci, F., Rassadko, N.: Generalized XML security views. Int. J. Inf. Sec. 8(3), 173–203 (2009)

    Article  Google Scholar 

  25. Fan, W., Chan, C.Y., Garofalakis, M.N.: Secure XML querying with security views. In: Proceedings of the ACM SIGMOD International Conference on Management of Data, pp. 587–598. ACM (2004)

    Google Scholar 

  26. Choi, B.: What are real dtds like? In: Fifth International Workshop on the Web and Databases (WebDB), pp. 43–48 (2002)

    Google Scholar 

  27. Fan, W., Geerts, F., Jia, X., Kementsietsidis, A.: SMOQE: a system for providing secure access to XML. In: Proceedings of the 32nd International Conference on Very Large Data Bases, pp. 1227–1230. ACM (2006)

    Google Scholar 

  28. Marx, M.: XPath with conditional axis relations. In: Bertino, E., Christodoulakis, S., Plexousakis, D., Christophides, V., Koubarakis, M., Böhm, K. (eds.) EDBT 2004. LNCS, vol. 2992, pp. 477–494. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  29. Wood, P.T.: Containment for XPath fragments under DTD constraints. In: Calvanese, D., Lenzerini, M., Motwani, R. (eds.) ICDT 2003. LNCS, vol. 2572, pp. 297–311. Springer, Heidelberg (2002)

    Google Scholar 

  30. Neven, F., Schwentick, T.: On the complexity of Xpath containment in the presence of disjunction, DTDs, and variables. Logical Methods in Computer Science 2(3) (2006)

    Google Scholar 

  31. Robie, J., Chamberlin, D., Dyck, M., Florescu, D., Melton, J., Siméon, J.: Xquery update facility 1.0. W3C Recommendation, March 2011. http://www.w3.org/TR/xquery-update-10/

  32. Mahfoud, H., Imine, A.: A general approach for securely updating XML data. In: Proceedings of the 15th International Workshop on the Web and Databases (WebDB 2012), pp. 55–60 (2012)

    Google Scholar 

  33. Mahfoud, H., Imine, A.: On securely manipulating XML data. In: Garcia-Alfaro, J., Cuppens, F., Cuppens-Boulahia, N., Miri, A., Tawbi, N. (eds.) FPS 2012. LNCS, vol. 7743, pp. 293–307. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  34. Fundulaki, I., Maneth, S.: Formalizing XML access control for update operations. In: SACMAT, pp. 169–174. ACM (2007)

    Google Scholar 

  35. Mahfoud, H., Imine, A., Rusinowitch, M.: SVMAX: a system for secure and valid manipulation of XML data. In: Proceedings of the 17th International Database Engineering & Applications Symposium (IDEAS), pp. 154–161. ACM (2013)

    Google Scholar 

  36. Jia, X.: From Relations to XML: Cleaning, Integrating and Securing Data. Doctor of philosophy, Laboratory for Foundations of Computer Science. School of Informatics. University of Edinburgh (2007)

    Google Scholar 

  37. Fan, W., Yu, J.X., Li, J., Ding, B., Qin, L.: Query translation from XPath to SQL in the presence of recursive dtds. VLDB J. 18(4), 857–883 (2009)

    Article  Google Scholar 

  38. Krishnamurthy, R., Chakaravarthy, V.T., Kaushik, R., Naughton, J.F.: Recursive XML schemas, recursive XML queries, and relational storage: XML-to-SQL query translation. In: Proceedings of the 20th International Conference on Data Engineering (ICDE 2004), pp. 42–53. IEEE Computer Society (2004)

    Google Scholar 

  39. ten Cate, B.: The expressivity of XPath with transitive closure. In: Proceedings of the Twenty-Fifth ACM SIGACT-SIGMOD-SIGART Symposium on Principles of Database Systems (PODS 2006), pp. 328–337. ACM (2006)

    Google Scholar 

  40. Stoica, A., Farkas, C.: Secure XML views. In: Research Directions in Data and Applications Security, IFIP WG 11.3 Sixteenth International Conference on Data and Applications Security. IFIP Conference Proceedings, vol. 256, pp. 133–146. Kluwer (2002)

    Google Scholar 

  41. Duong, M., Zhang, Y.: An integrated access control for securely querying and updating XML data. In: Proceedings of the Nineteenth Australasian Database Conference (ADC). CRPIT, vol. 75, pp. 75–83. Australian Computer Society (2008)

    Google Scholar 

  42. Thimma, M., Tsui, T.K., Luo, B.: HyXAC: a hybrid approach for XML access control. In: 18th ACM Symposium on Access Control Models and Technologies (SACMAT), ACM (2013)

    Google Scholar 

  43. Fegaras, L.: Incremental maintenance of materialized XML views. In: Hameurlain, A., Liddle, S.W., Schewe, K.-D., Zhou, X. (eds.) DEXA 2011, Part II. LNCS, vol. 6861, pp. 17–32. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  44. Shastry, P.D.N.M.: Integrated Healthcare IHE Pathway for the Patients: Patient Treatment Lifecycle Management (PTLM). Radiology Clinic, United Kingdom (2000). (October 2012) http://www.clinrad.nhs.uk/

  45. Samarati, P., di Vimercati, S.C.: Access control: policies, models, and mechanisms. In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2000. LNCS, vol. 2171, pp. 137–146. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  46. Fundulaki, I., Marx, M.: Specifying access control policies for XML documents with XPath. In: SACMAT 2004, 9th ACM Symposium on Access Control Models and Technologies, pp. 61–69, ACM (2004)

    Google Scholar 

  47. Murata, M., Tozawa, A., Kudo, M., Hada, S.: XML access control using static analysis. ACM Trans. Inf. Syst. Secur. 9(3), 292–324 (2006)

    Article  Google Scholar 

  48. Gottlob, G., Koch, C., Pichler, R.: Efficient algorithms for processing XPath queries. ACM Trans. Database Syst. 30(2), 444–491 (2005)

    Article  Google Scholar 

  49. Mahfoud, H., Imine, A.: Secure querying of recursive XML views: a standard XPath-based technique. In: WWW (Companion Volume), pp. 575–576. ACM (2012)

    Google Scholar 

  50. Kuper, G.M., Massacci, F., Rassadko, N.: Generalized XML security views. In: 10th ACM Symposium on Access Control Models and Technologies (SACMAT), pp. 77–84. ACM (2005)

    Google Scholar 

  51. Andrei, S., Chin, W.N., Cavadini, S.V.: Self-embedded context-free grammars with regular counterparts. Acta Inf. 40(5), 349–365 (2004)

    Article  MathSciNet  MATH  Google Scholar 

  52. Murata, M., Tozawa, A., Kudo, M., Hada, S.: XML access control using static analysis. In: Proceedings of the 10th ACM Conference on Computer and Communications Security (CCS), pp. 73–84. ACM (2003)

    Google Scholar 

  53. Duong, M., Zhang, Y.: Dynamic labelling scheme for XML data processing. In: Meersman, R., Tari, Z. (eds.) OTM 2008, Part II. LNCS, vol. 5332, pp. 1183–1199. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  54. Oasis extensible access control markup language (XACML) TC, January 3013. https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml

  55. Bonifati, A., Goodfellow, M.H., Manolescu, I., Sileo, D.: Algebraic incremental maintenance of XML views. In: 14th International Conference on Extending Database Technology (EDBT), pp. 177–188. ACM (2011)

    Google Scholar 

  56. Nica, A.: Incremental maintenance of materialized views with outerjoins. Inf. Syst. 37(5), 430–442 (2012)

    Article  Google Scholar 

  57. Gupta, A., Mumick, I.S.: Maintenance of materialized views: Problems, techniques, and applications. IEEE Data Eng. Bull. 18(2), 3–18 (1995)

    Google Scholar 

  58. Gupta, A., Mumick, I.S., Rao, J., Ross, K.A.: Adapting materialized views after redefinitions: techniques and a performance study. Inf. Syst. 26(5), 323–362 (2001)

    Article  MATH  Google Scholar 

  59. Maneth, S., Nguyen, K.: XPath whole query optimization. PVLDB 3(1), 882–893 (2010)

    Google Scholar 

  60. Georgiadis, H., Charalambides, M., Vassalos, V.: A query optimization assistant for XPath. In: Proceedings of the 14th International Conference on Extending Database Technology (EDBT 2011), ACM (2011)

    Google Scholar 

  61. Hsu, W.C., Liao, I.E.: CIS-X: a compacted indexing scheme for efficient query evaluation of XML documents. Inf. Sci. 241, 195–211 (2013)

    Article  MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Abou-Bekr Belkaïd University, Tlemcen, Algeria

    Houari Mahfoud

  2. University of Lorraine and INRIA-LORIA, Nancy, France

    Abdessamad Imine

Authors
  1. Houari Mahfoud
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Abdessamad Imine
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Houari Mahfoud .

Editor information

Editors and Affiliations

  1. IRIT, Paul Sabatier University, Toulouse, France

    Abdelkader Hameurlain

  2. FAW, University of Linz, Linz, Austria

    Josef Küng

  3. FAW, University of Linz, Linz, Austria

    Roland Wagner

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer-Verlag Berlin Heidelberg

About this chapter

Cite this chapter

Mahfoud, H., Imine, A. (2015). Efficient Querying of XML Data Through Arbitrary Security Views. In: Hameurlain, A., Küng, J., Wagner, R. (eds) Transactions on Large-Scale Data- and Knowledge-Centered Systems XXII. Lecture Notes in Computer Science(), vol 9430. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-48567-5_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-662-48567-5_3

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-662-48566-8

  • Online ISBN: 978-3-662-48567-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation