Policy Classes and Query Rewriting Algorithm for XML Security Views

Rassadko, Nataliya

doi:10.1007/11805588_8

Policy Classes and Query Rewriting Algorithm for XML Security Views

Nataliya Rassadko¹⁸

Conference paper

554 Accesses
8 Citations

Part of the Lecture Notes in Computer Science book series (LNISA,volume 4127)

Abstract

Most state-of-the-art approaches of securing XML documents are based on a partial annotation of an XML tree with security labels which are later propagated to unlabeled nodes of the XML so that the resulting labeling is full (i.e. defined for every XML node). The first contribution of this paper is an investigation of possible alternatives for policy definition that lead to a fully annotated XML. We provide a classification of policies using different options of security label propagation and conflict resolution. Our second contribution is a generalized algorithm that constructs a full DTD annotation (from the the partial one) w.r.t. the policy classification. Finally, we discuss the query rewriting approach for our model of XML security views.

Keywords

None None
Access Control Model
Query Answering
XPath Query
Hierarchy Propagation

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

This work has been partially supported by MIUR under the project FIRB-ASTRO, by PAT under the project PAT-MOSTRO and by the EU Commission under the project EU-IST-IP-SERENITY.

Chapter PDF

References

Kuper, G., Massacci, F., Rassadko, N.: Generalized XML security views. In: SACMAT 2005: Proceedings of the Tenth ACM Symposium on Access Control Models and Technologies, pp. 77–84. ACM Press, New York (2005)
Google Scholar
Lunt, T.F., Denning, D.E., Schell, R.R., Heckman, M., Shockley, W.R.: The SeaView security model. IEEE Trans. Softw. Eng. 16(6), 593–607 (1990)
CrossRef Google Scholar
Damiani, E., De Capitani di Vimercati, S., Paraboschi, S., Samarati, P.: A fine-grained access control system for xml documents. ACM Trans. Inf. Syst. Secur. 5(2), 169–202 (2002)
CrossRef MATH Google Scholar
Bertino, E., Braun, M., Castano, S., Ferrari, E., Mesiti, M.: Author-X: A Java-based system for XML data protection. In: Proceedings of the IFIP TC11/WG11.3 Fourteenth Annual Working Conference on Database and Application Security, pp. 15–26. Kluwer, Netherlands (2001)
Google Scholar
Gabillon, A., Bruno, E.: Regulating access to XML documents. In: Proceedings of the IFIP TC11/WG11.3 Fifteenth Annual Working Conference on Database and Application Security, pp. 299–314. Kluwer Academic Publishers, Norwell (2002)
Google Scholar
Kudo, M., Hada, S.: XML document security based on provisional authorization. In: CCS 2000: Proceedings of the 7th ACM Conference on Computer and Communications Security, pp. 87–96. ACM Press, New York (2000)
Google Scholar
Stoica, A., Farkas, C.: Secure XML views. In: Proceedings of the IFIP TC11/WG11.3 Sixteenth International Conference on Data and Applications Security, vol. 256, pp. 133–146. Kluwer, Dordrecht (2003)
Google Scholar
Fan, W., Chan, C.Y., Garofalakis, M.: Secure xml querying with security views. In: SIGMOD 2004: Proceedings of the 2004 ACM SIGMOD International Conference on Management of Data, pp. 587–598. ACM Press, New York (2004)
CrossRef Google Scholar
Samarati, P., De Capitani di Vimercati, S.: Access control: Policies, models, and mechanisms. In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2000. LNCS, vol. 2171, pp. 137–196. Springer, Heidelberg (2001)
CrossRef Google Scholar
Cormen, T.H., Stein, C., Rivest, R.L., Leiserson, C.E.: Introduction to Algorithms. McGraw-Hill Higher Education, New York (2001)
MATH Google Scholar
Gottlob, G., Koch, C., Pichler, R.: Efficient algorithms for processing XPath queries. ACM Trans. Database Syst. 30(2), 444–491 (2005)
CrossRef Google Scholar
Benedikt, M., Fan, W., Kuper, G.M.: Structural properties of xPath fragments. In: Calvanese, D., Lenzerini, M., Motwani, R. (eds.) ICDT 2003. LNCS, vol. 2572, pp. 79–95. Springer, Heidelberg (2002)
CrossRef Google Scholar
Murata, M., Tozawa, A., Kudo, M., Hada, S.: XML access control using static analysis. In: CCS 2003: Proceedings of the 10th ACM Conference on Computer and Communications Security, pp. 73–84. ACM Press, New York (2003)
Google Scholar
Cho, S., Amer-Yahia, S., Lakshmanan, L., Srivastava, D.: Optimizing the secure evaluation of twig queries. In: VLDB 2002: Proceedings of the 28th International Conference on Very Large Data Bases, pp. 490–501 (2003)
Google Scholar

Download references

Author information

Authors and Affiliations

The University of Trento, via Sommarive 14, 38050, Povo, (TN), Italy
Nataliya Rassadko

Authors

Nataliya Rassadko
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Dipartimento di Tecnologie dell’Informazione, Università degli Studi di Milano, Italy
Ernesto Damiani
The Logistics Institute, Northeastern University, Shenyang, China
Peng Liu

Rights and permissions

Reprints and Permissions

Copyright information

About this paper

Cite this paper

Rassadko, N. (2006). Policy Classes and Query Rewriting Algorithm for XML Security Views. In: Damiani, E., Liu, P. (eds) Data and Applications Security XX. DBSec 2006. Lecture Notes in Computer Science, vol 4127. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11805588_8

Download citation

DOI: https://doi.org/10.1007/11805588_8
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-36796-3
Online ISBN: 978-3-540-36799-4
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics