Policy Classes and Query Rewriting Algorithm for XML Security Views

  • Nataliya Rassadko
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4127)


Most state-of-the-art approaches of securing XML documents are based on a partial annotation of an XML tree with security labels which are later propagated to unlabeled nodes of the XML so that the resulting labeling is full (i.e. defined for every XML node). The first contribution of this paper is an investigation of possible alternatives for policy definition that lead to a fully annotated XML. We provide a classification of policies using different options of security label propagation and conflict resolution. Our second contribution is a generalized algorithm that constructs a full DTD annotation (from the the partial one) w.r.t. the policy classification. Finally, we discuss the query rewriting approach for our model of XML security views.


None None Access Control Model Query Answering XPath Query Hierarchy Propagation 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Kuper, G., Massacci, F., Rassadko, N.: Generalized XML security views. In: SACMAT 2005: Proceedings of the Tenth ACM Symposium on Access Control Models and Technologies, pp. 77–84. ACM Press, New York (2005)Google Scholar
  2. 2.
    Lunt, T.F., Denning, D.E., Schell, R.R., Heckman, M., Shockley, W.R.: The SeaView security model. IEEE Trans. Softw. Eng. 16(6), 593–607 (1990)CrossRefGoogle Scholar
  3. 3.
    Damiani, E., De Capitani di Vimercati, S., Paraboschi, S., Samarati, P.: A fine-grained access control system for xml documents. ACM Trans. Inf. Syst. Secur. 5(2), 169–202 (2002)CrossRefMATHGoogle Scholar
  4. 4.
    Bertino, E., Braun, M., Castano, S., Ferrari, E., Mesiti, M.: Author-X: A Java-based system for XML data protection. In: Proceedings of the IFIP TC11/WG11.3 Fourteenth Annual Working Conference on Database and Application Security, pp. 15–26. Kluwer, Netherlands (2001)Google Scholar
  5. 5.
    Gabillon, A., Bruno, E.: Regulating access to XML documents. In: Proceedings of the IFIP TC11/WG11.3 Fifteenth Annual Working Conference on Database and Application Security, pp. 299–314. Kluwer Academic Publishers, Norwell (2002)Google Scholar
  6. 6.
    Kudo, M., Hada, S.: XML document security based on provisional authorization. In: CCS 2000: Proceedings of the 7th ACM Conference on Computer and Communications Security, pp. 87–96. ACM Press, New York (2000)Google Scholar
  7. 7.
    Stoica, A., Farkas, C.: Secure XML views. In: Proceedings of the IFIP TC11/WG11.3 Sixteenth International Conference on Data and Applications Security, vol. 256, pp. 133–146. Kluwer, Dordrecht (2003)Google Scholar
  8. 8.
    Fan, W., Chan, C.Y., Garofalakis, M.: Secure xml querying with security views. In: SIGMOD 2004: Proceedings of the 2004 ACM SIGMOD International Conference on Management of Data, pp. 587–598. ACM Press, New York (2004)CrossRefGoogle Scholar
  9. 9.
    Samarati, P., De Capitani di Vimercati, S.: Access control: Policies, models, and mechanisms. In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2000. LNCS, vol. 2171, pp. 137–196. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  10. 10.
    Cormen, T.H., Stein, C., Rivest, R.L., Leiserson, C.E.: Introduction to Algorithms. McGraw-Hill Higher Education, New York (2001)MATHGoogle Scholar
  11. 11.
    Gottlob, G., Koch, C., Pichler, R.: Efficient algorithms for processing XPath queries. ACM Trans. Database Syst. 30(2), 444–491 (2005)CrossRefGoogle Scholar
  12. 12.
    Benedikt, M., Fan, W., Kuper, G.M.: Structural properties of xPath fragments. In: Calvanese, D., Lenzerini, M., Motwani, R. (eds.) ICDT 2003. LNCS, vol. 2572, pp. 79–95. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  13. 13.
    Murata, M., Tozawa, A., Kudo, M., Hada, S.: XML access control using static analysis. In: CCS 2003: Proceedings of the 10th ACM Conference on Computer and Communications Security, pp. 73–84. ACM Press, New York (2003)Google Scholar
  14. 14.
    Cho, S., Amer-Yahia, S., Lakshmanan, L., Srivastava, D.: Optimizing the secure evaluation of twig queries. In: VLDB 2002: Proceedings of the 28th International Conference on Very Large Data Bases, pp. 490–501 (2003)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2006

Authors and Affiliations

  • Nataliya Rassadko
    • 1
  1. 1.The University of TrentoPovoItaly

Personalised recommendations