Secure XML querying with security views

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Secure XML querying with security views

Full text

Pdf (229 KB)

Source

International Conference on Management of Data archive
Proceedings of the 2004 ACM SIGMOD international conference on Management of data table of contents

Paris, France

SESSION: Research sessions: security and privacy table of contents

Pages: 587 - 598

Year of Publication: 2004

ISBN:1-58113-859-8

Authors

Wenfei Fan	University of Edinburgh & Bell Laboratories
Chee-Yong Chan	National University of Singapore
Minos Garofalakis	Bell Laboratories

Sponsor

SIGMOD: ACM Special Interest Group on Management of Data

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 12, Downloads (12 Months): 128, Citation Count: 36

Additional Information:

abstract references cited by collaborative colleagues peer to peer

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1007568.1007634 What is a DOI?

ABSTRACT

The prevalent use of XML highlights the need for a generic, flexible access-control mechanism for XML documents that supports efficient and secure query access, without revealing sensitive information unauthorized users. This paper introduces a novel paradigm for specifying XML security constraints and investigates the enforcement of such constraints during XML query evaluation. Our approach is based on the novel concept of security views, which provide for each user group (a) an XML view consisting of all and only the information that the users are authorized to access, and (b) a view DTD that the XML view conforms to. Security views effectively protect sensitive data from access and potential inferences by unauthorized user, and provide authorized users with necessary schema information to facilitate effective query formulation and optimization. We propose an efficient algorithm for deriving security view definitions from security policies (defined on the original document DTD) for different user groups. We also develop novel algorithms for XPath query rewriting and optimization such that queries over security views can be efficiently answered without materializing the views. Our algorithms transform a query over a security view to an equivalent query over the original document, and effectively prune query nodes by exploiting the structural properties of the document DTD in conjunction with approximate XPath containment tests. Our work is the first to study a flexible, DTD-based access-control model for XML and its implications on the XML query-execution engine. Furthermore, it is among the first efforts for query rewriting and optimization in the presence of general DTDs for a rich a class of XPath queries. An empirical study based on real-life DTDs verifies the effectiveness of our approach.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Serge Abiteboul , Peter Buneman , Dan Suciu, Data on the Web: from relations to semistructured data and XML, Morgan Kaufmann Publishers Inc., San Francisco, CA, 1999
	2	Sihem Amer-Yahia , SungRan Cho , Laks V. S. Lakshmanan , Divesh Srivastava, Minimization of tree pattern queries, Proceedings of the 2001 ACM SIGMOD international conference on Management of data, p.497-508, May 21-24, 2001, Santa Barbara, California, United States
	3	Elisa Bertino , Elena Ferrari, Secure and selective dissemination of XML documents, ACM Transactions on Information and System Security (TISSEC), v.5 n.3, p.290-331, August 2002 [doi>10.1145/545186.545190]
	4	T. Bray, J. Paoli, and C. M. Sperberg-McQueen. Extensible Markup Language (XML) 1.0 W3C Recommendation, Feb. 1998.
	5	Silvana Castano , Maria Grazia Fugini , Giancarlo Martella , Pierangela Samarati, Database security, ACM Press/Addison-Wesley Publishing Co., New York, NY, 1995
	6	S. Cho, S. Amer-Yahia, L. Lakshmanan, and D. Srivastava. Optimizing the secure evaluation of twig queries. In VLDB, 2002.
	7	J. Clark and S. DeRose. XML Path Languages (XPath). W3C Working Draft, Nov. 1999.
	8	Ernesto Damiani , Sabrina De Capitani di Vimercati , Stefano Paraboschi , Pierangela Samarati, Securing XML Documents, Proceedings of the 7th International Conference on Extending Database Technology: Advances in Database Technology, p.121-135, March 27-31, 2000
	9	Ernesto Damiani , Sabrina De Capitani di Vimercati , Stefano Paraboschi , Pierangela Samarati, A fine-grained access control system for XML documents, ACM Transactions on Information and System Security (TISSEC), v.5 n.2, p.169-202, May 2002 [doi>10.1145/505586.505590]
	10	Alin Deutsch , Lucian Popa , Val Tannen, Physical Data Independence, Constraints, and Optimization with Universal Plans, Proceedings of the 25th International Conference on Very Large Data Bases, p.459-470, September 07-10, 1999
	11	Alin Deutsch , Val Tannen, Reformulation of XML Queries and Constraints, Proceedings of the 9th International Conference on Database Theory, p.225-241, January 08-10, 2003
	12	A. Diaz and D. Lovell, XML generator, 1999.
	13	Mary Fernández , Yana Kadiyska , Dan Suciu , Atsuyuki Morishima , Wang-Chiew Tan, SilkRoute: A framework for publishing relational data in XML, ACM Transactions on Database Systems (TODS), v.27 n.4, p.438-493, December 2002 [doi>10.1145/582410.582413]
	14	Mary F. Fernandez , Dan Suciu, Optimizing Regular Path Expressions Using Graph Schemas, Proceedings of the Fourteenth International Conference on Data Engineering, p.14-23, February 23-27, 1998
	15	G, Gottlob, C. Koch, and R, Pichler, Efficient algorithms for processing XPath queries. In VLDB, 2002.
	16	S. Hada and M. Kudo. XML access control language: Provisional authorization for XML documents. http://www.trl.ibm.com/projects/xml/xacl/xacl-spec.html.
	17	C. Koch. XML Task Force, 2003.
	18	Gerome Miklau , Dan Suciu, Containment and equivalence for an XPath fragment, Proceedings of the twenty-first ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems, June 03-05, 2002, Madison, Wisconsin [doi>10.1145/543613.543623]
	19	G. Miklau and D. Suciu. controlling access to published data using cryptography. In VLDB, 2003.
	20	R. Milner, Communication and Concurrency, Prentice-Hall, Inc., Upper Saddle River, NJ, 1989
	21	Tova Milo , Dan Suciu, Index Structures for Path Expressions, Proceeding of the 7th International Conference on Database Theory, p.277-295, January 10-12, 1999
	22	Makoto Murata , Akihiko Tozawa , Michiharu Kudo , Satoshi Hada, XML access control using static analysis, Proceedings of the 10th ACM conference on Computer and communications security, October 27-30, 2003, Washington D.C., USA [doi>10.1145/948109.948122]
	23	NAA Classified advertising standard task force. Adex DTD, 1999.
	24	Frank Neven , Thomas Schwentick, XPath Containment in the Presence of Disjunction, DTDs, and Variables, Proceedings of the 9th International Conference on Database Theory, p.315-329, January 08-10, 2003
	25	Oasis. eXtensible Access Control Markup Language (XACML). http://www.oasis-open.org/committees/xcaml.
	26	Yannis Papakonstantinou , Vasilis Vassalos, Query rewriting for semistructured data, Proceedings of the 1999 ACM SIGMOD international conference on Management of data, p.455-466, May 31-June 03, 1999, Philadelphia, Pennsylvania, United States
	27	Prakash Ramanan, Efficient algorithms for minimizing tree pattern queries, Proceedings of the 2002 ACM SIGMOD international conference on Management of data, June 03-06, 2002, Madison, Wisconsin [doi>10.1145/564691.564726]
	28	Takao Asano , Kuniaki Hori , Takao Ono , Tomio Hirata, A Theoretical Framework of Hybrid Approaches to MAX SAT, Proceedings of the 8th International Symposium on Algorithms and Computation, p.153-162, December 17-19, 1997

CITED BY 36

	Dong-Xi Liu, CSchema: a downgrading policy language for XML access control, Journal of Computer Science and Technology, v.22 n.1, p.44-53, January 2007
	Sriram Mohan , Arijit Sengupta , Yuqing Wu, Access control for XML: a dynamic query rewriting approach, Proceedings of the 14th ACM international conference on Information and knowledge management, October 31-November 05, 2005, Bremen, Germany
	Wenfei Fan , Floris Geerts , Xibei Jia , Anastasios Kementsietsidis, SMOQE: a system for providing secure access to XML, Proceedings of the 32nd international conference on Very large data bases, September 12-15, 2006, Seoul, Korea
	Sriram Mohan , Yuqing Wu, IPAC: an interactive approach to access control for semi-structured data, Proceedings of the 32nd international conference on Very large data bases, September 12-15, 2006, Seoul, Korea
	Huaxin Zhang , Ning Zhang , Kenneth Salem , Donghui Zhuo, Compact access control labeling for efficient secure XML query evaluation, Data & Knowledge Engineering, v.60 n.2, p.326-344, February, 2007
	Barbara Carminati , Elena Ferrari, AC-XML documents: improving the performance of a web access control module, Proceedings of the tenth ACM symposium on Access control models and technologies, June 01-03, 2005, Stockholm, Sweden
	Mustafa M. Kocatürk , Taflan İ. Gündem, A Fine-Grained Access Control System Combining MAC and RBACK Models for XML, Informatica, v.19 n.4, p.517-534, December 2008
	Jinghua Groppe , Sven Groppe, Filtering unsatisfiable XPath queries, Data & Knowledge Engineering, v.64 n.1, p.134-169, January, 2008
	Irini Fundulaki , Sebastian Maneth, Formalizing XML access control for update operations, Proceedings of the 12th ACM symposium on Access control models and technologies, June 20-22, 2007, Sophia Antipolis, France
	Chee-Yong Chan , Wenfei Fan , Yiming Zeng, Taming XPath queries by minimizing wildcard steps, Proceedings of the Thirtieth international conference on Very large data bases, p.156-167, August 31-September 03, 2004, Toronto, Canada
	Padmapriya Ayyagari , Prasenjit Mitra , Dongwon Lee , Peng Liu , Wang-Chien Lee, Incremental adaptation of XPath access control views, Proceedings of the 2nd ACM symposium on Information, computer and communications security, March 20-22, 2007, Singapore
	Jianhua Feng , Na Ta , Guoliang Li , Yu Liu , Dapeng Lv, A framework of semantic cache for secure XML query answering: an interesting joint and novel perspective, Proceedings of the 2nd international conference on Scalable information systems, June 06-08, 2007, Suzhou, China
	Gabriel Kuper , Fabio Massacci , Nataliya Rassadko, Generalized XML security views, Proceedings of the tenth ACM symposium on Access control models and technologies, June 01-03, 2005, Stockholm, Sweden
	Michael Benedikt , Wenfei Fan , Floris Geerts, XPath satisfiability in the presence of DTDs, Proceedings of the twenty-fourth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems, June 13-15, 2005, Baltimore, Maryland
	Hong Zhu , Kevin Lü , Renchao Jin, A practical mandatory access control model for XML databases, Information Sciences: an International Journal, v.179 n.8, p.1116-1133, March, 2009
	Loreto Bravo , James Cheney , Irini Fundulaki, ACCOn: checking consistency of XML write-access control policies, Proceedings of the 11th international conference on Extending database technology: Advances in database technology, March 25-29, 2008, Nantes, France
	Hye-Kyeong Ko , Min-Jeong Kim , SangKeun Lee, On the efficiency of secure XML broadcasting, Information Sciences: an International Journal, v.177 n.24, p.5505-5521, December, 2007
	Béatrice Finance , Saïda Medjdoub , Philippe Pucheral, The case for access control on XML relationships, Proceedings of the 14th ACM international conference on Information and knowledge management, October 31-November 05, 2005, Bremen, Germany
	Arnaud Sahuguet , Bogdan Alexe, Sub-document queries over XML with XSQirrel, Proceedings of the 14th international conference on World Wide Web, May 10-14, 2005, Chiba, Japan
	Mingfei Jiang , Ada Wai-Chee Fu, Integration and Efficient Lookup of Compressed XML Accessibility Maps, IEEE Transactions on Knowledge and Data Engineering, v.17 n.7, p.939-953, July 2005
	Pierre Genevès , Nabil Layaïda , Alan Schmitt, Efficient static analysis of XML paths and types, ACM SIGPLAN Notices, v.42 n.6, June 2007
	Maggie Duong , Yanchun Zhang, An integrated access control for securely querying and updating XML data, Proceedings of the nineteenth conference on Australasian database, December 03-04, 2007, Gold Coast, Australia
	Michael Benedikt , Wenfei Fan , Floris Geerts, XPath satisfiability in the presence of DTDs, Journal of the ACM (JACM), v.55 n.2, p.1-79, May 2008
	Michalis Petropoulos , Alin Deutsch , Yannis Papakonstantinou , Yannis Katsis, Exporting and interactively querying Web service-accessed sources: The CLIDE System, ACM Transactions on Database Systems (TODS), v.32 n.4, p.22-es, November 2007
	Jae-Gil Lee , Kyu-Young Whang , Wook-Shin Han , Il-Yeol Song, The dynamic predicate: integrating access control with query processing in XML databases, The VLDB Journal — The International Journal on Very Large Data Bases, v.16 n.3, p.371-387, July 2007
	Pierre Genevès , Nabil Layaïda, Comparing XML path expressions, Proceedings of the 2006 ACM symposium on Document engineering, October 10-13, 2006, Amsterdam, The Netherlands
	Ernesto Damiani , Majirus Fansi , Alban Gabillon , Stefania Marrara, A general approach to securely querying XML, Computer Standards & Interfaces, v.30 n.6, p.379-389, August, 2008
	Irini Fundulaki , Maarten Marx, Specifying access control policies for XML documents with XPath, Proceedings of the ninth ACM symposium on Access control models and technologies, June 02-04, 2004, Yorktown Heights, New York, USA
	Pierre Genevès , Nabil Layaïda, A system for the static analysis of XPath, ACM Transactions on Information Systems (TOIS), v.24 n.4, p.475-502, October 2006
	Jun Gao , Tengjiao Wang , Dongqing Yang, XFlat: Query-friendly encrypted XML view publishing, Information Sciences: an International Journal, v.178 n.3, p.774-787, February, 2008
	Pierre Genevès , Nabil Layaïda, Deciding XPath containment with MSO, Data & Knowledge Engineering, v.63 n.1, p.108-136, October, 2007
	Bogdan Cautis, Distributed access control: a privacy-conscious approach, Proceedings of the 12th ACM symposium on Access control models and technologies, June 20-22, 2007, Sophia Antipolis, France
	Makoto Murata , Akihiko Tozawa , Michiharu Kudo , Satoshi Hada, XML access control using static analysis, ACM Transactions on Information and System Security (TISSEC), v.9 n.3, p.292-324, August 2006
	Luc Bouganim , Francois Dang Ngoc , Philippe Pucheral, Dynamic access-control policies on XML encrypted data, ACM Transactions on Information and System Security (TISSEC), v.10 n.4, p.1-37, January 2008
	Xiaochun Yang , Chen Li, Secure XML publishing without information leakage in the presence of data inference, Proceedings of the Thirtieth international conference on Very large data bases, p.96-107, August 31-September 03, 2004, Toronto, Canada
	Michael Benedikt , Christoph Koch, XPath leashed, ACM Computing Surveys (CSUR), v.41 n.1, p.1-54, December 2008

Collaborative Colleagues:

Wenfei Fan: colleagues

Chee-Yong Chan: colleagues

Minos Garofalakis: colleagues

Peer to Peer - Readers of this Article have also read:

Data structures for quadtree approximation and compression Communications of the ACM 28, 9
Hanan Samet
A hierarchical single-key-lock access control using the Chinese remainder theorem Proceedings of the 1992 ACM/SIGAPP Symposium on Applied computing
Kim S. Lee , Huizhu Lu , D. D. Fisher
The GemStone object database management system Communications of the ACM 34, 10
Paul Butterworth , Allen Otis , Jacob Stein
Putting innovation to work: adoption strategies for multimedia communication systems Communications of the ACM 34, 12
Ellen Francik , Susan Ehrlich Rudman , Donna Cooper , Stephen Levine
An intelligent component database for behavioral synthesis Proceedings of the 27th ACM/IEEE Design Automation Conference on
Gwo-Dong Chen , Daniel D. Gajski

Adobe Acrobat

QuickTime

Windows Media Player

Real Player