Generalized XML Security Views

Kuper, Gabriel and Massacci, Fabio and Rassadko, Nataliya (2005) Generalized XML Security Views. UNSPECIFIED. (Unpublished)

Download (345Kb) | Preview


    We investigate a generalization of the notion of XML security view introduced by Stoica and Farkas [22] and later refined by Fan et al. [12]. The model consists of access control policies specified over DTDs with XPath expression for data-dependent access control policies. We provide the notion of security views for characterizing information accessible to authorized users. This is a transformed (sanitized) DTD schema that can be used by users for query formulation and optimization. Then we show an algorithm to materialize "authorized" version of the document from the view and an algorithm to construct the view from an access control specification. We show that our view construction combined with materialization produces the same result as the direct application of the DTD access specification on the document. To avoid the overhead of view materialization in query answering, user queries should undergo rewriting so that they are valid over the original DTD schema, and thus the query answer is computed from the original XML data. We provide an algorithm for query rewriting and show its performance compared with the naive approach, i.e. the approach when query is evaluated over materialized view. We also propose a number of generalizations of possible security policies.

    Item Type: Departmental Technical Report
    Department or Research center: Information Engineering and Computer Science
    Subjects: Q Science > QA Mathematics > QA076 Data Base Management
    Uncontrolled Keywords: XPath, XML database, security views, algorithms
    Additional Information: Also submitted to ACM TODS journal
    Report Number: DIT-05-061
    Repository staff approval on: 28 Apr 2006

    Actions (login required)

    View Item