Securely updating XML

Authors:
Ernesto Damiani;Majirus Fansi;Alban Gabillon;Stefania Marrara
Affiliations:
Università degli Studi di Milano, Dipartimento di Tecnologie dell'Informazione, Crema, CR, Italy;Université de Pau et des Pays de l'Adour, IUT des Pays de l'Adour, Mont-de-Marsan, France;Université de Pau et des Pays de l'Adour, IUT des Pays de l'Adour, Mont-de-Marsan, France;Università degli Studi di Milano, Dipartimento di Tecnologie dell'Informazione, Crema, CR, Italy
Venue:
KES'07/WIRN'07 Proceedings of the 11th international conference, KES 2007 and XVII Italian workshop on neural networks conference on Knowledge-based intelligent information and engineering systems: Part III
Year:
2007

Citing 12
Cited 4

XML document security based on provisional authorization

Proceedings of the 7th ACM conference on Computer and communications security
Updating XML

SIGMOD '01 Proceedings of the 2001 ACM SIGMOD international conference on Management of data
Consistently updating XML documents using incremental constraint check queries

Proceedings of the 4th international workshop on Web information and data management
XML access control using static analysis

Proceedings of the 10th ACM conference on Computer and communications security
Extending xQuery with transformation operators

Proceedings of the 2003 ACM symposium on Document engineering
Access control of XML documents considering update operations

Proceedings of the 2003 ACM workshop on XML security
Secure XML querying with security views

SIGMOD '04 Proceedings of the 2004 ACM SIGMOD international conference on Management of data
Access control for XML: a dynamic query rewriting approach

Proceedings of the 14th ACM international conference on Information and knowledge management
An access control model for querying XML data

Proceedings of the 2005 workshop on Secure web services
Controlled and cooperative updates of XML documents in byzantine and failure-prone distributed systems

ACM Transactions on Information and System Security (TISSEC)
From XML view updates to relational view updates: old solutions to a new problem

VLDB '04 Proceedings of the Thirtieth international conference on Very large data bases - Volume 30
A formal access control model for XML databases

SDM'05 Proceedings of the Second VDLB international conference on Secure Data Management

A general approach to securely querying XML

Computer Standards & Interfaces
The Halting Problem and Undecidability of Document Generation under Access Control for Tree Updates

LATA '09 Proceedings of the 3rd International Conference on Language and Automata Theory and Applications
Computational complexity of the problem of tree generation under fine-grained access control policies

Information and Computation
QFilter: rewriting insecure XML queries to secure ones using non-deterministic finite automata

The VLDB Journal — The International Journal on Very Large Data Bases

Quantified Score

Hi-index	0.00

Visualization

Abstract

We study the problem of updating XML repository through security views. Users are provided with the view of the repository schema they are entitled to see. They write update requests over their view using the XUpdate language. Each request is processed in two rewriting steps. First, the XPath expression selecting the nodes to update from the view is rewritten to another expression that only selects nodes the user is permitted to see. Second the XUpdate query is refined according to the write privileges held by the user.