Secure XML querying with security views
SIGMOD '04 Proceedings of the 2004 ACM SIGMOD international conference on Management of data
The complexity of query containment in expressive fragments of XPath 2.0
Proceedings of the twenty-sixth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems
Formalizing XML access control for update operations
Proceedings of the 12th ACM symposium on Access control models and technologies
An integrated access control for securely querying and updating XML data
ADC '08 Proceedings of the nineteenth conference on Australasian database - Volume 75
A general approach to securely querying XML
Computer Standards & Interfaces
Generalized XML security views
International Journal of Information Security
DBPL '09 Proceedings of the 12th International Symposium on Database Programming Languages
Repairing inconsistent XML write-access control policies
DBPL'07 Proceedings of the 11th international conference on Database programming languages
Policy classes and query rewriting algorithm for XML security views
DBSEC'06 Proceedings of the 20th IFIP WG 11.3 working conference on Data and Applications Security
SVMAX: a system for secure and valid manipulation of XML data
Proceedings of the 17th International Database Engineering & Applications Symposium
| Hi-index | 0.00 |
Over the past years several works have proposed access control models for XML data where only read-access rights over non-recursive DTDs are considered. A small number of works have studied the access rights for updates. In this paper, we present a general and expressive model for specifying access control on XML data in the presence of the update operations of W3C XQuery Update Facility. Our approach for enforcing such update specification is based on the notion of query rewriting. A major issue is that, in practice, query rewriting for recursive DTDs is still an open problem. We show that this limitation can be avoided using only the expressive power of the standard XPath, and we propose a linear algorithm to rewrite each update operation defined over an arbitrary DTDs (recursive or not) into a safe one in order to be evaluated only over the XML data which can be updated by the user. To our knowledge, this work is the first effort for securely updating XML in the presence of arbitrary DTDs, a rich class of update operations, and a significant fragment of XPath.