Self-embedded context-free grammars with regular counterparts
Acta Informatica
Secure XML querying with security views
SIGMOD '04 Proceedings of the 2004 ACM SIGMOD international conference on Management of data
Incremental validation of XML documents
ACM Transactions on Database Systems (TODS)
SMOQE: a system for providing secure access to XML
VLDB '06 Proceedings of the 32nd international conference on Very large data bases
XML access control using static analysis
ACM Transactions on Information and System Security (TISSEC)
Formalizing XML access control for update operations
Proceedings of the 12th ACM symposium on Access control models and technologies
An integrated access control for securely querying and updating XML data
ADC '08 Proceedings of the nineteenth conference on Australasian database - Volume 75
A general approach to securely querying XML
Computer Standards & Interfaces
Generalized XML security views
International Journal of Information Security
The complexity of query containment in expressive fragments of XPath 2.0
Journal of the ACM (JACM)
DBPL '09 Proceedings of the 12th International Symposium on Database Programming Languages
Optimistic access control for distributed collaborative editors
Proceedings of the 2011 ACM Symposium on Applied Computing
QFilter: rewriting insecure XML queries to secure ones using non-deterministic finite automata
The VLDB Journal — The International Journal on Very Large Data Bases
Efficient incremental validation of XML documents after composite updates
XSym'06 Proceedings of the 4th international conference on Database and XML Technologies
Secure querying of recursive XML views: a standard xpath-based technique
Proceedings of the 21st international conference companion on World Wide Web
On securely manipulating XML data
FPS'12 Proceedings of the 5th international conference on Foundations and Practice of Security
| Hi-index | 0.00 |
It is increasingly common to find XML views used to enforce access control as found in many applications and commercial database systems. To overcome the overhead of view materialization and maintenance, XML views are necessarily virtual. With this comes the need for answering XML queries posed over virtual views, by rewriting them into equivalent queries on the underlying documents. A major concern here is that query rewriting for recursive XML views is still an open problem, and proposed approaches deal only with non-recursive XML views. Moreover, a small number of works have studied the access rights for updates. In this paper, we present SVMAX (Secure and Valid MAnipulation of XML), the first system that supports specification and enforcement of both read and update access policies over arbitrary XML views (recursive or non). SVMAX defines general and expressive models for controlling access to XML data using significant class of XPath queries and in the presence of the update primitives of W3C XQuery Update Facility. Furthermore, SVMAX features an additional module enabling efficient validation of XML documents after primitive updates of XQuery. The wide use of W3C standards makes of SVMAX a useful system that can be easily integrated within commercial database systems as we will show. We give extensive experimental results, based on real-life DTDs, that show the efficiency and scalability of our system.