A model of authorization for next-generation database systems
ACM Transactions on Database Systems (TODS)
Query rewriting for semistructured data
SIGMOD '99 Proceedings of the 1999 ACM SIGMOD international conference on Management of data
Controlled access and dissemination of XML documents
Proceedings of the 2nd international workshop on Web information and data management
XML document security based on provisional authorization
Proceedings of the 7th ACM conference on Computer and communications security
Extended path expressions of XML
PODS '01 Proceedings of the twentieth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems
Journal of the American Society for Information Science and Technology - XML
On XML integrity constraints in the presence of DTDs
Journal of the ACM (JACM)
Optimizing Regular Path Expressions Using Graph Schemas
ICDE '98 Proceedings of the Fourteenth International Conference on Data Engineering
Data Hiding and Security in Object-Oriented Databases
Proceedings of the Eighth International Conference on Data Engineering
Containment for XPath Fragments under DTD Constraints
ICDT '03 Proceedings of the 9th International Conference on Database Theory
Processing XML Streams with Deterministic Automata
ICDT '03 Proceedings of the 9th International Conference on Database Theory
Efficient Filtering of XML Documents for Selective Dissemination of Information
VLDB '00 Proceedings of the 26th International Conference on Very Large Data Bases
Indexing and Querying XML Data for Regular Path Expressions
Proceedings of the 27th International Conference on Very Large Data Bases
EDBT '02 Proceedings of the Worshops XMLDM, MDDE, and YRWS on XML-Based Data Management and Multimedia Engineering-Revised Papers
XPath Containment in the Presence of Disjunction, DTDs, and Variables
ICDT '03 Proceedings of the 9th International Conference on Database Theory
Author-X: A Java-Based System for XML Data Protection
Proceedings of the IFIP TC11/ WG11.3 Fourteenth Annual Working Conference on Database Security: Data and Application Security, Development and Directions
XDuce: A statically typed XML processing language
ACM Transactions on Internet Technology (TOIT)
Regulating access to XML documents
Das'01 Proceedings of the fifteenth annual working conference on Database and application security
Efficient Filtering of XML Documents with XPath Expressions
ICDE '02 Proceedings of the 18th International Conference on Data Engineering
XML access control using static analysis
Proceedings of the 10th ACM conference on Computer and communications security
Containment and equivalence for a fragment of XPath
Journal of the ACM (JACM)
Secure XML querying with security views
SIGMOD '04 Proceedings of the 2004 ACM SIGMOD international conference on Management of data
Taxonomy of XML schema languages using formal language theory
ACM Transactions on Internet Technology (TOIT)
Introduction to Automata Theory, Languages, and Computation (3rd Edition)
Introduction to Automata Theory, Languages, and Computation (3rd Edition)
Efficient algorithms for processing XPath queries
VLDB '02 Proceedings of the 28th international conference on Very Large Data Bases
XML access control with policy matching tree
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
ACCOn: checking consistency of XML write-access control policies
EDBT '08 Proceedings of the 11th international conference on Extending database technology: Advances in database technology
A practical mandatory access control model for XML databases
Information Sciences: an International Journal
Scalable access controls for lineage
TAPP'09 First workshop on on Theory and practice of provenance
Repairing inconsistent XML write-access control policies
DBPL'07 Proceedings of the 11th international conference on Database programming languages
Rewrite-based verification of XML updates
Proceedings of the 12th international ACM SIGPLAN symposium on Principles and practice of declarative programming
A novel client-based approach for signing and checking web forms by using XML against DoS attacks
Proceedings of the 12th International Conference on Information Integration and Web-based Applications & Services
QFilter: rewriting insecure XML queries to secure ones using non-deterministic finite automata
The VLDB Journal — The International Journal on Very Large Data Bases
Pragmatic XML access control using off-the-shelf RDBMS
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
Consistency and repair for XML write-access control policies
The VLDB Journal — The International Journal on Very Large Data Bases
HyXAC: a hybrid approach for XML access control
Proceedings of the 18th ACM symposium on Access control models and technologies
SVMAX: a system for secure and valid manipulation of XML data
Proceedings of the 17th International Database Engineering & Applications Symposium
Relational abstract interpretation for the verification of 2-hypersafety properties
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Hi-index | 0.00 |
Access control policies for XML typically use regular path expressions such as XPath for specifying the objects for access-control policies. However such access-control policies are burdens to the query engines for XML documents. To relieve this burden, we introduce static analysis for XML access-control. Given an access-control policy, query expression, and an optional schema, static analysis determines if this query expression is guaranteed not to access elements or attributes that are hidden by the access-control policy but permitted by the schema. Static analysis can be performed without evaluating any query expression against actual XML documents. Run-time checking is required only when static analysis is unable to determine whether to grant or deny access requests. A side effect of static analysis is query optimization: access-denied expressions in queries can be evaluated to empty lists at compile time. We further extend static analysis for handling value-based access-control policies and introduce view schemas.