Secure XML Querying with Security Views

13 years 12 months ago
Secure XML Querying with Security Views
The prevalent use of XML highlights the need for a generic, flexible access-control mechanism for XML documents that supports efficient and secure query access, without revealing sensitive information to unauthorized users. This paper introduces a novel paradigm for specifying XML security constraints and investigates the enforcement of such constraints during XML query evaluation. Our approach is based on the novel concept of security views, which provide for each user group (a) an XML view consisting of all and only the information that the users are authorized to access, and (b) a view DTD that the XML view conforms to. Security views effectively protect sensitive data from access and potential inferences by unauthorized users, and provide authorized users with necessary schema information to facilitate effective query formulation and optimization. We propose an efficient algorithm for deriving security view definitions from security policies (defined on the original document DTD) ...
Wenfei Fan, Chee Yong Chan, Minos N. Garofalakis
Added 08 Dec 2009
Updated 08 Dec 2009
Type Conference
Year 2004
Authors Wenfei Fan, Chee Yong Chan, Minos N. Garofalakis
Comments (0)