Abstract
We study the problem of querying virtual security views of XML data that has received a great attention during the past years. A major concern here is that user XPath queries posed on recursive views cannot be rewritten to be evaluated on the underlying XML data. Existing rewriting solutions are based on the non-standard language, “Regular XPath”, which makes rewriting possible under recursion. However, query rewriting under Regular XPath can be of exponential size. We show that query rewriting is always possible for arbitrary security views (recursive or not) by using only the expressive power of the standard XPath. We propose a more expressive language to specify XML access control policies as well as an efficient algorithm to enforce such policies. Finally, we present our system, called SVMAX, that implements our solutions and we show that it scales well through an extensive experimental study based on real-life DTD.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
The original name is the DMP, that refers in French to “Dossier Médical Personnel”.
- 2.
Available at: http://www.hl7standards.com/.
- 3.
A recursive schema has at least an element defined (in)directly in terms of itself.
- 4.
Paths composed by only inaccessible nodes.
- 5.
- 6.
We recall that indices in our examples of XML trees are used to distinguish between elements of the same type, e.g. \(course_1\) and \(course_2\). Moreover, because of space limitation we focus only on some nodes while \(\bigtriangleup \) denotes the remaining ones.
- 7.
This translation is necessary only if the views of the data are virtual, i.e. not materialized.
- 8.
A security view is recursive if it is defined over a recursive DTD.
- 9.
According to [44], this may happen when the required treatment is outside the area of expertise of the current responsible doctor.
- 10.
We use ancestors(n) to refer to all ancestors of the node n.
- 11.
For \(\alpha _{i}\in \{\downarrow ^{+},\downarrow ^{*}\}\), \(\alpha ^{-1}_{i}\)=\(\uparrow ^{+}\) if \(\alpha _i\)=\(\downarrow ^{+}\) and \(\uparrow ^{*}\) otherwise.
- 12.
This is still an ongoing work: we deal only with simple kinds of DTDs and update operations, however, the global case is part of our perspective.
- 13.
It is undecidable in general to find a regular solution for a context-free grammar.
- 14.
Genealogy Markup Language: http://xml.coverpages.org/gedml-dtd9808.txt.
- 15.
The size of an XPath expression is the occurrence number of all its element types, \(*\)-labels, and text() functions.
- 16.
In the following figures, the numbers of queried nodes are depicted at the middle.
- 17.
Note that no tool exists in practice to evaluate Regular XPath queries.
References
Robie, J., Chamberlin, D., Dyck, M., Florescu, D., Melton, J., Siméon, J.: Extensible Markup Language (XML) 1.0 (Fifth Edition). W3C Recommendation (2008). http://www.w3.org/TR/2008/REC-xml-20081126/
Bray, T., Paoli, J., Sperberg-McQueen, C.M., Maler, E., Yergeau, F., Cowan, J.: Extensible Markup Language (XML) 1.1 (Second Edition). W3C Recommendation (2006). http://www.w3.org/TR/2006/REC-xml11-20060816/
Amavi, J., Chabin, J., Halfeld-Ferrari, M., Réty, P.: A toolbox for conservative XML schema evolution and document adaptation. In: Decker, H., Lhotská, L., Link, S., Spies, M., Wagner, R.R. (eds.) DEXA 2014, Part I. LNCS, vol. 8644, pp. 299–307. Springer, Heidelberg (2014)
Chabin, J., Halfeld Ferrari, M., Musicante, M.A., Réty, P.: Conservative type extensions for XML data. In: Hameurlain, A., Küng, J., Wagner, R. (eds.) TLDKS IX. LNCS, vol. 7980, pp. 65–94. Springer, Heidelberg (2013)
Gerald, B., Sleeper, H., Gregorowicz, A., Dingwell, R.: hData - a simple XML framework for health data exchange. In: Proceedings of Balisage: The Markup Conference, Montral, Canada, August 11–14, 2009, vol. 3, pp. 299–307 (2009)
Fried, E., Geng, Y., Ullrich, S., Kneer, D., Grottke, O., Rossaint, R., Deserno, T.M., Kuhlen, T.: MEDOX: an XML-based approach of medical data organization for segmentation and simulation. In: Bildverarbeitung für die Medizin 2010 - Algorithmen - Systeme - Anwendungen, Aachen, Germany, March 14–16, 2010. CEUR Workshop Proceedings, vol. 574, 251–255. CEUR-WS.org (2010)
Cavalini, L.T., Cook, T.W.: Use of XML schema definition for the development of semantically interoperable healthcare applications. In: Gibbons, J., MacCaull, W. (eds.) FHIES 2013. LNCS, vol. 8315, pp. 125–145. Springer, Heidelberg (2014)
la Rosa Algarin, A.D., Demurjian, S.A., Berhe, S., Pavlich-Mariscal, J.A.: A security framework for XML schemas and documents for healthcare. In: 2012 IEEE International Conference on Bioinformatics and Biomedicine Workshops, BIBMW 2012, Philadelphia, USA, October 4–7, 2012, pp. 782–789. IEEE (2012)
Steele, R., Gardner, W., Chandra, D., Dillon, T.S.: Framework and prototype for a secure XML-based electronic health records system. IJEH 3(2), 151–174 (2007)
Kumar, C.S., Govardhan, A., Rao, C.V.G.: Usage of XML technology in electronic health record for effective heterogeneous systems integration in healthcare. IJMEI 1(4), 399–406 (2009)
Thuy, P.T.T., Lee, Y., Lee, S.: Semantic and structural similarities between XML schemas for integration of ubiquitous healthcare data. Pers. Ubiquit. Comput. 17(7), 1331–1339 (2013)
IBM jStart team: IBM Emerging Technology’s client engagement team. http://www-01.ibm.com/software/ebusiness/jstart/
DITA OASIS Standard: An XML architecture for designing, writing, managing, and publishing information. http://dita.xml.org/
ebXML consortium: Electronic Business using eXtensible Markup Language. http://www.ebxml.org/
Oracle White Paper: Sun Storage 7000 Unified Storage Systems and XML-Based Archiving for SAP Systems, April 2010. http://www.oracle.com/us/solutions/sap/database/ss7000-sap-implementation-guide-352637.pdf
Rassadko, N.: Policy classes and query rewriting algorithm for XML security views. In: Damiani, E., Liu, P. (eds.) Data and Applications Security 2006. LNCS, vol. 4127, pp. 104–118. Springer, Heidelberg (2006)
Fan, W., Geerts, F., Jia, X., Kementsietsidis, A.: Rewriting regular xpath queries on XML views. In: ICDE, pp. 666–675. IEEE (2007)
Groz, B., Staworko, S., Caron, A.-C., Roos, Y., Tison, S.: XML security views revisited. In: Gardner, P., Geerts, F. (eds.) DBPL 2009. LNCS, vol. 5708, pp. 52–67. Springer, Heidelberg (2009)
Luo, B., Lee, D., Lee, W.C., Liu, P.: Qfilter: rewriting insecure XML queries to secure ones using non-deterministic finite automata. VLDB J. 20(3), 397–415 (2011)
Cong, G.: Query and update through XML views. In: Bhalla, S. (ed.) DNIS 2007. LNCS, vol. 4777, pp. 81–95. Springer, Heidelberg (2007)
Damiani, E., Fansi, M., Gabillon, A., Marrara, S.: A general approach to securely querying XML. Comput. Stand. Interfaces 30(6), 379–389 (2008)
Clark, J., DeRose, S.: XML path language (XPath) 1.0. W3C Recommendation, November 1999. http://www.w3.org/TR/xpath/
Berglund, A., Boag, S., Chamberlin, D., Fernández, M.F., Kay, M., Robie, J., Siméon, J.: XML path language (XPath) 2.0 (second edition). W3C Recommendation, December 2010. http://www.w3.org/TR/2010/REC-xpath20-20101214/
Kuper, G.M., Massacci, F., Rassadko, N.: Generalized XML security views. Int. J. Inf. Sec. 8(3), 173–203 (2009)
Fan, W., Chan, C.Y., Garofalakis, M.N.: Secure XML querying with security views. In: Proceedings of the ACM SIGMOD International Conference on Management of Data, pp. 587–598. ACM (2004)
Choi, B.: What are real dtds like? In: Fifth International Workshop on the Web and Databases (WebDB), pp. 43–48 (2002)
Fan, W., Geerts, F., Jia, X., Kementsietsidis, A.: SMOQE: a system for providing secure access to XML. In: Proceedings of the 32nd International Conference on Very Large Data Bases, pp. 1227–1230. ACM (2006)
Marx, M.: XPath with conditional axis relations. In: Bertino, E., Christodoulakis, S., Plexousakis, D., Christophides, V., Koubarakis, M., Böhm, K. (eds.) EDBT 2004. LNCS, vol. 2992, pp. 477–494. Springer, Heidelberg (2004)
Wood, P.T.: Containment for XPath fragments under DTD constraints. In: Calvanese, D., Lenzerini, M., Motwani, R. (eds.) ICDT 2003. LNCS, vol. 2572, pp. 297–311. Springer, Heidelberg (2002)
Neven, F., Schwentick, T.: On the complexity of Xpath containment in the presence of disjunction, DTDs, and variables. Logical Methods in Computer Science 2(3) (2006)
Robie, J., Chamberlin, D., Dyck, M., Florescu, D., Melton, J., Siméon, J.: Xquery update facility 1.0. W3C Recommendation, March 2011. http://www.w3.org/TR/xquery-update-10/
Mahfoud, H., Imine, A.: A general approach for securely updating XML data. In: Proceedings of the 15th International Workshop on the Web and Databases (WebDB 2012), pp. 55–60 (2012)
Mahfoud, H., Imine, A.: On securely manipulating XML data. In: Garcia-Alfaro, J., Cuppens, F., Cuppens-Boulahia, N., Miri, A., Tawbi, N. (eds.) FPS 2012. LNCS, vol. 7743, pp. 293–307. Springer, Heidelberg (2013)
Fundulaki, I., Maneth, S.: Formalizing XML access control for update operations. In: SACMAT, pp. 169–174. ACM (2007)
Mahfoud, H., Imine, A., Rusinowitch, M.: SVMAX: a system for secure and valid manipulation of XML data. In: Proceedings of the 17th International Database Engineering & Applications Symposium (IDEAS), pp. 154–161. ACM (2013)
Jia, X.: From Relations to XML: Cleaning, Integrating and Securing Data. Doctor of philosophy, Laboratory for Foundations of Computer Science. School of Informatics. University of Edinburgh (2007)
Fan, W., Yu, J.X., Li, J., Ding, B., Qin, L.: Query translation from XPath to SQL in the presence of recursive dtds. VLDB J. 18(4), 857–883 (2009)
Krishnamurthy, R., Chakaravarthy, V.T., Kaushik, R., Naughton, J.F.: Recursive XML schemas, recursive XML queries, and relational storage: XML-to-SQL query translation. In: Proceedings of the 20th International Conference on Data Engineering (ICDE 2004), pp. 42–53. IEEE Computer Society (2004)
ten Cate, B.: The expressivity of XPath with transitive closure. In: Proceedings of the Twenty-Fifth ACM SIGACT-SIGMOD-SIGART Symposium on Principles of Database Systems (PODS 2006), pp. 328–337. ACM (2006)
Stoica, A., Farkas, C.: Secure XML views. In: Research Directions in Data and Applications Security, IFIP WG 11.3 Sixteenth International Conference on Data and Applications Security. IFIP Conference Proceedings, vol. 256, pp. 133–146. Kluwer (2002)
Duong, M., Zhang, Y.: An integrated access control for securely querying and updating XML data. In: Proceedings of the Nineteenth Australasian Database Conference (ADC). CRPIT, vol. 75, pp. 75–83. Australian Computer Society (2008)
Thimma, M., Tsui, T.K., Luo, B.: HyXAC: a hybrid approach for XML access control. In: 18th ACM Symposium on Access Control Models and Technologies (SACMAT), ACM (2013)
Fegaras, L.: Incremental maintenance of materialized XML views. In: Hameurlain, A., Liddle, S.W., Schewe, K.-D., Zhou, X. (eds.) DEXA 2011, Part II. LNCS, vol. 6861, pp. 17–32. Springer, Heidelberg (2011)
Shastry, P.D.N.M.: Integrated Healthcare IHE Pathway for the Patients: Patient Treatment Lifecycle Management (PTLM). Radiology Clinic, United Kingdom (2000). (October 2012) http://www.clinrad.nhs.uk/
Samarati, P., di Vimercati, S.C.: Access control: policies, models, and mechanisms. In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2000. LNCS, vol. 2171, pp. 137–146. Springer, Heidelberg (2001)
Fundulaki, I., Marx, M.: Specifying access control policies for XML documents with XPath. In: SACMAT 2004, 9th ACM Symposium on Access Control Models and Technologies, pp. 61–69, ACM (2004)
Murata, M., Tozawa, A., Kudo, M., Hada, S.: XML access control using static analysis. ACM Trans. Inf. Syst. Secur. 9(3), 292–324 (2006)
Gottlob, G., Koch, C., Pichler, R.: Efficient algorithms for processing XPath queries. ACM Trans. Database Syst. 30(2), 444–491 (2005)
Mahfoud, H., Imine, A.: Secure querying of recursive XML views: a standard XPath-based technique. In: WWW (Companion Volume), pp. 575–576. ACM (2012)
Kuper, G.M., Massacci, F., Rassadko, N.: Generalized XML security views. In: 10th ACM Symposium on Access Control Models and Technologies (SACMAT), pp. 77–84. ACM (2005)
Andrei, S., Chin, W.N., Cavadini, S.V.: Self-embedded context-free grammars with regular counterparts. Acta Inf. 40(5), 349–365 (2004)
Murata, M., Tozawa, A., Kudo, M., Hada, S.: XML access control using static analysis. In: Proceedings of the 10th ACM Conference on Computer and Communications Security (CCS), pp. 73–84. ACM (2003)
Duong, M., Zhang, Y.: Dynamic labelling scheme for XML data processing. In: Meersman, R., Tari, Z. (eds.) OTM 2008, Part II. LNCS, vol. 5332, pp. 1183–1199. Springer, Heidelberg (2008)
Oasis extensible access control markup language (XACML) TC, January 3013. https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml
Bonifati, A., Goodfellow, M.H., Manolescu, I., Sileo, D.: Algebraic incremental maintenance of XML views. In: 14th International Conference on Extending Database Technology (EDBT), pp. 177–188. ACM (2011)
Nica, A.: Incremental maintenance of materialized views with outerjoins. Inf. Syst. 37(5), 430–442 (2012)
Gupta, A., Mumick, I.S.: Maintenance of materialized views: Problems, techniques, and applications. IEEE Data Eng. Bull. 18(2), 3–18 (1995)
Gupta, A., Mumick, I.S., Rao, J., Ross, K.A.: Adapting materialized views after redefinitions: techniques and a performance study. Inf. Syst. 26(5), 323–362 (2001)
Maneth, S., Nguyen, K.: XPath whole query optimization. PVLDB 3(1), 882–893 (2010)
Georgiadis, H., Charalambides, M., Vassalos, V.: A query optimization assistant for XPath. In: Proceedings of the 14th International Conference on Extending Database Technology (EDBT 2011), ACM (2011)
Hsu, W.C., Liao, I.E.: CIS-X: a compacted indexing scheme for efficient query evaluation of XML documents. Inf. Sci. 241, 195–211 (2013)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Mahfoud, H., Imine, A. (2015). Efficient Querying of XML Data Through Arbitrary Security Views. In: Hameurlain, A., Küng, J., Wagner, R. (eds) Transactions on Large-Scale Data- and Knowledge-Centered Systems XXII. Lecture Notes in Computer Science(), vol 9430. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-48567-5_3
Download citation
DOI: https://doi.org/10.1007/978-3-662-48567-5_3
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-48566-8
Online ISBN: 978-3-662-48567-5
eBook Packages: Computer ScienceComputer Science (R0)