A General Approach for Securely Querying and Updating XML Data

Houari Mahfoud 1 Abdessamad Imine 1
1 CASSIS - Combination of approaches to the security of infinite states systems
FEMTO-ST - Franche-Comté Électronique Mécanique, Thermique et Optique - Sciences et Technologies (UMR 6174), Inria Nancy - Grand Est, LORIA - FM - Department of Formal Methods
Abstract : Over the past years several works have proposed access control models for XML data where only read-access rights over non-recursive DTDs are considered. A few amount of works have studied the access rights for updates. In this paper, we present a general model for specifying access control on XML data in the presence of update operations of W3C XQuery Update Facility. Our approach for enforcing such updates specifications is based on the notion of query rewriting where each update operation defined over arbitrary DTD (recursive or not) is rewritten to a safe one in order to be evaluated only over XML data which can be updated by the user. We investigate in the second part of this report the secure of XML updating in the presence of read-access rights specified by a security views. For an XML document, a security view represents for each class of users all and only the parts of the document these users are able to see. We show that an update operation defined over a security view can cause disclosure of sensitive data hidden by this view if it is not thoroughly rewritten with respect to both read and update access rights. Finally, we propose a security view based approach for securely updating XML in order to preserve the confidentiality and integrity of XML data.
Complete list of metadatas

https://hal.inria.fr/hal-00664975
Contributor : Houari Mahfoud <>
Submitted on : Tuesday, January 31, 2012 - 8:19:23 PM
Last modification on : Tuesday, December 18, 2018 - 4:38:25 PM
Long-term archiving on : Monday, November 19, 2012 - 3:20:52 PM

Files

RR-7870.pdf
Files produced by the author(s)

Identifiers

  • HAL Id : hal-00664975, version 1
  • ARXIV : 1202.0018

Citation

Houari Mahfoud, Abdessamad Imine. A General Approach for Securely Querying and Updating XML Data. [Research Report] RR-7870, INRIA. 2012, pp.23. ⟨hal-00664975⟩

Share

Metrics

Record views

569

Files downloads

220