On Securely Manipulating XML Data

Houari Mahfoud 1 Abdessamad Imine 1
1 CASSIS - Combination of approaches to the security of infinite states systems
FEMTO-ST - Franche-Comté Électronique Mécanique, Thermique et Optique - Sciences et Technologies (UMR 6174), Inria Nancy - Grand Est, LORIA - FM - Department of Formal Methods
Abstract : Over the past years several works have proposed access control models for XML data where only read-access rights over non-recursive DTDs are considered. A small number of works have studied the access rights for updates. In this paper, we present a general model for specifying access control on XML data in the presence of the update operations of W3C XQuery Update Facility. Our approach for enforcing such update spec- ification is based on the notion of query rewriting. A major issue is that query rewriting for recursive DTDs is still an open problem. We show that this limitation can be avoided using only the expressive power of the standard XPath, and we propose a linear algorithm to rewrite each update operation defined over an arbitrary DTD (recursive or not) into a safe one in order to be evaluated only over the XML data which can be updated by the user. This paper represents the first effort for securely XML updating in the presence of arbitrary DTDs (recursive or not) and a rich fragment of XPath. Finally, we study the interaction between read and update access rights to preserve the confidentiality and integrity of XML data.
Type de document :
Communication dans un congrès
Conférence des Bases de Données Avancées (BDA 2012), Oct 2012, Clermont-Ferrand, France. 2012
Liste complète des métadonnées

https://hal.inria.fr/hal-00759898
Contributeur : Abdessamad Imine <>
Soumis le : lundi 3 décembre 2012 - 10:30:23
Dernière modification le : vendredi 6 juillet 2018 - 15:06:10

Identifiants

  • HAL Id : hal-00759898, version 1

Citation

Houari Mahfoud, Abdessamad Imine. On Securely Manipulating XML Data. Conférence des Bases de Données Avancées (BDA 2012), Oct 2012, Clermont-Ferrand, France. 2012. 〈hal-00759898〉

Partager

Métriques

Consultations de la notice

264