Skip to Main content Skip to Navigation
Conference papers

Secure querying of recursive XML views: a standard xpath-based technique

Houari Mahfoud 1 Abdessamad Imine 1
1 CASSIS - Combination of approaches to the security of infinite states systems
FEMTO-ST - Franche-Comté Électronique Mécanique, Thermique et Optique - Sciences et Technologies (UMR 6174), Inria Nancy - Grand Est, LORIA - FM - Department of Formal Methods
Abstract : Most state-of-the art approaches for securing XML documents allow users to access data only through authorized views defined by annotating an XML grammar (e.g. DTD) with a collection of XPath expressions. To prevent improperdisclosure of confidential information, user queries posed on these views need to be rewritten into equivalent queries on the underlying documents, which enables us to avoid the overhead of view materialization and maintenance. A major concern here is that XPath query rewriting for recursive XML views is still an open problem. To overcome this problem, some authors have proposed rewriting approaches based on the non-standard language, "Regular XPath", which is more expressive than XPath and makes rewriting possible under recursion. However, query rewriting under Regular XPath can be of exponential size as it relies on automaton model. Most importantly, Regular XPath remains a theoretical achievement. Indeed, it is not commonly used in practice as translation and evaluation tools are not available. In this work, we show that query rewriting is always possible for recursive XML views using only the expressive power of the standard XPath. We propose a general approach for securely querying of XML data under arbitrary security views (recursive or not) and for a significant fragment of XPath. We provide a linear rewriting algorithm that is efficient and scales well.
Complete list of metadatas
Contributor : Abdessamad Imine <>
Submitted on : Monday, December 3, 2012 - 10:38:39 AM
Last modification on : Tuesday, October 27, 2020 - 2:34:41 PM



Houari Mahfoud, Abdessamad Imine. Secure querying of recursive XML views: a standard xpath-based technique. The World Wide Web Conference (WWW 2012), Apr 2012, Lyon, France. pp.575-576, ⟨10.1145/2187980.2188134⟩. ⟨hal-00759903⟩



Record views