A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
Filters
Static analysis of XML security views and query rewriting
2014
Information and Computation
Preserved Fulltext
Next, we investigate problems of static analysis of security access specifications (SAS): we introduce the novel class of interval-bounded SAS and we define three different manners to compare views (i.e ...
First, we study query rewriting with views when the classes used to defined queries and views are Regular XPath and MSO. ...
Acknowledgements: The authors thank Iovka Boneva and Yves André for fruitful discussions on access control and security views. ...
doi:10.1016/j.ic.2014.07.003
fatcat:cyqy62r7o5c3fbqk7lzxkrdtvq
Graph Matching Based Authorization Model for Efficient Secure XML Querying
2007
21st International Conference on Advanced Information Networking and Applications Workshops (AINAW'07)
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2007; you can also visit the original URL.
The file type is application/pdf.
for partially acceptable queries only if necessary, along with the features of optimization and speed-up for query rewriting by introducing an index structure. ...
XML is rapidly emerging as a standard for data representation and exchange over the World Wide Web and an increasing amount of sensitive business data is processed in the XML format. ...
Rewriting is necessary only for partially acceptable queries. Although similar static analysis technique has been proposed by Murata et al. ...
doi:10.1109/ainaw.2007.195
dblp:conf/aina/ChangCLF07
fatcat:k4efijwiqzfclhxtpyawlzuebi
QFilter: rewriting insecure XML queries to secure ones using non-deterministic finite automata
2010
The VLDB journal
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2011; you can also visit the original URL.
The file type is application/pdf.
QFilter is based on non-deterministic finite automata (NFA) and rewrites user's queries such that parts violating access control rules are pre-pruned. ...
In this paper, we ask whether XML access control can be supported when underlying (XML or relational) storage system does not provide adequate security features and propose three alternative solutions ...
Inspired by security view and query rewriting, a more recent work [14] annotates XML schema with access rights and converts it into a finite state automaton to rewrite queries. ...
doi:10.1007/s00778-010-0202-x
fatcat:eo2dwrn2lvcoteplm3xy3mmbiu
QFilter
2004
Proceedings of the Thirteenth ACM conference on Information and knowledge management - CIKM '04
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2005; you can also visit the original URL.
The file type is application/pdf.
view-based approaches that are often expensive to create and maintain; or (3) impractical proposals that require substantial security-related support from underlying XML databases. ...
At present, most of the state-of-the-art solutions for XML access controls are either (1) document-level access control techniques that are too limited to support fine-grained security enforcement; (2) ...
static analysis methods. ...
doi:10.1145/1031171.1031273
dblp:conf/cikm/LuoLLL04
fatcat:e5kiavaj4rgwtpgmoiot3aqh5e
Towards a physical XML independent XQuery/SQL/XML engine
2008
Proceedings of the VLDB Endowment
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2011; you can also visit the original URL.
The file type is application/pdf.
This results in logical and physical rewrite techniques to optimize XQuery and SQL/XML over a variety of physical XML storage, index and view models, including schema aware object relational XML storage ...
XML storage, index and view model. ...
ACKNOWLEDGEMENTS We gratefully acknowledge the contributions of all the members of the Oracle XML DB development and product management teams. ...
doi:10.14778/1454159.1454177
fatcat:jdlyx66mcvhovhj67z7fy56q2a
Secure XML querying based on authorization graphs
2010
Information Systems Frontiers
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2013; you can also visit the original URL.
The file type is application/pdf.
In this way, there will be no further security overhead for the processing of fully acceptable and rejectable queries. ...
XML is rapidly emerging as a standard for data representation and exchange over the World Wide Web and an increasing amount of sensitive business data is processed in XML format. ...
XPath query analysis and rewriting Given a user query and a precomputed authorization model, the final step of our security enforcement mechanism is to analyze and rewrite the query into a secure XPath ...
doi:10.1007/s10796-010-9289-2
fatcat:elwstorbxrgl7n2mxdyjchbrfq
A general approach to securely querying XML
2008
Computer Standards & Interfaces
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2019; you can also visit the original URL.
The file type is application/pdf.
In [15, 23] , the problem of unsafe query is solved by rewriting the input query based on the notion of security view. ...
A different approach has been explored in [28] , which performs a static analysis that classifies a XML query to be either always-granted or always-denied before submitting it to an XML engine. ...
doi:10.1016/j.csi.2008.03.006
fatcat:iojbapbyavag7keccljt42ekau
Policy Classes and Query Rewriting Algorithm for XML Security Views
[chapter]
2006
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2019; you can also visit the original URL.
The file type is application/pdf.
Finally, we discuss the query rewriting approach for our model of XML security views. ...
We provide a classification of policies using different options of security label propagation and conflict resolution. ...
Acknowledgments I would like to thank Gabriel Kuper and Fabio Massacci for encouragement and many useful discussions, and Gabriel Kuper, in particular, for checking my English. ...
doi:10.1007/11805588_8
fatcat:ahof6d6ff5hnjahagxdg3k6trq
Semantic Mediation for A Posteriori Log Analysis
2019
Proceedings of the 14th International Conference on Availability, Reliability and Security - ARES '19
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL.
The file type is application/pdf.
CCS CONCEPTS • Behavioral Analysis for Access and Usage Control → A posteriori log analysis. ...
The a posteriori access control mode consists in monitoring actions performed by users, to detect possible violations of the security policy and to apply sanctions or reparations. ...
ACKNOWLEDGMENTS This research is funded by be-studys, Meyrin 123, c/o BDO SA, 1219 Châtelaine, GENEVE, a mark of the group be-ys dedicated to research and innovation. ...
doi:10.1145/3339252.3340104
dblp:conf/IEEEares/DernaikaCCR19
fatcat:x2gbgruj5fa2dcsmxd2zspstfm
A Flexible Framework for Architecting XML Access Control Enforcement Mechanisms
[chapter]
2004
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2007; you can also visit the original URL.
The file type is application/pdf.
However, little effort has been put forth to facilitate a uniform analysis and comparison of these schemes under the same framework. ...
Under this framework, we observe that most existing XML access control mechanisms share the same design principle with slightly different orderings of underlying building blocks (i.e., data, query, and ...
Performance Evaluation Now we validate the analysis of Section 4 with the experimental results. We use Galax 0.3.1 [14] as the underlying XML engine, and XMark [13] schema and data set. ...
doi:10.1007/978-3-540-30073-1_10
fatcat:ef3wq3ikybhwbkpepeh3t3ekxu
Secure Querying of Recursive XML Views: A Standard XPath-based Technique
[article]
2011
arXiv
pre-print
Preserved Fulltext
The Internet Archive has a preservation copy of this work in our general collections.
The file type is application/pdf.
This rewriting enables us to avoid the overhead of view materialization and maintenance. A major concern here is that query rewriting for recursive XML views is still an open problem. ...
Most state-of-the art approaches for securing XML documents allow users to access data only through authorized views defined by annotating an XML grammar (e.g. ...
Security Specification. Figure 9 (b) represents the hospital DTD view D v of a research institute studying inherited patterns of some diseases. ...
arXiv:1112.2605v1
fatcat:hms4nnvtovfp5pceblebqhmvxm
Secure querying of recursive XML views
2012
Proceedings of the 21st international conference companion on World Wide Web - WWW '12 Companion
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2015; you can also visit the original URL.
The file type is application/pdf.
This rewriting enables us to avoid the overhead of view materialization and maintenance. A major concern here is that query rewriting for recursive XML views is still an open problem. ...
Most state-of-the art approaches for securing XML documents allow users to access data only through authorized views defined by annotating an XML grammar (e.g. ...
Security Specification. Figure 9 (b) represents the hospital DTD view D v of a research institute studying inherited patterns of some diseases. ...
doi:10.1145/2187980.2188134
dblp:conf/www/MahfoudI12
fatcat:mgzf2xwgh5e7fmi456nb5kuyny
XML access control using static analysis
2006
ACM Transactions on Privacy and Security
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
We have built a prototype of static analysis for XQuery, and shown the effectiveness and scalability through experiments. ...
A nice side-effect of static analysis is query optimization: access-denied expressions in queries can be evaluated to empty lists at compile time. ...
Such frameworks typically rely on runtime analysis and do not use static analysis. Our static analysis for XML access control is made possible by the tree-structured nature of XML. ...
doi:10.1145/1178618.1178621
fatcat:wtjosayjgreunov7cynu54axcq
XML access control using static analysis
2003
Proceedings of the 10th ACM conference on Computer and communication security - CCS '03
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
We have built a prototype of static analysis for XQuery, and shown the effectiveness and scalability through experiments. ...
A nice side-effect of static analysis is query optimization: access-denied expressions in queries can be evaluated to empty lists at compile time. ...
Such frameworks typically rely on runtime analysis and do not use static analysis. Our static analysis for XML access control is made possible by the tree-structured nature of XML. ...
doi:10.1145/948121.948122
fatcat:ifqx53vv55eptk3gwymk4i7tn4
XML access control using static analysis
2003
Proceedings of the 10th ACM conference on Computer and communication security - CCS '03
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
We have built a prototype of static analysis for XQuery, and shown the effectiveness and scalability through experiments. ...
A nice side-effect of static analysis is query optimization: access-denied expressions in queries can be evaluated to empty lists at compile time. ...
Such frameworks typically rely on runtime analysis and do not use static analysis. Our static analysis for XML access control is made possible by the tree-structured nature of XML. ...
doi:10.1145/948109.948122
dblp:conf/ccs/MurataTKH03
fatcat:nq6y5djdsje3vgquu55sep6ju4
« Previous
Showing results 1 — 15 out of 1,525 results