Get 20M+ Full-Text Papers For Less Than $1.50/day. Start a 14-Day Trial for You or Your Team.

Learn More →

QFilter : rewriting insecure XML queries to secure ones using non-deterministic finite automata

QFilter : rewriting insecure XML queries to secure ones using non-deterministic finite automata In this paper, we ask whether XML access control can be supported when underlying (XML or relational) storage system does not provide adequate security features and propose three alternative solutions — primitive , pre-processing , and post-processing . Toward that scenario, in particular, we advocate a scalable and effective pre-processing approach, called QFilter . QFilter is based on non-deterministic finite automata (NFA) and rewrites user’s queries such that parts violating access control rules are pre-pruned. Through analysis and experimental validation, we show that (1) QFilter guarantees that only permissible portion of data is returned to the authorized users, (2) such access controls can be efficiently enforced without relying on security features of underlying storage system, and (3) such independency makes QFilter capable of many emerging applications, such as in-network access control and access control outsourcing. http://www.deepdyve.com/assets/images/DeepDyve-Logo-lg.png The VLDB Journal Springer Journals

QFilter : rewriting insecure XML queries to secure ones using non-deterministic finite automata

The VLDB Journal , Volume 20 (3) – Jun 1, 2011

Loading next page...
1
 
/lp/springer_journal/qfilter-rewriting-insecure-xml-queries-to-secure-ones-using-non-Z04yfATIbq

References (56)

Publisher
Springer Journals
Copyright
Copyright © 2011 by Springer-Verlag
Subject
Computer Science; Database Management
ISSN
1066-8888
eISSN
0949-877X
DOI
10.1007/s00778-010-0202-x
Publisher site
See Article on Publisher Site

Abstract

In this paper, we ask whether XML access control can be supported when underlying (XML or relational) storage system does not provide adequate security features and propose three alternative solutions — primitive , pre-processing , and post-processing . Toward that scenario, in particular, we advocate a scalable and effective pre-processing approach, called QFilter . QFilter is based on non-deterministic finite automata (NFA) and rewrites user’s queries such that parts violating access control rules are pre-pruned. Through analysis and experimental validation, we show that (1) QFilter guarantees that only permissible portion of data is returned to the authorized users, (2) such access controls can be efficiently enforced without relying on security features of underlying storage system, and (3) such independency makes QFilter capable of many emerging applications, such as in-network access control and access control outsourcing.

Journal

The VLDB JournalSpringer Journals

Published: Jun 1, 2011

There are no references for this article.