We investigate a generalization of the notion of XML security view introduced by Stoica and Farkas [17] and later refined by Fan et al. [8]. The model consists of access control policies specified over DTDs with XPath expression for data-dependent access control policies. We provide the notion of security views for characterizing information accessible to authorized users. This is a transformed (sanitized) DTD schema that can be used by users for query formulation and optimization. Then we show an algorithm to materialize “authorized” version of the document from the view and an algorithm to construct the view from an access control specification. We also propose a number of generalizations for security policies 1 . Categories and Subject Descriptors H.2.7 [Database Administration]: Security, integrity and protection—Access control General Terms Algorithms, Security Keywords XML access control, XML views, XPath
Gabriel M. Kuper, Fabio Massacci, Nataliya Rassadk