Databases Reference
In-Depth Information
descendant of an authorized node, and it is not the descendant of any
denied node.
Step 3:
Create query regular expressions
. Given a query expressed in XQuery,
the XPath expressions appearing in the query are translated in equivalent
regular expressions E
r
. XPath expressions appearing as argument for the
clauses
FOR
,
LET
,
ORDER
,and
WHERE
are translated in equivalent (possibly
overestimated) regular expressions. XPath expressions appearing in the
RETURN
clause are overestimated and the regular expression generated cap-
tures also any descendant of the nodes defined by the XPath expression.
Note that recursive queries cannot be handled, since the corresponding
regular expression would not be defined.
Step 4:
Compare schema and access control automata with query regular ex-
pressions
. Given an XPath expression
r
,itmaybe:
•
always granted
, if every path accepted by the query regular expression
E
r
and by the schema automaton
M
G
is accepted by the (underesti-
mated) access control automaton
M
Γ
;
•
always denied
, if no path is accepted by all of the query regular expres-
sion
E
r
, the schem
a au
tomaton
M
G
, and the (overestimated) access
control automaton
M
Γ
;
•
statically indeterminated
, otherwise.
Note that, if the schema is not defined, the schema automaton
M
G
accepts
any path.
The proposed static analysis method does not support conditions involv-
ing values specified in the XML documents. However, it is possible to extend
the model to the aim of partially handling value-based access control. Intu-
itively, if an access control policy and a query specify the same predicate, it
is possible to incorporate the predicate in the underlying alphabet adopted to
build NFAs. To this aim, it is necessary a pre-processing phase of the static
analysis method that identifies and substitutes predicates with symbols. Even
if this solution does not eliminate predicates completely, it improves query
eciency by anticipating some predicate evaluations.
The main advantage of static analysis is that queries can be rewritten on
the basis of the XPath expressions they consider. If the query contains a path
expression classified as always denied by the fourth step of the static analysis
process, it can be removed from the query without evaluation. By contrast,
path expressions classified as always granted, simply need to be returned to
the requester. Those path expressions that are classified as statically indeter-
minate have to be run-time evaluated, on the basis of the specific instance
they refer to.
The authors provide also a way for easily building a schema (DTD or XML
Schema), which can be released without security threats, depending on the
authorizations of the requesting user. This method is based on the automata
structures previously described. The
view schema
contains only elements vis-
