xml security views
play

XML Security Views Queries, Updates, and Schema Beno t Groz - PowerPoint PPT Presentation

Aug 30, 2022 •160 likes •926 views

XML Security Views Queries, Updates, and Schema Beno t Groz University of Lille, Mostrare INRIA PhD defense, October 2012 Beno t Groz (Mostrare) XML Security Views PhD defense, October 2012 1 / 45 Talk Outline Context 1

  1. XML Security Views Queries, Updates, and Schema Benoˆ ıt Groz University of Lille, Mostrare INRIA PhD defense, October 2012 Benoˆ ıt Groz (Mostrare) XML Security Views PhD defense, October 2012 1 / 45

  2. Talk Outline Context 1 Motivations XML framework Problems presented Modelization 2 Alignments VPAs Determinacy and Query rewriting 3 Definition, hardness results A restriction: interval bounded-queries Our results View update 4 Deterministic schema 5 Glushkov relations and determinism Problem statement Algorithm to decide determinism Summary Benoˆ ıt Groz (Mostrare) XML Security Views PhD defense, October 2012 2 / 45

  3. Outline Context 1 Motivations XML framework Problems presented Modelization 2 3 Determinacy and Query rewriting 4 View update 5 Deterministic schema Benoˆ ıt Groz (Mostrare) XML Security Views PhD defense, October 2012 3 / 45

  4. Context: Protecting data March 2011: an attack retrieved huge mailing lists from Epsilon, a leading online marketing company. April 2011: Sony’s PlayStation network : 100 million customer accounts compromised including street numbers, email, and passwords. June 2011: CitiBank communicated a breach into 1% of its credit card accounts (200.000 customers). March 2012: 1.500.000 card numbers compromised as a result of unauthorized access into GlobalPayment processing system. Benoˆ ıt Groz (Mostrare) XML Security Views PhD defense, October 2012 4 / 45

  5. Context: XML constellation Purpose: large-scale electronic publishing usability over the Internet compatibility with SGML facilitating automatic processing of the documents Features: document model: a document = a tree Languages to manipulate the document: Query and Transformation languages: XPath, XQuery, XQUF, XSLT Schema languages: DTD, RelaxNG, XML Schema, Schematron Benoˆ ıt Groz (Mostrare) XML Security Views PhD defense, October 2012 5 / 45

  6. Our project The Source side: The View side: the hidden part what the user sees Definition of view V Access Schema View schema specification View document XML document t t ′ = V iew ( V , t ) ? Query Q 1 over Query Q real document over the view Source update u s View update u v Benoˆ ıt Groz (Mostrare) XML Security Views PhD defense, October 2012 6 / 45

  7. Our project Project: Develop techniques for XML security views. Originally: techniques to reason about XML security views. ... but the problem addressed are general database problems: can find application in any system using views, and more... Benoˆ ıt Groz (Mostrare) XML Security Views PhD defense, October 2012 7 / 45

  8. XML document XMLDocument Tree representation bib <bib> <book> paper <author> Abiteboul </author> book book . . . . . . <author> Vianu </author> <title> Foundations. . . </title> author author title </book> <book> Abiteboul Vianu Foundations. . . . . . </book> <paper> . . . </paper> </bib> labeled ordered unranked trees Benoˆ ıt Groz (Mostrare) XML Security Views PhD defense, October 2012 8 / 45

  9. XML document XMLDocument Tree representation bib <bib> <book> paper <author> Abiteboul </author> book book . . . . . . <author> Vianu </author> <title> Foundations. . . </title> author author title </book> <book> Abiteboul Vianu Foundations. . . . . . </book> <paper> . . . </paper> </bib> labeled ordered unranked trees Benoˆ ıt Groz (Mostrare) XML Security Views PhD defense, October 2012 8 / 45

  10. XML document XMLDocument Tree representation bib <bib> <book> paper <author> Abiteboul </author> book book . . . . . . <author> Vianu </author> <title> Foundations. . . </title> author author title </book> <book> Abiteboul Vianu Foundations. . . . . . </book> <paper> . . . </paper> </bib> labeled ordered unranked trees Benoˆ ıt Groz (Mostrare) XML Security Views PhD defense, October 2012 8 / 45

  11. XML document XMLDocument Tree representation bib <bib> <book> paper <author> Abiteboul </author> book book . . . . . . <author> Vianu </author> <title> Foundations. . . </title> author author title </book> <book> Abiteboul Vianu Foundations. . . . . . </book> <paper> . . . </paper> </bib> labeled ordered unranked trees Benoˆ ıt Groz (Mostrare) XML Security Views PhD defense, October 2012 8 / 45

  12. DTD DTD D tree t satisfying D bib bib → ( book + paper ) ∗ paper book → author ∗ , title book book . . . . . . author → # PCDATA title → # PCDATA author author title Abiteboul Vianu Foundations. . . Benoˆ ıt Groz (Mostrare) XML Security Views PhD defense, October 2012 9 / 45

  13. XPath Definition Query: function t �→ Q ( t ) ⊆ Nodes ( t ) Several XPath languages: XPath 1.0, XPath 2.0, XPath 3.0 ... Researchers very often focus on the navigational core. Core XPath 1.0 ⊂ Conditional XPath ⊂ Regular XPath [Marx EDBT’04] . Benoˆ ıt Groz (Mostrare) XML Security Views PhD defense, October 2012 10 / 45

  14. XPath House of Windsor king K queen king N N king king duke king duke K K queen queen king king king queen king Q Regular XPath: path expressions with transitive closure and filters N ⇓ ∗ :: duke K ( ⇓ :: king / ⇓ :: queen ) ∗ Q ( ⇓ :: king / ⇓ :: queen ) ∗ / self::[ ⇒ :: king / ⇒ :: king ] Benoˆ ıt Groz (Mostrare) XML Security Views PhD defense, October 2012 11 / 45

  15. XPath House of Windsor king K queen king N N king king duke king duke K K queen queen king king king queen king Q Regular XPath: path expressions with transitive closure and filters N ⇓ ∗ :: duke K ( ⇓ :: king / ⇓ :: queen ) ∗ Q ( ⇓ :: king / ⇓ :: queen ) ∗ / self::[ ⇒ :: king / ⇒ :: king ] Benoˆ ıt Groz (Mostrare) XML Security Views PhD defense, October 2012 11 / 45

  16. XPath House of Windsor king K queen king N N king king duke king duke K K queen queen king king king queen king Q Regular XPath: path expressions with transitive closure and filters N ⇓ ∗ :: duke K ( ⇓ :: king / ⇓ :: queen ) ∗ Q ( ⇓ :: king / ⇓ :: queen ) ∗ / self::[ ⇒ :: king / ⇒ :: king ] Benoˆ ıt Groz (Mostrare) XML Security Views PhD defense, October 2012 11 / 45

  17. XQUF Update language based on XQuery (thereby on XPath) for $ x in ⇓ ∗ :: duke return delete node $ x , insert node <other>...</other> before $ x king king queen queen king king king king other queen king other duke queen king duke . . . . . . Benoˆ ıt Groz (Mostrare) XML Security Views PhD defense, October 2012 12 / 45

  18. (Security) views Security views are simple views defined in [Fan et al.’04 and ’07]. Operations: hide or rename nodes. Example Storing successive versions of papers, hiding old versions DTD D 0 : docs → paper ∗ paper → name , version version → number , files , prev prev → version | ε Q 0 = ⇓ :: paper / (self ∪ ⇓ :: name ∪ ⇓ :: version / ⇓ :: files ) Here, security view = pair ( D 0 , Q 0 ) Nodes selected by Q 0 (plus root) are visible, others are hidden. Benoˆ ıt Groz (Mostrare) XML Security Views PhD defense, October 2012 13 / 45

  19. (Security) views What happens when the parent of a visible node n is hidden? Two approaches: forbid this (upward-closed queries) = ⇒ makes things simpler or n gets adopted by its closest visible ancestor = ⇒ more expressive � � docs docs � � paper paper � � � name files name version � number files prev version files number V iew ( Q 0 , t ) A document t � D 0 Benoˆ ıt Groz (Mostrare) XML Security Views PhD defense, October 2012 14 / 45

  20. (Security) views What happens when the parent of a visible node n is hidden? Two approaches: forbid this (upward-closed queries) = ⇒ makes things simpler or n gets adopted by its closest visible ancestor = ⇒ more expressive � � docs docs � � paper paper � � � name files name version � number files prev version files number V iew ( Q 0 , t ) A document t � D 0 Benoˆ ıt Groz (Mostrare) XML Security Views PhD defense, October 2012 14 / 45

  21. 3 selected pieces PB 1 (Queries): Determinacy and Query rewriting PB 2 (Updates): The view update problem PB 3 (Schema): check if a schema is “correct” w.r.t. W3C specifications Benoˆ ıt Groz (Mostrare) XML Security Views PhD defense, October 2012 15 / 45

  22. Outline 1 Context Modelization 2 Alignments VPAs Determinacy and Query rewriting 3 View update 4 Deterministic schema 5 Benoˆ ıt Groz (Mostrare) XML Security Views PhD defense, October 2012 16 / 45

  23. Queries, Views, and Updates as Alignment languages Representing a query with alignments Q 0 = ⇓ :: paper / (self ∪ ⇓ :: name ∪ ⇓ :: version / ⇓ :: files ) ( docs , docs ) ( paper , paperle ) ( name , name ) ( version , ε ) ( number , ε ) ( files , files ) ( prev , ε ) ( version , ε ) ( files , ε ) ( number , ε ) One alignment in Q 0 Queries only select: alphabet= { ( a , β ) | a ∈ Σ , β = a or β = ε } Views select or rename: alphabet= { ( a , β ) | a ∈ Σ , β ∈ Σ ∪ { ε }} Benoˆ ıt Groz (Mostrare) XML Security Views PhD defense, October 2012 17 / 45

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Views 2 Designing the user interface Roy Scholten hi Views . Views 2 Views 2 have you heard

Views 2 Designing the user interface Roy Scholten hi Views . Views 2 Views 2 have you heard

Views 2 Designing the user interface Roy Scholten hi Views . Views 2 Views 2 have you heard of it? Views 2 have you heard of it? (views 1) Problem: How to avoid the humongous scrolling form of death? ping Huh? Inventory round 1:

952 views • 76 slides
Disclaimers My personal views and opinions may not represent the position(s) of my employers.

Disclaimers My personal views and opinions may not represent the position(s) of my employers.

How to stop worrying about Application Container Security (v2) Brian Andrzejewski Information System Security Architect Twitter: @DevSecOpsGeer LinkedIn: https://www.linkedin.com/in/bandrzej Disclaimers My personal views and opinions may

526 views • 24 slides
Locking the Throne Room How ES5+ might change views on XSS and Client Side Security A

Locking the Throne Room How ES5+ might change views on XSS and Client Side Security A

Locking the Throne Room How ES5+ might change views on XSS and Client Side Security A presentation by Mario Heiderich, 2011 Introduction Mario Heiderich Researcher and PhD student at the Ruhr-University, Bochum Security Researcher

550 views • 40 slides
HL7 2.x Security Hacking medical devices Anirudh Duggal Disclaimer: All the views/ research

HL7 2.x Security Hacking medical devices Anirudh Duggal Disclaimer: All the views/ research

HL7 2.x Security Hacking medical devices Anirudh Duggal Disclaimer: All the views/ research done and presented is of my own and does not reflect my employer. Do not try this on a live environment. This can harm someone. #whoAmI Graduate

1.23k views • 46 slides
Security Will Martin World Bank Washington DC 2 December, 2011 The views expressed in this

Security Will Martin World Bank Washington DC 2 December, 2011 The views expressed in this

Agricultural Trade Policies &amp; Food Security Will Martin World Bank Washington DC 2 December, 2011 The views expressed in this presentation are those of the author only and not necessarily those of the World Bank Road Map Why do high

687 views • 31 slides
This Lecture General Database Security Privileges Database Security Granting

This Lecture General Database Security Privileges Database Security Granting

This Lecture General Database Security Privileges Database Security Granting Revoking Views Database Systems SQL Insertion Attacks Michael Pound Further Reading The Manga Guide to Databases, Chapter 5 Database

285 views • 7 slides
Lets Play Applanting... Ajit Hatti (Co-Founder) Null Open Security Community HELLO From

Lets Play Applanting... Ajit Hatti (Co-Founder) Null Open Security Community HELLO From

Lets Play Applanting... Ajit Hatti (Co-Founder) Null Open Security Community HELLO From INDIA (Technically) Disclaimer Personal Research Personal Views Doesn't represents views of my Employer. Vulnerabilities discussed in the paper

1.1k views • 36 slides
Updatable Security Views Nate Foster Benjamin Pierce Steve Zdancewic University of Pennsylvania

Updatable Security Views Nate Foster Benjamin Pierce Steve Zdancewic University of Pennsylvania

Updatable Security Views Nate Foster Benjamin Pierce Steve Zdancewic University of Pennsylvania IBM PLDay 09 2 2 Pennsylvania yanks voter site after data leak Passport applicant finds massive privacy breach Privacy issue

728 views • 40 slides
CS412 Software Security Web Security Mathias Payer EPFL, Spring 2019 Mathias Payer CS412

CS412 Software Security Web Security Mathias Payer EPFL, Spring 2019 Mathias Payer CS412

CS412 Software Security Web Security Mathias Payer EPFL, Spring 2019 Mathias Payer CS412 Software Security Web (and internet) security: two views Just a long running network service Complex application with multiple layers and components.

577 views • 47 slides
Disclaimer ! The%presenta6on%itself,%and%the%views% and%opinions%expressed%by%the%presenter%

Disclaimer ! The%presenta6on%itself,%and%the%views% and%opinions%expressed%by%the%presenter%

What%remains?%What%are%(really)%new? June%13,%2013 Shin%Adachi,% CISSP,&amp;CISM,&amp;CISA,&amp;PMP Lead%Security%Analyst,%NTT%I CoChair,%Educa6on%Commi8ee,%FIRST NTT%Innova7on%Ins7tute,%Inc. %Forum%of%Incident%Response%and%Security%Teams

451 views • 12 slides
Job Quality The views expressed in this presentation are the views of the presenter and do not

Job Quality The views expressed in this presentation are the views of the presenter and do not

Job Quality The views expressed in this presentation are the views of the presenter and do not necessarily represent the views of the Federal Reserve Bank of Boston or the Federal Reserve System. Strategies for improving employment outcomes

657 views • 9 slides
CS-5630 / CS-6630 Visualization Views Alexander Lex alex@sci.utah.edu [xkcd] Multiple Views

CS-5630 / CS-6630 Visualization Views Alexander Lex alex@sci.utah.edu [xkcd] Multiple Views

CS-5630 / CS-6630 Visualization Views Alexander Lex alex@sci.utah.edu [xkcd] Multiple Views Eyes over Memory: Trade-off of display space and working memory Linked Views Multiple Views that are simultaneously visible and lined together

358 views • 35 slides
Generic Views on Data Types Problem Towards a solution Generic Views Detour into GH The

Generic Views on Data Types Problem Towards a solution Generic Views Detour into GH The

Introduction Generic Views on Data Types Problem Towards a solution Generic Views Detour into GH The influence of S. Holdermans 1 J. Jeuring 1 oh 2 A. Rodriguez 1 A. L views Formal definition Validity Implementation 1 Department of

677 views • 56 slides
Tradeoff between Performance and Security Alessandro Aldini University of Urbino Carlo Bo

Tradeoff between Performance and Security Alessandro Aldini University of Urbino Carlo Bo

Tradeoff between Performance and Security Alessandro Aldini University of Urbino Carlo Bo Italy Foundations of Security Analysis and Design (FOSAD) 3 September 2011, Bertinoro Outline Introduction 1 Motivation Different Views of

865 views • 64 slides
Counting (on) views Page views on Wikipedia Christian Aistleitner christian@quelltextlich.at

Counting (on) views Page views on Wikipedia Christian Aistleitner christian@quelltextlich.at

Counting (on) views Page views on Wikipedia Christian Aistleitner christian@quelltextlich.at Linz, Austria FOSDEM, Brussels 1 st February 2014 Daily per article counts [SGS] C. Aistleitner Counting (on) views Page views on Wikipedia

301 views • 17 slides
(Regulatory) views on Biomarker defined Subgroups Norbert Benda Disclaimer: Views expressed in

(Regulatory) views on Biomarker defined Subgroups Norbert Benda Disclaimer: Views expressed in

(Regulatory) views on Biomarker defined Subgroups Norbert Benda Disclaimer: Views expressed in this presentation are the author's personal views and not necessarily the views of BfArM Biomarker defined subgroups Using (genetic) biomarkers to

682 views • 23 slides
Random Statistics 60% of all Americans play video games In 2000, 35% of Americans rated

Random Statistics 60% of all Americans play video games In 2000, 35% of Americans rated

The Game Development Process Introduction Outline Game Business Overview Stats Shape Overview of Game Development Players Game Companies Developers and Publishers Timeline Examples 1 Random Statistics

522 views • 31 slides
LOGOTYPE Lorem Ipsum is simply dummy text of the printing and typesetting industry. ABOUT US Lorem

LOGOTYPE Lorem Ipsum is simply dummy text of the printing and typesetting industry. ABOUT US Lorem

LOGOTYPE Lorem Ipsum is simply dummy text of the printing and typesetting industry. ABOUT US Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry's standard dummy text ever since the 1500s,

560 views • 10 slides
1 Entertainment Entertainment Games: Halo 3, Bungie 2007 Movies: Brave, Pixar 2012 Lighting

1 Entertainment Entertainment Games: Halo 3, Bungie 2007 Movies: Brave, Pixar 2012 Lighting

Goals Computer Graphics Systems: Write complex 3D graphics programs (real-time scene in OpenGL, offline raytracer) CSE 167 [Win 19], Lecture 1: Overview and History Theory: Mathematical aspects and algorithms Ravi Ramamoorthi underlying

361 views • 7 slides
1 Entertainment Lighting Simulation Entertainment Lighting Simulation Interior Design

1 Entertainment Lighting Simulation Entertainment Lighting Simulation Interior Design

Goals Goals Foundations of Computer Graphics Foundations of Computer Graphics Systems: Write complex 3D graphics programs (Spring 2012) (Spring 2012) (real-time scene in OpenGL, offline raytracer) CS 184, Lecture 1: Overview and History

469 views • 7 slides
SAD BASICS Technology MohammadAmin Fazli 1-2 A FRAMEWORK FOR SYSTEMS ANALYSIS AND DESIGN A

SAD BASICS Technology MohammadAmin Fazli 1-2 A FRAMEWORK FOR SYSTEMS ANALYSIS AND DESIGN A

System Analysis &amp; Design Course Sharif University of SAD BASICS Technology MohammadAmin Fazli 1-2 A FRAMEWORK FOR SYSTEMS ANALYSIS AND DESIGN A system is a group of interrelated components that function together to achieve a desired

843 views • 44 slides
02.11.17 Overseas Sales Strategy, E-Commerce Company Ken Kayama Intro to Japanese EC market

02.11.17 Overseas Sales Strategy, E-Commerce Company Ken Kayama Intro to Japanese EC market

02.11.17 Overseas Sales Strategy, E-Commerce Company Ken Kayama Intro to Japanese EC market Preferences and behavior of Japanese consumers Rakuten Group Introduction Rakuten Ichiba (marketplace) Introduction Overview of Rakutens Cross

929 views • 51 slides
Demystifying SEO for Government Agencies Demystifying SEO for Government Agencies Why should you

Demystifying SEO for Government Agencies Demystifying SEO for Government Agencies Why should you

Drupal GovCon 2018 Demystifying SEO for Government Agencies Demystifying SEO for Government Agencies Why should you listen me? Jason Hamrick Senior Strategist Phase2 jhamrick@phase2technology.com Demystifying SEO for Government Agencies 2

418 views • 26 slides
CS/COE 1520 pitt.edu/~ach54/cs1520 HTTP Overview and a Brief Introduction to Networking Render!

CS/COE 1520 pitt.edu/~ach54/cs1520 HTTP Overview and a Brief Introduction to Networking Render!

CS/COE 1520 pitt.edu/~ach54/cs1520 HTTP Overview and a Brief Introduction to Networking Render! 2 X I'd like to see X Gimme X 3 HTTP: the HyperText Transfer Protocol Originally developed by Sir Tim HTTP v1.0 standard presented

548 views • 20 slides

More recommend