Secure XML views

Recently more and more data is stored in XML format. While XML increases flexibility, it also raises new security challenges such as access control for multilevel security. This paper considers the problem of generating secure and free of semantic conflicts partial views from XML documents. In the context of DTD-based multilevel security classification, we develop techniques to generate single-level DTDs for partial views. For this purpose, we define and manipulate two graphs, a Minimum Semantic Conflict Graph (MSCG) and a Multi-Plane DTD Graph (MPG). MSCG contains all semantic relationships among the XML tags that must be preserved within any partial view. Intuitively, MSCG ensures the generated views will be free of semantic conflict. MPG captures the structural relationships among tags and their security classifications. We show that secure views can be generated from the first reduced form MPG(0) (i.e., an MPG that does not have edges outside the targeted security space), by ignoring unauthorized security planes. We define a set of procedures to restructure a general MPG into an MPG(0) according to the corresponding MSCG.