XML查询的推理审计

XML文档作为一种网上信息交换方式，其应用越来越广泛．信息发布的安全性给数据库带来新的挑战，目前一些安全策略以法律条文形式颁布，这要求采用有效的手段证实对XML文档的访问与安全策略的一致性．审计能达到这样的目的，但已有的审计方法只能对SQL查询结果进行审计，不能对XML文档查询——XQuery或Xpath进行审计，且蓄意破坏的用户可能通过对查询结果进行推理来访问敏感信息，这就要求对XQuery的审计必然同时具备推理能力．对此，首先提出了可靠而可行的XQuery审计方法、算法及相应查询图模型（QGM）；为使审计具备基本的推理能力，针对XML文档的几种典型约束，给出了推理审计方法、算法及相应查询图模型；实验结果表明，给出的XML查询推理审计框架切实可行．

Inference Auditing the XQuery of XML

XML(eXtensible Markup Language) is rapidly becoming the de facto standard for exchanging data between applications, and publishing data on the Web brings security database new challenges. Privacy principles are even being mandated internationally through legislations and guidelines, and this requires the secure database to verify that it adheres to its declared data disclosure policy. Auditing system satisfies the above desiderata well, but existed auditing system can only be used for SQL query and not fit for the XQuery or Xpath of XML. Moreover only auditing the result of XQuery is not enough, because malicious user can access sensitive information by inferring the result of XQuery. This demands the auditing system have the basic inference capacity. Firstly based on the existed auditing system, the authors propose their XQuery auditing system, and then they add the inference capacity to the audit framework. Their experiment results show the effectiveness and efficiency of the proposed XQuery audit method, algorithm, and the corresponding Query-Graph-Model.