Abstract
We consider information disclosure caused by answering queries to an XML database. We introduce an audit framework to determine ‘suspicious’ user queries, i.e. those queries that returned results being sufficient to derive disclosed secret information. We describe secret information in form of a secret query and provide a formal definition of ‘suspicious’ user queries based on what we call ‘readset fragments’, i.e. XML fragments that have been read to produce certain query result nodes. Our approach performs two steps to detect ‘suspicious’ user queries. First, we analyze the structure of user queries and of the secret query to exclude ‘non-suspicious’ queries. Second, we derive a formula from user query, query result and secret query, which is satisfiable if and only if the query is ‘non-suspicious’.
Get full access to this article
View all access options for this article.