Model driven development of secure XML databases

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Model driven development of secure XML databases

Full text

Pdf (153 KB)

Source

ACM SIGMOD Record archive
Volume 35 , Issue 3 (September 2006) table of contents

Pages: 22 - 27

Year of Publication: 2006

ISSN:0163-5808

Authors

Belén Vela	Rey Juan Carlos University, Madrid, Spain
Eduardo Fernández-Medina	University of Castilla-La Mancha. Paseo de la Universidad, Ciudad Real, Spain
Esperanza Marcos	Rey Juan Carlos University, Madrid, Spain
Mario Piattini	University of Castilla-La Mancha. Paseo de la Universidad, Ciudad Real, Spain

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 10, Downloads (12 Months): 111, Citation Count: 2

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1168092.1168095 What is a DOI?

ABSTRACT

In this paper, we propose a methodological approach for the model driven development of secure XML databases (DB). This proposal is within the framework of MIDAS, a model driven methodology for the development of Web Information Systems based on the Model Driven Architecture (MDA) proposed by the Object Management Group (OMG) [20]. The XML DB development process in MIDAS proposes using the data conceptual model as a Platform Independent Model (PIM) and the XML Schema model as a Platform Specific Model (PSM), with both of these represented in UML. In this work, such models will be modified, so as to be able to add security aspects if the stored information is considered as critical. On the one hand, the use of a UML extension to incorporate security aspects at the conceptual level of secure DB development (PIM) is proposed; on the other, the previously-defined XML schema profile will be modified, the purpose being to incorporate security aspects at the logical level of the secure XML DB development (PSM). In addition to all this, the semi-automatic mappings from PIM to PSM for secure XML DB will be defined.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Elisa Bertino , Ravi Sandhu, Database Security-Concepts, Approaches, and Challenges, IEEE Transactions on Dependable and Secure Computing, v.2 n.1, p.2-19, January 2005 [doi>10.1109/TDSC.2005.9]
	2	Elisa Bertino , Elena Ferrari, Secure and selective dissemination of XML documents, ACM Transactions on Information and System Security (TISSEC), v.5 n.3, p.290-331, August 2002 [doi>10.1145/545186.545190]
	3	Elisa Bertino , Silvana Castano , Elena Ferrari , Marco Mesiti, Specifying and enforcing access control policies for XML document sources, World Wide Web, v.3 n.3, p.139-151, 2000 [doi>10.1023/A:1019289831564]
	4	Ernesto Damiani , Sabrina De Capitani di Vimercati , Stefano Paraboschi , Pierangela Samarati, Securing XML Documents, Proceedings of the 7th International Conference on Extending Database Technology: Advances in Database Technology, p.121-135, March 27-31, 2000
	5	Premkumar T. Devanbu , Stuart Stubblebine, Software engineering for security: a roadmap, Proceedings of the Conference on The Future of Software Engineering, p.227-239, June 04-11, 2000, Limerick, Ireland [doi>10.1145/336512.336559]
	6	Gurpreet Dhillon , James Backhouse, Technical opinion: Information system security management in the new millennium, Communications of the ACM, v.43 n.7, p.125-128, July 2000 [doi>10.1145/341852.341877]
	7	Fernández-Medina, E. and Piattini M. Designing secure databases. Information & Software Technology 47(7), pp. 463--477. 2005
	8	Fernández-Medina, E. and Piattini, M. Extending OCL for Secure Database Design. In Int. Conference on the Unified Modeling Language (UML 2004). Lisbon (Portugal), October, 2004. Springer-Verlag, LNCS 3273, pp. 380--394. 2004.
	9	Fernández-Medina, E., Trujillo, J., Villarroel, R. and Piattini, M. Extending UML for Designing Secure Data Warehouses. In Conceptual Modeling (ER 2004). Shanghai (China). November, 2004. Springer Verlag. LNCS 3273, pp. 217--230.
	10	Fernández-Medina, E., Trujillo, J., Villarroel, R. and Piattini, M. Access Control and audit Model for the Multidimensional Modeling of Data Warehouses. Decision Support Systems. 2006 (In Press).
	11	Ferrari E. and Thuraisingham B., Secure Database Systems, in: M. Piattini, O. Díaz (Ed.), Advanced Databases: Technology Design. Artech House, 2000.
	12	Alban Gabillon , Emmanuel Bruno, Regulating access to XML documents, Proceedings of the fifteenth annual working conference on Database and application security, p.299-314, July 15-18, 2001, Niagara, Ontario, Canada
	13	Anup K. Ghosh , Chuck Howell , James A. Whittaker, Building Software Securely from the Ground Up, IEEE Software, v.19 n.1, p.14-16, January 2002 [doi>10.1109/MS.2002.976936]
	14	Hao He , Raymond K. Wong, A Role-Based Access Control Model for XML Repositories, Proceedings of the First International Conference on Web Information Systems Engineering (WISE'00)-Volume 1, p.138, June 19-20, 2000
	15	ISACF, Information Security Governance. Guidance for Boards of Directors and Executive Management, Information Systems Audit and Control Foundation, USA, 2001.
	16	Esperanza Marcos , P. Cáceres , B. Vela , José María Cavero, MIDAS/BD: A Methodological Framework for Web Database Design, Revised Papers from the HUMACS, DASWIS, ECOMO, and DAMA on ER 2001 Workshops, p.227-238, November 27-30, 2001
	17	Marcos, E., Vela, B. and Cavero J. M. Methodological Approach for Object-Relational Database Design using UML. Journal on Software and Systems Modeling (SoSyM). Springer-Verlag. Ed.: R. France and B. Rumpe. Vol. SoSyM 2, pp.59--72, 2003.
	18	Makoto Murata , Akihiko Tozawa , Michiharu Kudo , Satoshi Hada, XML access control using static analysis, Proceedings of the 10th ACM conference on Computer and communications security, October 27-30, 2003, Washington D.C., USA [doi>10.1145/948109.948122]
	19	OASIS. eXtensible Access Control Markup Language (XACML 2.0). Retrieved from: http://www.oasis-open.org.
	20	OMG. MDA Guide Version 1.0. Document number omg/2003-05-01. Ed.: Miller, J. and Mukerji, J. Retrieved from: http://www.omg.com/mda, 2003.
	21	OMG, Query/Views/Transformation RFP. 2002. Retrieved from: http://omg.org/ad/2002-4-10.
	22	Oracle Corporation. Oracle XML DB. Technical White Paper. Retrieved from: www.otn.com, 2003.
	23	Software AG. Tamino X-Query. System Documentation Version 3.1.1. Software AG, Darmstadt, Germany. Retrieved from: www.softwareag.com, 2001.
	24	Vela, B., Acuña, C. and Marcos, E. A Model Driven Approach for XML Database Development, 23rd. International Conference on Conceptual Modelling (ER2004). Shanghai (China), November, 2004. Springer Verlag, LNCS 3288, pp. 780--794. 2004.
	25	Utz Westermann , Wolfgang Klas, An analysis of XML database solutions for the management of MPEG-7 media descriptions, ACM Computing Surveys (CSUR), v.35 n.4, p.331-373, December 2003 [doi>10.1145/954339.954340]

CITED BY 2

	Geri Georg , Indrakshi Ray , Kyriakos Anastasakis , Behzad Bordbar , Manachai Toahchoodee , Siv Hilde Houmb, An aspect-oriented methodology for designing secure applications, Information and Software Technology, v.51 n.5, p.846-864, May, 2009
	Eduardo Fernández-Medina , Jan Jurjens , Juan Trujillo , Sushil Jajodia, Editorial: Model-Driven Development for secure information systems, Information and Software Technology, v.51 n.5, p.809-814, May, 2009