ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
The case for access control on XML relationships
Full text PdfPdf (392 KB)
Source Conference on Information and Knowledge Management archive
Proceedings of the 14th ACM international conference on Information and knowledge management table of contents
Bremen, Germany
SESSION: Paper session DB-2 (databases): security and privacy table of contents
Pages: 107 - 114  
Year of Publication: 2005
ISBN:1-59593-140-6
Authors
Béatrice Finance  PRiSM Laboratory, Versailles, France & INRIA Rocquencourt, Le Chesnay, France
Saïda Medjdoub  PRiSM Laboratory, Versailles, France & INRIA Rocquencourt, Le Chesnay, France
Philippe Pucheral  PRiSM Laboratory, Versailles, France & INRIA Rocquencourt, Le Chesnay, France
Sponsors
ACM: Association for Computing Machinery
SIGIR: ACM Special Interest Group on Information Retrieval
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 8,   Downloads (12 Months): 53,   Citation Count: 4
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1099554.1099576
What is a DOI?

ABSTRACT

With the emergence of XML as the de facto standard to exchange and disseminate information, the problem of regulating access to XML documents has attracted a considerable attention in recent years. Existing models attach authorizations to nodes of an XML document but disregard relationships between them. However, ancestor and sibling relationships may reveal information as sensitive as the one carried out by the nodes themselves (e.g., classification). This paper advocates the integration of relationships as first class citizen in the access control models for XML and makes the following contributions. First, it characterizes important relationship authorizations and identifies the mechanisms required to translate them accurately in an authorized view of a source document. Second, it introduces a rule-based formulation for expressing these classes of relationship authorizations and defines an associated conflict resolution strategy. Rather than being yet-another XML access control model, the proposed approach allows a seamless integration of relationship authorizations in existing XML access control model.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Elisa Bertino , M. Braun , Silvana Castano , Elena Ferrari , Marco Mesiti, Author-X: A Java-Based System for XML Data Protection, Proceedings of the IFIP TC11/ WG11.3 Fourteenth Annual Working Conference on Database Security: Data and Application Security, Development and Directions, p.15-26, August 21-23, 2000
 
2
Elisa Bertino , Silvana Castano , Elena Ferrari , Marco Mesiti, Specifying and enforcing access control policies for XML document sources, World Wide Web, v.3 n.3, p.139-151, 2000  [doi>10.1023/A:1019289831564]
3
Elisa Bertino , Elena Ferrari, Secure and selective dissemination of XML documents, ACM Transactions on Information and System Security (TISSEC), v.5 n.3, p.290-331, August 2002  [doi>10.1145/545186.545190]
 
4
Bettini, C., Wang, X.S., Jajodia, S. Identifying Sensitive Associations in Databases for Release Control. In Proc. Of SDM:VLDB Workshop. 2004.
 
5
Birget, J., Zou, X., Noubir, G., Ramamurthy, B. Hierarchy-Based Access Control in Distributed Environments, IEEE ICC, 2001.
 
6
Bouganim, L., Dang-Ngoc, F., Pucheral, P. Client-Based Access Control Management for XML Documents, VLDB, 2004.
 
7
Cho, S., Amer-Yahia, S. , Lakshmanan, L., and Srivastava, D. Optimizing the secure evaluation of twig queries, VLDB, 2002.
8
Ernesto Damiani , Sabrina De Capitani di Vimercati , Stefano Paraboschi , Pierangela Samarati, A fine-grained access control system for XML documents, ACM Transactions on Information and System Security (TISSEC), v.5 n.2, p.169-202, May 2002  [doi>10.1145/505586.505590]
 
9
European Directive 95/46/EC, "Protection of individuals with regard the processing of personal data",Official Journal L 281, 1995.
10
Wenfei Fan , Chee-Yong Chan , Minos Garofalakis, Secure XML querying with security views, Proceedings of the 2004 ACM SIGMOD international conference on Management of data, June 13-18, 2004, Paris, France  [doi>10.1145/1007568.1007634]
 
11
Finance, B, Medjdoub, S, Pucheral, P "The case of access control on XML Relationships" INRIA Technical Report, INRIA, France, 2005.
 
12
Alban Gabillon , Emmanuel Bruno, Regulating access to XML documents, Proceedings of the fifteenth annual working conference on Database and application security, p.299-314, July 15-18, 2001, Niagara, Ontario, Canada
13
Alban Gabillon, An authorization model for XML databases, Proceedings of the 2004 workshop on Secure web service, p.16-28, October 29-29, 2004, Fairfax, Virginia  [doi>10.1145/1111348.1111351]
14
Vaibhav Gowadia , Csilla Farkas, RDF metadata for XML access control, Proceedings of the 2003 ACM workshop on XML security, October 31-31, 2003, Fairfax, Virginia  [doi>10.1145/968559.968567]
 
15
Michael Hitchens , Vijay Varadharajan, RBAC for XML Document Stores, Proceedings of the Third International Conference on Information and Communications Security, p.131-143, November 13-16, 2001
16
Michiharu Kudo , Satoshi Hada, XML document security based on provisional authorization, Proceedings of the 7th ACM conference on Computer and communications security, p.87-96, November 01-04, 2000, Athens, Greece  [doi>10.1145/352600.352613]
17
Gerome Miklau , Dan Suciu, Containment and equivalence for an XPath fragment, Proceedings of the twenty-first ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems, June 03-05, 2002, Madison, Wisconsin  [doi>10.1145/543613.543623]
 
18
Miklau, G., Suciu, D. Cryptographically Enforced Conditional Access for XML, WebDB, 2002.
19
Makoto Murata , Akihiko Tozawa , Michiharu Kudo , Satoshi Hada, XML access control using static analysis, Proceedings of the 10th ACM conference on Computer and communications security, October 27-30, 2003, Washington D.C., USA  [doi>10.1145/948109.948122]
 
20
OASIS standard, eXtensible Access Control Markup Language, http://www.oasis-open.org/committees/xacml, 2003.
21
Martin S. Olivier , Sebastiaan H. von Solms, A taxonomy for secure object-oriented databases, ACM Transactions on Database Systems (TODS), v.19 n.1, p.3-46, March 1994  [doi>10.1145/174638.174640]
 
22
The Privacy Act, 5 U.S.C. § 552a, 1974. http://www.usdoj.gov/04foia/ privstat.htm.
23
Indrakshi Ray , Indrajit Ray , Natu Narasimhamurthi, A cryptographic solution to implement access control in a hierarchy and more, Proceedings of the seventh ACM symposium on Access control models and technologies, June 03-04, 2002, Monterey, California, USA  [doi>10.1145/507711.507723]
 
24
United States Department of Health and Human Services, "HIPAA : Health Insurance Portability and Accountability Act", Public Law 104-191, 104th Congress, 1996. http://www.hhs.gov/ocr/hipaa/
25
Jingzhu Wang , Sylvia L. Osborn, A role-based approach to access control for XML databases, Proceedings of the ninth ACM symposium on Access control models and technologies, June 02-04, 2004, Yorktown Heights, New York, USA  [doi>10.1145/990036.990047]
 
26
Wang, Y., Tan, K.L. A Scalable XML Access Control System, WWW Conference (poster), 2001.

CITED BY  4
Luc Bouganim , Francois Dang Ngoc , Philippe Pucheral, Dynamic access-control policies on XML encrypted data, ACM Transactions on Information and System Security (TISSEC), v.10 n.4, p.1-37, January 2008
Hui Wang , Laks V. S. Lakshmanan, Efficient secure query evaluation over encrypted XML databases, Proceedings of the 32nd international conference on Very large data bases, September 12-15, 2006, Seoul, Korea
Sriram Mohan , Yuqing Wu, IPAC: an interactive approach to access control for semi-structured data, Proceedings of the 32nd international conference on Very large data bases, September 12-15, 2006, Seoul, Korea
Ernesto Damiani , Majirus Fansi , Alban Gabillon , Stefania Marrara, A general approach to securely querying XML, Computer Standards & Interfaces, v.30 n.6, p.379-389, August, 2008

INDEX TERMS

Primary Classification:
  D. Software
  D.4 OPERATING SYSTEMS
      D.4.6 Security and Protection
          Subjects: Access controls

Additional Classification:
  H. Information Systems
  H.2 DATABASE MANAGEMENT
      H.2.7 Database Administration
          Subjects: Security, integrity, and protection


General Terms:
Legal Aspects, Security


Keywords:
XML access control, XML relationship, data confidentiality, need-to-know and consent principles

Collaborative Colleagues:
Béatrice Finance: colleagues
Saïda Medjdoub: colleagues
Philippe Pucheral: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player