History-based access control for XML documents

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback
Take a look at the new version of this page: [ beta version ]. Tell us what you think.

History-based access control for XML documents

Full text

Pdf (138 KB)

Source

ASIAN ACM Symposium on Information, Computer and Communications Security archive
Proceedings of the 2nd ACM symposium on Information, computer and communications security table of contents

Singapore

SESSION: Short papers table of contents

Pages: 386 - 388

Year of Publication: 2007

ISBN:1-59593-574-6

Authors

Patrick Röder	Darmstadt University of Technology
Omid Tafreschi	Darmstadt University of Technology
Claudia Eckert	Darmstadt University of Technology

Sponsor

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 5, Downloads (12 Months): 28, Citation Count: 0

Additional Information:

abstract references index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1229285.1229336 What is a DOI?

ABSTRACT

XML is a widely used standard for information storage and exchange in today's IT systems. Therefore, it is essential to protect XML documents from unauthorized access. For this purpose, we present a model for access control for XML documents with three key features. First, we record the effects of the operations on the documents in a history, depending on which we can grant or deny access. Second, we use the history information to define permissions for the operations of our model including the transfer of document parts. Third, since the text content of an element can be composed of parts of text from different sources, we consider units smaller than the XML element as a protection unit. Therefore, we keep track of these parts and allow to define access to them individually.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	D. Bell and L. LaPadula. Secure Computer Systems: Mathematical Foundations and Model. Technical Report M74-244, The MITRE Corp., Bedfort, 1973.
	2	Elisa Bertino , Elena Ferrari, Secure and selective dissemination of XML documents, ACM Transactions on Information and System Security (TISSEC), v.5 n.3, p.290-331, August 2002 [doi>10.1145/545186.545190]
	3	F. D. Brewer and J. M. Nash. The Chinese Wall Security Policy. In IEEE Symposium on Security and Privacy. IEEE Computer Society Press, 1989.
	4	J. Clark and S. DeRose. XML path language (XPath) version 1.0. W3C recommendation, W3C, Nov. 1999. http://www.w3.org/TR/1999/REC-xpath-19991116.
	5	Ernesto Damiani , Sabrina De Capitani di Vimercati , Stefano Paraboschi , Pierangela Samarati, Securing XML Documents, Proceedings of the 7th International Conference on Extending Database Technology: Advances in Database Technology, p.121-135, March 27-31, 2000
	6	Ernesto Damiani , Sabrina De Capitani di Vimercati , Stefano Paraboschi , Pierangela Samarati, A fine-grained access control system for XML documents, ACM Transactions on Information and System Security (TISSEC), v.5 n.2, p.169-202, May 2002 [doi>10.1145/505586.505590]
	7	Irini Fundulaki , Maarten Marx, Specifying access control policies for XML documents with XPath, Proceedings of the ninth ACM symposium on Access control models and technologies, June 02-04, 2004, Yorktown Heights, New York, USA [doi>10.1145/990036.990046]
	8	L. A. Gordon, M. P. Loeb, W. Lucyshyn, and R. Richardson. 2005 CSI/FBI Computer Crime and Security Survey. Technical report, CSI, 2005.
	9	Ravi S. Sandhu , Edward J. Coyne , Hal L. Feinstein , Charles E. Youman, Role-Based Access Control Models, Computer, v.29 n.2, p.38-47, February 1996 [doi>10.1109/2.485845]