ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
XML document security based on provisional authorization
Full text PdfPdf (457 KB)
Source Conference on Computer and Communications Security archive
Proceedings of the 7th ACM conference on Computer and communications security table of contents
Athens, Greece
Pages: 87 - 96  
Year of Publication: 2000
ISBN:1-58113-203-4
Authors
Michiharu Kudo  IBM Research, Tokyo Research Laboratory, 1623-14 Shimotsuruma Yamato-shi, Kanagawa-ken, 242-8502, Japan
Satoshi Hada  IBM Research, Tokyo Research Laboratory, 1623-14 Shimotsuruma Yamato-shi, Kanagawa-ken, 242-8502, Japan
Sponsors
Greek Com Soc : Greek Computer Society
SIGSAC: ACM Special Interest Group on Security, Audit, and Control
Athens U of Econ & Business : Athens University of Economics and Business
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 13,   Downloads (12 Months): 104,   Citation Count: 65
Additional Information:

references   cited by   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/352600.352613
What is a DOI?

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
T. Bray et al. "Extensible Markup Language (XML) 1.0," World Wide Web Consortium (W3C), http://www.w3.org/TR/REC-xml (February, 1998).
 
2
Hiroshi Maruyama , Kent Tamura , Naohiko Uramoto , Kento Tamura, XML and Java: Developing Web Applications, Addison-Wesley Longman Publishing Co., Inc., Boston, MA, 1999
 
3
M. Bartel et al. "XML-Signature Syntax and Processing," http://www.w3.org/TR/xmldsig-core, W3C Working Draft (Feb, 2000).
 
4
alphaWorks, "XML Security Suite," http://www.alphaWorks.com/tech/xmlsecuritysuite (1999).
 
5
Dorothy Elizabeth Rob Denning, Cryptography and Data Security, Addison-Wesley Longman Publishing Co., Inc., Boston, MA, 1982
 
6
Silvana Castano , Maria Grazia Fugini , Giancarlo Martella , Pierangela Samarati, Database security, ACM Press/Addison-Wesley Publishing Co., New York, NY, 1995
7
Thomas Y. C. Woo , Simon S. Lam, A framework for distributed authorization, Proceedings of the 1st ACM conference on Computer and communications security, p.112-118, November 03-05, 1993, Fairfax, Virginia, United States  [doi>10.1145/168588.168603]
 
8
Sushil Jajodia , Pierangela Samarati , V. S. Subrahmanian, A Logical Language for Expressing Authorizations, Proceedings of the 1997 IEEE Symposium on Security and Privacy, p.31, May 04-07, 1997
9
Sushil Jajodia , Pierangela Samarati , V. S. Subrahmanian , Eliza Bertino, A unified framework for enforcing multiple access control policies, Proceedings of the 1997 ACM SIGMOD international conference on Management of data, p.474-485, May 11-15, 1997, Tucson, Arizona, United States
 
10
Ernesto Damiani , Sabrina De Capitani di Vimercati , Stefano Paraboschi , Pierangela Samarati, Securing XML Documents, Proceedings of the 7th International Conference on Extending Database Technology: Advances in Database Technology, p.121-135, March 27-31, 2000
 
11
Matt Blaze , Joan Feigenbaum , Jack Lacy, Decentralized Trust Management, Proceedings of the 1996 IEEE Symposium on Security and Privacy, p.164, May 06-08, 1996
 
12
Matt Blaze , Joan Feigenbaum , Angelos D. Keromytis, KeyNote: Trust Management for Public-Key Infrastructures (Position Paper), Proceedings of the 6th International Workshop on Security Protocols, p.59-63, April 15-17, 1998
 
13
Object Management Group, "Security Service Specification," In CORBA services: Common Object Services Specification, Chapter 15 (November 1997).
 
14
Günter Karjoth, Authorization in CORBA Security, Proceedings of the 5th European Symposium on Research in Computer Security, p.143-158, September 16-18, 1998
 
15
SecureWay Policy Director, http://www-4.ibm.com/software/security/policy/
 
16
J. G. Stener, B. C. Neuan, and J. I. Schiller, "Kerberos: An Authentication Service for Open Network Systems," Proc. USENIX Conference (Feb. 1998).
 
17
Amir Herzberg , Yosi Mass , Joris Michaeli , Yiftach Ravid , Dalit Naor, Access Control Meets Public Key Infrastructure, Or: Assigning Roles to Strangers, Proceedings of the 2000 IEEE Symposium on Security and Privacy, p.2, May 14-17, 2000
 
18
ISO/IEC 10181-3, "The Access Control Framework"
 
19
Dorothy E. Denning, An intrusion-detection model, IEEE Transactions on Software Engineering, v.13 n.2, p.222-232, Feb. 1987  [doi>10.1109/TSE.1987.232894]
 
20
World Wide Web Consortium (W3C), "XML Path Language (XPath) Version 1.0," http://www.w3.org/TR/PR-xpath19991008," (October 1999).
 
21
Elisa Bertino , Francesco Buccafurri , Elena Ferrari , Pasquale Rullo, An Authorization Model and Its Formal Semantics, Proceedings of the 5th European Symposium on Research in Computer Security, p.127-142, September 16-18, 1998
 
22
J. Clark, "XSL Transformations (XSLT) Version 1.0," W3C Recommendation, http://www.w3.org/TR/xslt (November, 1999).

CITED BY  65
Ernesto Damiani , Sabrina De Capitani di Vimercati , Stefano Paraboschi , Pierangela Samarati, Fine grained access control for SOAP E-services, Proceedings of the 10th international conference on World Wide Web, p.504-513, May 01-05, 2001, Hong Kong, Hong Kong
Duminda Wijesekera , Sushil Jajodia, A propositional policy algebra for access control, ACM Transactions on Information and System Security (TISSEC), v.6 n.2, p.286-325, May 2003
Sabrina De Capitani di Vimercati, An authorization model for temporal XML documents, Proceedings of the 2002 ACM symposium on Applied computing, March 11-14, 2002, Madrid, Spain
Csilla Farkas , Sushil Jajodia, The inference problem: a survey, ACM SIGKDD Explorations Newsletter, v.4 n.2, p.6-11, December 2002
Airi Salminen , Frank Wm. Tompa, Requirements for XML document database systems, Proceedings of the 2001 ACM Symposium on Document engineering, November 09-10, 2001, Atlanta, Georgia, USA
Makoto Murata , Akihiko Tozawa , Michiharu Kudo , Satoshi Hada, XML access control using static analysis, Proceedings of the 10th ACM conference on Computer and communications security, October 27-30, 2003, Washington D.C., USA
Alban Gabillon , Emmanuel Bruno, Regulating access to XML documents, Proceedings of the fifteenth annual working conference on Database and application security, p.299-314, July 15-18, 2001, Niagara, Ontario, Canada
Mingfei Jiang , Ada Wai-Chee Fu, Integration and Efficient Lookup of Compressed XML Accessibility Maps, IEEE Transactions on Knowledge and Data Engineering, v.17 n.7, p.939-953, July 2005
Ernesto Damiani , Sabrina De Capitani di Vimercati , Pierangela Samarati, Towards securing XML Web services, Proceedings of the 2002 ACM workshop on XML security, November 22-22, 2002, Fairfax, VA
Béatrice Finance , Saïda Medjdoub , Philippe Pucheral, The case for access control on XML relationships, Proceedings of the 14th ACM international conference on Information and knowledge management, October 31-November 05, 2005, Bremen, Germany
K. Komathy , V. Ramachandran , P. Vivekanandan, Security for XML messaging services: a component-based approach, Journal of Network and Computer Applications, v.26 n.2, p.197-211, April 2003
Sushil Jajodia , Duminda Wijesekera, Recent advances in access control models, Proceedings of the fifteenth annual working conference on Database and application security, p.3-15, July 15-18, 2001, Niagara, Ontario, Canada
Vijayalakshmi Atluri , Nabil Adam , Ahmed Gomaa , Igg Adiwijaya, Self-manifestation of composite multimedia objects to satisfy security constraints, Proceedings of the 2003 ACM symposium on Applied computing, March 09-12, 2003, Melbourne, Florida
Sylvia Osborn , Bhavani Thuraisingham , Pierangela Samarati, Panel on XML and security, Proceedings of the fifteenth annual working conference on Database and application security, p.317-323, July 15-18, 2001, Niagara, Ontario, Canada
Hristo Koshutanski , Fabio Massacci, An access control framework for business processes for web services, Proceedings of the 2003 ACM workshop on XML security, October 31-31, 2003, Fairfax, Virginia
Vaibhav Gowadia , Csilla Farkas, RDF metadata for XML access control, Proceedings of the 2003 ACM workshop on XML security, October 31-31, 2003, Fairfax, Virginia
Chung-Hwan Lim , Seog Park , Sang H. Son, Access control of XML documents considering update operations, Proceedings of the 2003 ACM workshop on XML security, October 31-31, 2003, Fairfax, Virginia
Reiner Kraft, Designing a distributed access control processor for network services on the Web, Proceedings of the 2002 ACM workshop on XML security, November 22-22, 2002, Fairfax, VA
Gleb Naumovich , Paolina Centonze, Static analysis of role-based access control in J2EE applications, ACM SIGSOFT Software Engineering Notes, v.29 n.5, September 2004
Siddhartha K. Goel , Chris Clifton , Arnon Rosenthal, Derived access control specification for XML, Proceedings of the 2003 ACM workshop on XML security, October 31-31, 2003, Fairfax, Virginia
Ting Yu , Divesh Srivastava , Laks V. S. Lakshmanan , H. V. Jagadish, A compressed accessibility map for XML, ACM Transactions on Database Systems (TODS), v.29 n.2, p.363-402, June 2004
Jaehong Park , Ravi Sandhu, The UCONABC usage control model, ACM Transactions on Information and System Security (TISSEC), v.7 n.1, p.128-174, February 2004
Bo Luo , Dongwon Lee , Wang-Chien Lee , Peng Liu, QFilter: fine-grained run-time XML access control via NFA-based query rewriting, Proceedings of the thirteenth ACM international conference on Information and knowledge management, November 08-13, 2004, Washington, D.C., USA
Li Qin , Vijayalakshmi Atluri, Concept-level access control for the Semantic Web, Proceedings of the 2003 ACM workshop on XML security, October 31-31, 2003, Fairfax, Virginia
Jingzhu Wang , Sylvia L. Osborn, A role-based approach to access control for XML databases, Proceedings of the ninth ACM symposium on Access control models and technologies, June 02-04, 2004, Yorktown Heights, New York, USA
Li Yang , Raimund K. Ege , Huiqun Yu, Mediation security specification and enforcement for heterogeneous databases, Proceedings of the 2005 ACM symposium on Applied computing, March 13-17, 2005, Santa Fe, New Mexico
Mizuho Iwaihara , Somchai Chatvichienchai , Chutiporn Anutariya , Vilas Wuwongse, Relevancy based access control of versioned XML documents, Proceedings of the tenth ACM symposium on Access control models and technologies, June 01-03, 2005, Stockholm, Sweden
Liam Peyton , Max Nozin, Tracking privacy compliance in B2B networks, Proceedings of the 6th international conference on Electronic commerce, October 25-27, 2004, Delft, The Netherlands
Vijayalakshmi Atluri , Soon Ae Chun, An Authorization Model for Geospatial Data, IEEE Transactions on Dependable and Secure Computing, v.1 n.4, p.238-254, October 2004
Martín Abadi , Bogdan Warinschi, Security analysis of cryptographically controlled access to XML documents, Proceedings of the twenty-fourth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems, June 13-15, 2005, Baltimore, Maryland
Naren Kodali , Duminda Wijesekera, Regulating access to SMIL formatted pay-per-view movies, Proceedings of the 2002 ACM workshop on XML security, November 22-22, 2002, Fairfax, VA
Naizhen Qi , Michiharu Kudo , Jussi Myllymaki , Hamid Pirahesh, A function-based access control model for XML databases, Proceedings of the 14th ACM international conference on Information and knowledge management, October 31-November 05, 2005, Bremen, Germany
André Adelsbach , Markus Rohe , Ahmad-Reza Sadeghi, Towards multilateral secure digital rights distribution infrastructures, Proceedings of the 5th ACM workshop on Digital rights management, November 07-07, 2005, Alexandria, VA, USA
Shohei Yokoyama , Manabu Ohta , Kaoru Katayama , Hiroshi Ishikawa, An access control method based on the prefix labeling scheme for XML repositories, Proceedings of the sixteenth Australasian database conference, p.105-113, January 01, 2005, Newcastle, Australia
Jason Crampton, Applying hierarchical and role-based access control to XML documents, Proceedings of the 2004 workshop on Secure web service, p.37-46, October 29-29, 2004, Fairfax, Virginia
Sabrina De Capitani di Vimercati , Stefania Marrara , Pierangela Samarati, An access control model for querying XML data, Proceedings of the 2005 workshop on Secure web services, November 11-11, 2005, Fairfax, VA, USA
Andrei Stoica , Csilla Farkas, Ontology guided XML security engine, Journal of Intelligent Information Systems, v.23 n.3, p.209-223, November 2004
Paul Ashley , Satoshi Hada , Günter Karjoth , Matthias Schunter, E-P3P privacy policies and privacy authorization, Proceedings of the 2002 ACM workshop on Privacy in the Electronic Society, p.103-109, November 21-21, 2002, Washington, DC
Alban Gabillon, An authorization model for XML databases, Proceedings of the 2004 workshop on Secure web service, p.16-28, October 29-29, 2004, Fairfax, Virginia
Maggie Duong , Yanchun Zhang, An integrated access control for securely querying and updating XML data, Proceedings of the nineteenth conference on Australasian database, December 03-04, 2007, Gold Coast, Australia
Luc Bouganim , Francois Dang Ngoc , Philippe Pucheral, Dynamic access-control policies on XML encrypted data, ACM Transactions on Information and System Security (TISSEC), v.10 n.4, p.1-37, January 2008
Makoto Murata , Akihiko Tozawa , Michiharu Kudo , Satoshi Hada, XML access control using static analysis, ACM Transactions on Information and System Security (TISSEC), v.9 n.3, p.292-324, August 2006
Keith Irwin , Ting Yu , William H. Winsborough, On the modeling and analysis of obligations, Proceedings of the 13th ACM conference on Computer and communications security, October 30-November 03, 2006, Alexandria, Virginia, USA
Amit Jain , Csilla Farkas, Secure resource description framework: an access control model, Proceedings of the eleventh ACM symposium on Access control models and technologies, June 07-09, 2006, Lake Tahoe, California, USA
Paolina Centonze , Gleb Naumovich , Stephen J. Fink , Marco Pistoia, Role-Based access control consistency validation, Proceedings of the 2006 international symposium on Software testing and analysis, July 17-20, 2006, Portland, Maine, USA
Huaxin Zhang , Ning Zhang , Kenneth Salem , Donghui Zhuo, Compact access control labeling for efficient secure XML query evaluation, Data & Knowledge Engineering, v.60 n.2, p.326-344, February, 2007
Mizuho Iwaihara , Ryotaro Hayashi , Somchai Chatvichienchai , Chutiporn Anutariya , Vilas Wuwongse, Relevancy-based access control and its evaluation on versioned XML documents, ACM Transactions on Information and System Security (TISSEC), v.10 n.1, p.3-es, February 2007
Luc Bouganim , François Dang Ngoc , Philippe Pucheral, Client-based access control management for XML documents, Proceedings of the Thirtieth international conference on Very large data bases, p.84-95, August 31-September 03, 2004, Toronto, Canada
SungRan Cho , Sihem Amer-Yahia , Laks V. S. Lakshmanan , Divesh Srivastava, Optimizing the secure evaluation of twig queries, Proceedings of the 28th international conference on Very Large Data Bases, p.490-501, August 20-23, 2002, Hong Kong, China
Claudio Bettini , Sushil Jajodia , X. Sean Wang , Duminda Wijesekera, Provisions and obligations in policy management and security applications, Proceedings of the 28th international conference on Very Large Data Bases, p.502-513, August 20-23, 2002, Hong Kong, China
Nabil Adam , Ahmet Kozanoglu , Aabhas Paliwal , Basit Shafiq, Secure Information Sharing in a Virtual Multi-Agency Team Environment, Electronic Notes in Theoretical Computer Science (ENTCS), 179, p.97-109, July, 2007
M. Pistoia , S. Chandra , S. J. Fink , E. Yahav, A survey of static analysis methods for identifying security vulnerabilities in software systems, IBM Systems Journal, v.46 n.2, p.265-288, April 2007
Marco Pistoia , Stephen J. Fink , Robert J. Flynn , Eran Yahav, When Role Models Have Flaws: Static Validation of Enterprise Security Policies, Proceedings of the 29th International Conference on Software Engineering, p.478-488, May 20-26, 2007
L. Seitz , E. Rissanen , T. Sandholm , B. S. Firozabadi , O. Mulmo, Policy Administration Control and Delegation Using XACML and Delegent, Proceedings of the 6th IEEE/ACM International Workshop on Grid Computing, p.49-54, November 13-14, 2005
Mark Turner , Fujun Zhu , Ioannis Kotsiopoulos , Michelle Russell , David Budgen , Keith Bennett , Pearl Brereton , John Keane , Paul Layzell , Michael Rigby, Using Web Service Technologies to Create an Information Broker: An Experience Report, Proceedings of the 26th International Conference on Software Engineering, p.552-561, May 23-28, 2004
Claudio Bettini , Sushil Jajodia , X. Sean Wang , Duminda Wijesekera, Provisions and Obligations in Policy Rule Management, Journal of Network and Systems Management, v.11 n.3, p.351-372, September 2003
Somchai Chatvichienchai , Mizuho Iwaihara , Yahiko Kambayashi, Authorization Translation for XML Document Transformation, World Wide Web, v.7 n.1, p.111-138, March 2004
Martín Abadi , Bogdan Warinschi, Security analysis of cryptographically controlled access to XML documents, Journal of the ACM (JACM), v.55 n.2, p.1-29, May 2008
Alapan Arnab , Andrew Hutchison, Persistent access control: a formal model for drm, Proceedings of the 2007 ACM workshop on Digital Rights Management, October 29-29, 2007, Alexandria, Virginia, USA
Tsung-Yi Chen, Knowledge sharing in virtual enterprises via an ontology-based access control approach, Computers in Industry, v.59 n.5, p.502-519, May, 2008
Sarath Indrakanti , Vijay Varadharajan , Ritesh Agarwal, On the design, implementation and application of an authorisation architecture for web services, International Journal of Information and Computer Security, v.1 n.1/2, p.64-108, January 2007
Vijayalakshmi Atluri , Soon Ae Chun, A geotemporal role-based authorisation system, International Journal of Information and Computer Security, v.1 n.1/2, p.143-168, January 2007
Ernesto Damiani , Majirus Fansi , Alban Gabillon , Stefania Marrara, A general approach to securely querying XML, Computer Standards & Interfaces, v.30 n.6, p.379-389, August, 2008
Mustafa M. Kocatürk , Taflan İ. Gündem, A Fine-Grained Access Control System Combining MAC and RBACK Models for XML, Informatica, v.19 n.4, p.517-534, December 2008
Stefan Böttcher , Rita Hartel, Information disclosure by answers to XPath queries, Journal of Computer Security, v.17 n.1, p.69-99, January 2009

INDEX TERMS

Primary Classification:
  K. Computing Milieux
  K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS

Additional Classification:
  D. Software
  D.4 OPERATING SYSTEMS
      D.4.6 Security and Protection
          Subjects: Access controls

  I. Computing Methodologies
  I.7 DOCUMENT AND TEXT PROCESSING
      I.7.2 Document Preparation

          Nouns: XML


General Terms:
Design, Documentation, Languages, Performance, Security, Theory, Verification


Keywords:
XML, access control, provisional authorization, security transcoding

Collaborative Colleagues:
Michiharu Kudo: colleagues
Satoshi Hada: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player