On specifying security policies for web documents with an XML-based language

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

On specifying security policies for web documents with an XML-based language

Full text

Pdf (290 KB)

Source

ACM Workshop on Role Based Access Control archive
Proceedings of the sixth ACM symposium on Access control models and technologies table of contents

Chantilly, Virginia, United States

Pages: 57 - 65

Year of Publication: 2001

ISBN:1-58113-350-2

Authors

Elisa Bertino	Univ. Degli Studi di Milano, Milan, Italy
Silvana Castano	Univ. Degli Studi di Milano, Milan, Italy
Elena Ferrari	Univ. Degli Studi di Milano, Milan, Italy

Sponsor

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 7, Downloads (12 Months): 76, Citation Count: 24

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/373256.373264 What is a DOI?

ABSTRACT

The rapid growth of the Web and the ease with which data can be accessed facilitate the distribution and sharing of information. Information dissemination often takes the form of documents that are made available at Web servers, or that are actively broadcasted by Web servers to interested clients. In this paper, we present an XML-compliant formalism for specifying security-related information for Web document protection. In particular, we introduceX-Sec, an XML-based language for specifying subject credentials and security policies and for organizing them into subject profiles and policy bases, respectively. The language is complemented by a set of subscription-based schemes for accessing distributed Web documents, which rely on defined XML subject profiles and XML policy bases.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Elisa Bertino , Silvana Castano , Elena Ferrari , Marco Mesiti, Specifying and enforcing access control policies for XML document sources, World Wide Web, v.3 n.3, p.139-151, 2000 [doi>10.1023/A:1019289831564]
	2	Elisa Bertino , Silvana Castano , Elena Ferrari, Securing XML documents: the author-X project demonstration, Proceedings of the 2001 ACM SIGMOD international conference on Management of data, p.605, May 21-24, 2001, Santa Barbara, California, United States
	3	E. Bertino, S. Castano, and E. Ferrari. Author-X: a Comprehensive System for Securing XML Documents. Techical Report, DSI - University of Milano, submitted for publication.
	4	Matt Blaze , Joan Feigenbaum , Jack Lacy, Decentralized Trust Management, Proceedings of the 1996 IEEE Symposium on Security and Privacy, p.164, May 06-08, 1996
	5	Silvana Castano , Maria Grazia Fugini , Giancarlo Martella , Pierangela Samarati, Database security, ACM Press/Addison-Wesley Publishing Co., New York, NY, 1995
	6	Silvana Castano , Valeria De Antonellis, A Discovery-Based Approach to Database Ontology Design, Distributed and Parallel Databases, v.7 n.1, p.67-98, January 1999 [doi>10.1023/A:1008686328306]
	7	H. Gladney and J. Lotspiech. Safeguarding Digital Library Contents and Users: Assuring Convenient Security and Data Quality. D-lib Magazine, May 1997.
	8	Amir Herzberg , Yosi Mass, Relying Party Credentials Framework, Proceedings of the 2001 Conference on Topics in Cryptology: The Cryptographer's Track at RSA, p.328-343, April 08-12, 2001
	9	Amir Herzberg , Yosi Mass , Joris Michaeli , Yiftach Ravid , Dalit Naor, Access Control Meets Public Key Infrastructure, Or: Assigning Roles to Strangers, Proceedings of the 2000 IEEE Symposium on Security and Privacy, p.2, May 14-17, 2000
	10	C. Geuer Pollmann. The XML Security Page. http://www.nue.et-inf.uni-siegen.de/~ geuerpollmann/xml security.html
	11	J. Park, R. Sandhu and G.J. Ahn. Secure Attribute Services on the Web. ACM TISSEC (to appear), 2000.
	12	William Stallings, Network Security Essentials: Applications and Standards, Prentice Hall PTR, Upper Saddle River, NJ, 1999
	13	W. Winsborough, K. Seamons, V. Jones. Automated Trust Negotiation. DARPA Information Survivability Conference and Exposition (DISCEX'2000), January, 2000.
	14	M. Winslett , N. Ching , V. Jones , I. Slepchin, Using digital credentials on the World Wide Web, Journal of Computer Security, v.5 n.3, p.255-267, June 1997
	15	Word Wide Web Consortium. XML Path Language (Xpath), 1.0, 1999. W3C Recommendation. Available at http://www.w3.org/TR/xpath.
	16	Word Wide Web Consortium. Extensible Markup Language (XML) 1.0, 1998. Available at http://www.w3.org/TR/REC-xml

CITED BY 24

	David W. Chadwick , Alexander Otenko, The PERMIS X.509 role based privilege management infrastructure, Future Generation Computer Systems, v.19 n.2, p.277-289, February 2003
	David W. Chadwick , Alexander Otenko , Edward Ball, Role-Based Access Control With X.509 Attribute Certificates, IEEE Internet Computing, v.7 n.2, p.62-69, March 2003
	Adam Hess , Jason Holt , Jared Jacobson , Kent E. Seamons, Content-triggered trust negotiation, ACM Transactions on Information and System Security (TISSEC), v.7 n.3, p.428-456, August 2004
	Elisa Bertino , Silvana Castano , Elena Ferrari, Securing XML Documents with Author-X, IEEE Internet Computing, v.5 n.3, p.21-31, May 2001
	Elisa Bertino , Elena Ferrari, Secure and selective dissemination of XML documents, ACM Transactions on Information and System Security (TISSEC), v.5 n.3, p.290-331, August 2002
	Elisa Bertino , Giovanni Mella , Gianluca Correndo , Elena Ferrari, An infrastructure for managing secure update operations on XML data, Proceedings of the eighth ACM symposium on Access control models and technologies, June 02-03, 2003, Como, Italy
	Hristo Koshutanski , Fabio Massacci, An access control framework for business processes for web services, Proceedings of the 2003 ACM workshop on XML security, October 31-31, 2003, Fairfax, Virginia
	E. Bertino , E. Ferrari , G. Mella, An approach to cooperative updates of XML documents in distributed systems, Journal of Computer Security, v.13 n.2, p.191-242, March 2005
	Marina Bykova , Mikhail Atallah, Succinct specifications of portable document access policies, Proceedings of the ninth ACM symposium on Access control models and technologies, June 02-04, 2004, Yorktown Heights, New York, USA
	Elisa Bertino , Silvana Castano , Elena Ferrari , Marco Mesiti, Protection and administration of XML data sources, Data & Knowledge Engineering, v.43 n.3, p.237-260, December 2002
	Li Qin , Vijayalakshmi Atluri, Concept-level access control for the Semantic Web, Proceedings of the 2003 ACM workshop on XML security, October 31-31, 2003, Fairfax, Virginia
	Irini Fundulaki , Maarten Marx, Specifying access control policies for XML documents with XPath, Proceedings of the ninth ACM symposium on Access control models and technologies, June 02-04, 2004, Yorktown Heights, New York, USA
	Elisa Bertino , Barbara Carminati , Elena Ferrari , Bhavani Thuraisingham , Amar Gupta, Selective and Authentic Third-Party Distribution of XML Documents, IEEE Transactions on Knowledge and Data Engineering, v.16 n.10, p.1263-1278, October 2004
	Marina Blanton , Mikhail J. Atallah, Provable bounds for portable and flexible privacy-preserving access, Proceedings of the tenth ACM symposium on Access control models and technologies, June 01-03, 2005, Stockholm, Sweden
	Halvard Skogsrud , Boualem Benatallah , Fabio Casati, Model-Driven Trust Negotiation for Web Services, IEEE Internet Computing, v.7 n.6, p.45-52, November 2003
	Adam Hess , Kent E. Seamons, An access control model for dynamic client-side content, Proceedings of the eighth ACM symposium on Access control models and technologies, June 02-03, 2003, Como, Italy
	Junqi Zhang , Vijay Varadharajan , Yi Mu, Secure distribution and access of XML documents, International Journal of High Performance Computing and Networking, v.3 n.5/6, p.356-365, March 2005
	Keith Irwin , Ting Yu , William H. Winsborough, On the modeling and analysis of obligations, Proceedings of the 13th ACM conference on Computer and communications security, October 30-November 03, 2006, Alexandria, Virginia, USA
	Giovanni Mella , Elena Ferrari , Elisa Bertino , Yunhua Koglin, Controlled and cooperative updates of XML documents in byzantine and failure-prone distributed systems, ACM Transactions on Information and System Security (TISSEC), v.9 n.4, p.421-460, November 2006
	Divesh Srivastava , Yannis Velegrakis, Intensional associations between data and metadata, Proceedings of the 2007 ACM SIGMOD international conference on Management of data, June 11-14, 2007, Beijing, China
	L. Seitz , E. Rissanen , T. Sandholm , B. S. Firozabadi , O. Mulmo, Policy Administration Control and Delegation Using XACML and Delegent, Proceedings of the 6th IEEE/ACM International Workshop on Grid Computing, p.49-54, November 13-14, 2005
	Marina Blanton , Mikhail Atallah, Succinct representation of flexible and privacy-preserving access rights, The VLDB Journal — The International Journal on Very Large Data Bases, v.15 n.4, p.334-354, November 2006
	Stefan Böttcher , Rita Hartel, Information disclosure by answers to XPath queries, Journal of Computer Security, v.17 n.1, p.69-99, January 2009
	P. Mazzoleni , B. Crispo , S. Sivasubramanian , E. Bertino, Efficient integration of fine-grained access control and resource brokering in grid, The Journal of Supercomputing, v.49 n.1, p.108-126, July 2009