Secure and selective dissemination of XML documents

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Secure and selective dissemination of XML documents

Full text

Pdf (678 KB)

Source

ACM Transactions on Information and System Security (TISSEC) archive
Volume 5 , Issue 3 (August 2002) table of contents

Pages: 290 - 331

Year of Publication: 2002

ISSN:1094-9224

Authors

Elisa Bertino	University of Milano, Milano, Italy
Elena Ferrari	University of Insubria, Como, Italy

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 12, Downloads (12 Months): 167, Citation Count: 41

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/545186.545190 What is a DOI?

ABSTRACT

XML (eXtensible Markup Language) has emerged as a prevalent standard for document representation and exchange on the Web. It is often the case that XML documents contain information of different sensitivity degrees that must be selectively shared by (possibly large) user communities. There is thus the need for models and mechanisms enabling the specification and enforcement of access control policies for XML documents. Mechanisms are also required enabling a secure and selective dissemination of documents to users, according to the authorizations that these users have. In this article, we make several contributions to the problem of secure and selective dissemination of XML documents. First, we define a formal model of access control policies for XML documents. Policies that can be defined in our model take into account both user profiles, and document contents and structures. We also propose an approach, based on an extension of the Cryptolope™ approach [Gladney and Lotspiech 1997], which essentially allows one to send the same document to all users, and yet to enforce the stated access control policies. Our approach consists of encrypting different portions of the same document according to different encryption keys, and selectively distributing these keys to the various users according to the access control policies. We show that the number of encryption keys that have to be generated under our approach is minimal and we present an architecture to support document distribution.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	N. R. Adam , V. Atluri , E. Bertino , E. Ferrari, A Content-Based Authorization Model for Digital Libraries, IEEE Transactions on Knowledge and Data Engineering, v.14 n.2, p.296-315, March 2002 [doi>10.1109/69.991718]
	2	Bertino, E., Carminati, B., Ferrari, E., Thuraisingam, B., and Gupta, A. 2002. Selective and authentic third-party distribution of XML documents. MIT Sloan Working Paper No. 4343-02.
	3	Elisa Bertino , Silvana Castano , Elena Ferrari, Securing XML Documents with Author-X, IEEE Internet Computing, v.5 n.3, p.21-31, May 2001 [doi>10.1109/4236.935172]
	4	Elisa Bertino , Silvana Castano , Elena Ferrari, On specifying security policies for web documents with an XML-based language, Proceedings of the sixth ACM symposium on Access control models and technologies, p.57-65, May 2001, Chantilly, Virginia, United States [doi>10.1145/373256.373264]
	5	Elisa Bertino , Silvana Castano , Elena Ferrari , Marco Mesiti, Specifying and enforcing access control policies for XML document sources, World Wide Web, v.3 n.3, p.139-151, 2000 [doi>10.1023/A:1019289831564]
	6	Bertino, E., and Ferrari, E. 2000. Secure and Selective Dissemination of XML Documents. Technical Report, Department of Computer Science, University of Milano (Extended version of this article.)
	7	Carminati, E. and Ferrari, E. 2002. Access control policy management for XML documents. Tech. Rep. Department of Computer Science, University of Milano, Milano, Italy, submitted for publication.
	8	Ernesto Damiani , Sabrina De Capitani di Vimercati , Stefano Paraboschi , Pierangela Samarati, Securing XML Documents, Proceedings of the 7th International Conference on Extending Database Technology: Advances in Database Technology, p.121-135, March 27-31, 2000
	9	Deutsch, A., Fernandez, M., Florescu, D., Levy, A., and Suciu, D. 1999. Securing XML documents. In Proceedings of the International Conference on World Wide Web, available at: http://www.research.att.com/suciu.
	10	E. B. Fernandez , E. Gudes , H. Song, A Model for Evaluation and Administration of Security in Object-Oriented Databases, IEEE Transactions on Knowledge and Data Engineering, v.6 n.2, p.275-292, April 1994 [doi>10.1109/69.277771]
	11	Gladney, H. and Lotspiech, J. 1997. Safeguarding digital library contents and users: Assuring convenient security and data quality. D-lib Mag.
	12	Amir Herzberg , Yosi Mass, Relying Party Credentials Framework, Proceedings of the 2001 Conference on Topics in Cryptology: The Cryptographer's Track at RSA, p.328-343, April 08-12, 2001
	13	Amir Herzberg , Yosi Mass , Joris Michaeli , Yiftach Ravid , Dalit Naor, Access Control Meets Public Key Infrastructure, Or: Assigning Roles to Strangers, Proceedings of the 2000 IEEE Symposium on Security and Privacy, p.2, May 14-17, 2000
	14	Tova Milo , Sagit Zohar, Using Schema Matching to Simplify Heterogeneous Data Translation, Proceedings of the 24rd International Conference on Very Large Data Bases, p.122-133, August 24-27, 1998
	15	OASIS Consortium. http://www.oasis-open.org.
	16	Sylvia Osborn , Yuxia Guo, Modeling users in role-based access control, Proceedings of the fifth ACM workshop on Role-based access control, p.31-37, July 26-28, 2000, Berlin, Germany [doi>10.1145/344287.344299]
	17	Fausto Rabitti , Elisa Bertino , Won Kim , Darrell Woelk, A model of authorization for next-generation database systems, ACM Transactions on Database Systems (TODS), v.16 n.1, p.88-131, March 1991 [doi>10.1145/103140.103144]
	18	Pierangela Samarati , Elisa Bertino , Sushil Jajodia, An Authorization Model for a Distributed Hypertext System, IEEE Transactions on Knowledge and Data Engineering, v.8 n.4, p.555-562, August 1996 [doi>10.1109/69.536249]
	19	Ravi S. Sandhu , Edward J. Coyne , Hal L. Feinstein , Charles E. Youman, Role-Based Access Control Models, Computer, v.29 n.2, p.38-47, February 1996 [doi>10.1109/2.485845]
	20	William Stallings, Network Security Essentials: Applications and Standards, Prentice Hall PTR, Upper Saddle River, NJ, 1999
	21	Tutorial 4: Directories: Managing Data for Networked Applications, Proceedings of the 16th International Conference on Data Engineering, p.697, February 28-March 03, 2000
	22	Rita C. Summers, Secure computing: threats and safeguards, McGraw-Hill, Inc., Hightstown, NJ, 1997
	23	M. Winslett , N. Ching , V. Jones , I. Slepchin, Using digital credentials on the World Wide Web, Journal of Computer Security, v.5 n.3, p.255-267, June 1997
	24	World Wide Web Consortium 1998. Extensible Markup Language (XML) 1.0. Available at: http://www.w3.org/TR/REC-xml.
	25	World Wide Web Consortium 2000. XML Encryption Syntax and Processing. Available at: http://lists.w3.org/Archives/Public/xml-encryption/2000Aug/att-0001/01-xmlencoverview.html.

CITED BY 41

	Wenfei Fan , Chee-Yong Chan , Minos Garofalakis, Secure XML querying with security views, Proceedings of the 2004 ACM SIGMOD international conference on Management of data, June 13-18, 2004, Paris, France
	Barbara Carminati , Elena Ferrari , Elisa Bertino, Securing XML data in third-party distribution systems, Proceedings of the 14th ACM international conference on Information and knowledge management, October 31-November 05, 2005, Bremen, Germany
	Mingfei Jiang , Ada Wai-Chee Fu, Integration and Efficient Lookup of Compressed XML Accessibility Maps, IEEE Transactions on Knowledge and Data Engineering, v.17 n.7, p.939-953, July 2005
	Béatrice Finance , Saïda Medjdoub , Philippe Pucheral, The case for access control on XML relationships, Proceedings of the 14th ACM international conference on Information and knowledge management, October 31-November 05, 2005, Bremen, Germany
	Abhilash Gummadi , Jong P. Yoon , Biren Shah , Vijay Raghavan, A bitmap-based access control for restricted views of XML documents, Proceedings of the 2003 ACM workshop on XML security, October 31-31, 2003, Fairfax, Virginia
	Jingzhu Wang , Sylvia L. Osborn, A role-based approach to access control for XML databases, Proceedings of the ninth ACM symposium on Access control models and technologies, June 02-04, 2004, Yorktown Heights, New York, USA
	Chung-Hwan Lim , Seog Park , Sang H. Son, Access control of XML documents considering update operations, Proceedings of the 2003 ACM workshop on XML security, October 31-31, 2003, Fairfax, Virginia
	Bo Luo , Dongwon Lee , Wang-Chien Lee , Peng Liu, QFilter: fine-grained run-time XML access control via NFA-based query rewriting, Proceedings of the thirteenth ACM international conference on Information and knowledge management, November 08-13, 2004, Washington, D.C., USA
	Marina Bykova , Mikhail Atallah, Succinct specifications of portable document access policies, Proceedings of the ninth ACM symposium on Access control models and technologies, June 02-04, 2004, Yorktown Heights, New York, USA
	Irini Fundulaki , Maarten Marx, Specifying access control policies for XML documents with XPath, Proceedings of the ninth ACM symposium on Access control models and technologies, June 02-04, 2004, Yorktown Heights, New York, USA
	Elisa Bertino , Ravi Sandhu, Database Security-Concepts, Approaches, and Challenges, IEEE Transactions on Dependable and Secure Computing, v.2 n.1, p.2-19, January 2005
	Marina Blanton , Mikhail J. Atallah, Provable bounds for portable and flexible privacy-preserving access, Proceedings of the tenth ACM symposium on Access control models and technologies, June 01-03, 2005, Stockholm, Sweden
	Barbara Carminati , Elena Ferrari, AC-XML documents: improving the performance of a web access control module, Proceedings of the tenth ACM symposium on Access control models and technologies, June 01-03, 2005, Stockholm, Sweden
	Gabriel Kuper , Fabio Massacci , Nataliya Rassadko, Generalized XML security views, Proceedings of the tenth ACM symposium on Access control models and technologies, June 01-03, 2005, Stockholm, Sweden
	E. Bertino , E. Ferrari , G. Mella, An approach to cooperative updates of XML documents in distributed systems, Journal of Computer Security, v.13 n.2, p.191-242, March 2005
	Himanshu Khurana, Scalable security and accounting services for content-based publish/subscribe systems, Proceedings of the 2005 ACM symposium on Applied computing, March 13-17, 2005, Santa Fe, New Mexico
	Naizhen Qi , Michiharu Kudo , Jussi Myllymaki , Hamid Pirahesh, A function-based access control model for XML databases, Proceedings of the 14th ACM international conference on Information and knowledge management, October 31-November 05, 2005, Bremen, Germany
	Junqi Zhang , Vijay Varadharajan , Yi Mu, Secure distribution and access of XML documents, International Journal of High Performance Computing and Networking, v.3 n.5/6, p.356-365, March 2005
	Maggie Duong , Yanchun Zhang, An integrated access control for securely querying and updating XML data, Proceedings of the nineteenth conference on Australasian database, December 03-04, 2007, Gold Coast, Australia
	Ping Lin , K. Selçuk Candan, Enabling access-privacy for random walk based data analysis applications, Data & Knowledge Engineering, v.63 n.3, p.667-683, December, 2007
	Belén Vela , Eduardo Fernández-Medina , Esperanza Marcos , Mario Piattini, Model driven development of secure XML databases, ACM SIGMOD Record, v.35 n.3, p.22-27, September 2006
	Patrick Röder , Omid Tafreschi , Claudia Eckert, History-based access control for XML documents, Proceedings of the 2nd ACM symposium on Information, computer and communications security, March 20-22, 2007, Singapore
	Hui Wang , Laks V. S. Lakshmanan, Efficient secure query evaluation over encrypted XML databases, Proceedings of the 32nd international conference on Very large data bases, September 12-15, 2006, Seoul, Korea
	Huaxin Zhang , Ning Zhang , Kenneth Salem , Donghui Zhuo, Compact access control labeling for efficient secure XML query evaluation, Data & Knowledge Engineering, v.60 n.2, p.326-344, February, 2007
	Giovanni Mella , Elena Ferrari , Elisa Bertino , Yunhua Koglin, Controlled and cooperative updates of XML documents in byzantine and failure-prone distributed systems, ACM Transactions on Information and System Security (TISSEC), v.9 n.4, p.421-460, November 2006
	Bogdan Cautis, Distributed access control: a privacy-conscious approach, Proceedings of the 12th ACM symposium on Access control models and technologies, June 20-22, 2007, Sophia Antipolis, France
	Serge Abiteboul , Bogdan Alexe , Omar Benjelloun , Bogdan Cautis , Irini Fundulaki , Tova Milo , Arnaud Sahuguet, An electronic patient record "on steroids": distributed, peer-to-peer, secure and privacy-conscious, Proceedings of the Thirtieth international conference on Very large data bases, p.1273-1276, August 31-September 03, 2004, Toronto, Canada
	Jae-Ho Choi , Sang-Hyun Park , Myong-Soo Lee , Yon Dohn Chung , SangKeun Lee, XIR: cache invalidation strategy for xml data in mobile environments, Proceedings of the 6th ACM international workshop on Data engineering for wireless and mobile access, June 10-10, 2007, Beijing, China
	Irini Fundulaki , Sebastian Maneth, Formalizing XML access control for update operations, Proceedings of the 12th ACM symposium on Access control models and technologies, June 20-22, 2007, Sophia Antipolis, France
	Nabil Adam , Ahmet Kozanoglu , Aabhas Paliwal , Basit Shafiq, Secure Information Sharing in a Virtual Multi-Agency Team Environment, Electronic Notes in Theoretical Computer Science (ENTCS), 179, p.97-109, July, 2007
	L. Seitz , E. Rissanen , T. Sandholm , B. S. Firozabadi , O. Mulmo, Policy Administration Control and Delegation Using XACML and Delegent, Proceedings of the 6th IEEE/ACM International Workshop on Grid Computing, p.49-54, November 13-14, 2005
	Marina Blanton , Mikhail Atallah, Succinct representation of flexible and privacy-preserving access rights, The VLDB Journal — The International Journal on Very Large Data Bases, v.15 n.4, p.334-354, November 2006
	Jiexing Li , Yufei Tao , Xiaokui Xiao, Preservation of proximity privacy in publishing numerical sensitive data, Proceedings of the 2008 ACM SIGMOD international conference on Management of data, June 09-12, 2008, Vancouver, Canada
	Xiaokui Xiao , Yufei Tao, Dynamic anonymization: accurate statistical analysis with privacy preservation, Proceedings of the 2008 ACM SIGMOD international conference on Management of data, June 09-12, 2008, Vancouver, Canada
	Jianhua Feng , Na Ta , Guoliang Li , Yu Liu , Dapeng Lv, A framework of semantic cache for secure XML query answering: an interesting joint and novel perspective, Proceedings of the 2nd international conference on Scalable information systems, June 06-08, 2007, Suzhou, China
	Loreto Bravo , James Cheney , Irini Fundulaki, ACCOn: checking consistency of XML write-access control policies, Proceedings of the 11th international conference on Extending database technology: Advances in database technology, March 25-29, 2008, Nantes, France
	Hong Zhu , Kevin Lü , Renchao Jin, A practical mandatory access control model for XML databases, Information Sciences: an International Journal, v.179 n.8, p.1116-1133, March, 2009
	Elisa Bertino , Bhavani Thuraisingham , Michael Gertz , Maria Luisa Damiani, Security and privacy for geospatial data: concepts and research directions, Proceedings of the SIGSPATIAL ACM GIS 2008 International Workshop on Security and Privacy in GIS and LBS, November 04-04, 2008, Irvine, California
	Stefan Böttcher , Rita Hartel, Information disclosure by answers to XPath queries, Journal of Computer Security, v.17 n.1, p.69-99, January 2009
	Dong-Xi Liu, CSchema: a downgrading policy language for XML access control, Journal of Computer Science and Technology, v.22 n.1, p.44-53, January 2007
	Jian-Hua Feng , Guo-Liang Li , Na Ta, A semantic cache framework for secure XML queries, Journal of Computer Science and Technology, v.23 n.6, p.988-997, November 2008