ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Derived access control specification for XML
Full text PdfPdf (204 KB)
Source Workshop On XML Security archive
Proceedings of the 2003 ACM workshop on XML security table of contents
Fairfax, Virginia
SESSION: Access control table of contents
Pages: 1 - 14  
Year of Publication: 2003
ISBN:1-58113-777-X
Authors
Siddhartha K. Goel  Purdue University, West Lafayette, IN
Chris Clifton  Purdue University, West Lafayette, IN
Arnon Rosenthal  The MITRE Corporation, Bedford, MA
Sponsor
SIGSAC: ACM Special Interest Group on Security, Audit, and Control
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 6,   Downloads (12 Months): 59,   Citation Count: 2
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/968559.968561
What is a DOI?

ABSTRACT

The growth in interchange of business and other sensitive data has led to increasing interest in access control. While broad-based access control may be adequate for library-style document bases, new applications demand different access rights on different documents, or different parts of a document. Methods have been developed that enforce fine-grained access control in XML, but the administrative complexity of hard-coding rules is still a challenge. We present an XQuery-based approach for deriving access control rules from schemalevel rules, document or database content, or rules on other documents. This approach provides a novel capability to exploit non-structural information in broadly-applicable rules, making it feasible to specify data- and context-dependent rules for large document sets.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Elisa Bertino , M. Braun , Silvana Castano , Elena Ferrari , Marco Mesiti, Author-X: A Java-Based System for XML Data Protection, Proceedings of the IFIP TC11/ WG11.3 Fourteenth Annual Working Conference on Database Security: Data and Application Security, Development and Directions, p.15-26, August 21-23, 2000
 
2
Elisa Bertino , Silvana Castano , Elena Ferrari , Marco Mesiti, Specifying and enforcing access control policies for XML document sources, World Wide Web, v.3 n.3, p.139-151, 2000  [doi>10.1023/A:1019289831564]
 
3
Ernesto Damiani , Sabrina de Capitani di Vimercati , Stefano Paraboschi , Pierangela Samarati, Design and implementation of an access control processor for XML documents, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.33 n.1-6, p.59-75, June 2000
 
4
Ernesto Damiani , Sabrina De Capitani di Vimercati , Stefano Paraboschi , Pierangela Samarati, Securing XML Documents, Proceedings of the 7th International Conference on Extending Database Technology: Advances in Database Technology, p.121-135, March 27-31, 2000
 
5
Ernesto Damiani , Pierangela Samarati , Sabrina De Capitani di Vimercati , Stefano Paraboschi, Controlling Access to XML Documents, IEEE Internet Computing, v.5 n.6, p.18-28, November 2001  [doi>10.1109/4236.968827]
6
Ernesto Damiani , Sabrina De Capitani di Vimercati , Stefano Paraboschi , Pierangela Samarati, A fine-grained access control system for XML documents, ACM Transactions on Information and System Security (TISSEC), v.5 n.2, p.169-202, May 2002  [doi>10.1145/505586.505590]
7
Sabrina De Capitani di Vimercati, An authorization model for temporal XML documents, Proceedings of the 2002 ACM symposium on Applied computing, March 11-14, 2002, Madrid, Spain  [doi>10.1145/508791.509006]
 
8
Alban Gabillon , Emmanuel Bruno, Regulating access to XML documents, Proceedings of the fifteenth annual working conference on Database and application security, p.299-314, July 15-18, 2001, Niagara, Ontario, Canada
 
9
S. K. Goel. Transitive access control specification for XML. Master's thesis, Purdue University, West Lafayette, IN, Aug. 2003. http://www.cs.purdue.edu/~skgoel/paper.pdf.
 
10
H. Jagadish, L. V. Lakshmanan, D. Srivastava, and T. Yu. Compressed accessibility map: Efficient access control for XML. In Proceedings of the International Conference on Very Large Databases (VLDB), Sept. 2002.
11
Michiharu Kudo , Satoshi Hada, XML document security based on provisional authorization, Proceedings of the 7th ACM conference on Computer and communications security, p.87-96, November 01-04, 2000, Athens, Greece  [doi>10.1145/352600.352613]
 
12
eXtensible Access Control Markup Language (XACML) version 1.0, Feb. 18 2003. http://www.oasisopen.org/committees/xacml/repository/oasisxacml-1.0.pdf.

CITED BY  2
Gabriel Kuper , Fabio Massacci , Nataliya Rassadko, Generalized XML security views, Proceedings of the tenth ACM symposium on Access control models and technologies, June 01-03, 2005, Stockholm, Sweden
Ashish Kundu , Elisa Bertino, Structural signatures for tree data structures, Proceedings of the VLDB Endowment, v.1 n.1, August 2008

INDEX TERMS

Primary Classification:
  H. Information Systems
  H.2 DATABASE MANAGEMENT
      H.2.7 Database Administration
          Subjects: Security, integrity, and protection

Additional Classification:
  H. Information Systems
  H.2 DATABASE MANAGEMENT
      H.2.3 Languages
          Subjects: Query languages
      H.2.4 Systems
          Subjects: Textual databases


General Terms:
Security


Keywords:
XML, access control

Collaborative Colleagues:
Siddhartha K. Goel: colleagues
Chris Clifton: colleagues
Arnon Rosenthal: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player