ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Generalized XML security views
Full text PdfPdf (168 KB)
Source Symposium on Access Control Models and Technologies archive
Proceedings of the tenth ACM symposium on Access control models and technologies table of contents
Stockholm, Sweden
SESSION: Access control for XML document table of contents
Pages: 77 - 84  
Year of Publication: 2005
ISBN:1-59593-045-0
Authors
Gabriel Kuper  Università di Trento
Fabio Massacci  Università di Trento
Nataliya Rassadko  Università di Trento
Sponsors
ACM: Association for Computing Machinery
SIGSAC: ACM Special Interest Group on Security, Audit, and Control
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 9,   Downloads (12 Months): 106,   Citation Count: 4
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1063979.1063994
What is a DOI?

ABSTRACT

We investigate a generalization of the notion of XML security view introduced by Stoica and Farkas [17] and later refined by Fan et al. [8]. The model consists of access control policies specified over DTDs with XPath expression for data-dependent access control policies. We provide the notion of security views for characterizing information accessible to authorized users. This is a transformed (sanitized) DTD schema that can be used by users for query formulation and optimization. Then we show an algorithm to materialize "authorized" version of the document from the view and an algorithm to construct the view from an access control specification. We also propose a number of generalizations for security policies.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Michael Benedikt , Wenfei Fan , Gabriel M. Kuper, Structural Properties of XPath Fragments, Proceedings of the 9th International Conference on Database Theory, p.79-95, January 08-10, 2003
2
Elisa Bertino , Elena Ferrari, Secure and selective dissemination of XML documents, ACM Transactions on Information and System Security (TISSEC), v.5 n.3, p.290-331, August 2002  [doi>10.1145/545186.545190]
 
3
T. Bray, J. Paoli, and C. M. Sperberg-McQueen. Extensible Markup Language (XML) 1.0. W3C, Feb. 1998.
 
4
S. Cho, S. Amer-Yahia, L. Lakshmanan, and D. Srivastava. Optimizing the secure evaluation of twig queries. In Proceedings of the International Conference on Very Large Data Bases, 2002.
 
5
J. Clark and S. DeRose. XML Path Language (XPath) Version 1.0. W3C Recommendation. http://www.w3.org/TR/xpath, November 1999.
6
Ernesto Damiani , Sabrina De Capitani di Vimercati , Stefano Paraboschi , Pierangela Samarati, A fine-grained access control system for XML documents, ACM Transactions on Information and System Security (TISSEC), v.5 n.2, p.169-202, May 2002  [doi>10.1145/505586.505590]
 
7
S. De Capitani di Vimercati and P. Samarati. Access control: Policies, models, and mechanism. In R. Focardi and F. Gorrieri, editors, Foundations of Security Analysis and Design - Tutorial Lectures, volume 2171 of Lecture Notes in Computer Science. Springer-Verlag, 2001.
8
Wenfei Fan , Chee-Yong Chan , Minos Garofalakis, Secure XML querying with security views, Proceedings of the 2004 ACM SIGMOD international conference on Management of data, June 13-18, 2004, Paris, France  [doi>10.1145/1007568.1007634]
9
Irini Fundulaki , Maarten Marx, Specifying access control policies for XML documents with XPath, Proceedings of the ninth ACM symposium on Access control models and technologies, June 02-04, 2004, Yorktown Heights, New York, USA  [doi>10.1145/990036.990046]
10
Siddhartha K. Goel , Chris Clifton , Arnon Rosenthal, Derived access control specification for XML, Proceedings of the 2003 ACM workshop on XML security, October 31-31, 2003, Fairfax, Virginia  [doi>10.1145/968559.968561]
 
11
G. Gottlob, C. Koch, and R. Pichler. Efficient algorithm for processing XPath queries. In Proceedings of the International Conference on Very Large Data Bases, 2002.
 
12
S. Hada and M. Kudo. XML Access Control Language: Provisional Authorization for XML Documents. http://www.trl.ibm.com/projects/xml/xacl/, 2000.
 
13
T. F. Lunt , D. E. Denning , R. R. Schell , M. Heckman , W. R. Shockley, The SeaView Security Model, IEEE Transactions on Software Engineering, v.16 n.6, p.593-607, June 1990  [doi>10.1109/32.55088]
14
Makoto Murata , Akihiko Tozawa , Michiharu Kudo , Satoshi Hada, XML access control using static analysis, Proceedings of the 10th ACM conference on Computer and communications security, October 27-30, 2003, Washington D.C., USA  [doi>10.1145/948109.948122]
 
15
Xiaolei Qian, View-Based Access Control with High Assurance, Proceedings of the 1996 IEEE Symposium on Security and Privacy, p.85, May 06-08, 1996
 
16
P. D. Stachour , B. Thuraisingham, Design of LDV: A Multilevel Secure Relational Database Management, IEEE Transactions on Knowledge and Data Engineering, v.2 n.2, p.190-209, June 1990  [doi>10.1109/69.54719]
 
17
A. Stoica and C. Farkas. Secure XML views. In Research Directions in Data and Applications Security, IFIP WG 11.3 Sixteenth International Conference on Data and Applications Security, volume 256, pages 133--146. Kluwer, 2003.
18
Jingzhu Wang , Sylvia L. Osborn, A role-based approach to access control for XML databases, Proceedings of the ninth ACM symposium on Access control models and technologies, June 02-04, 2004, Yorktown Heights, New York, USA  [doi>10.1145/990036.990047]

CITED BY  4
Padmapriya Ayyagari , Prasenjit Mitra , Dongwon Lee , Peng Liu , Wang-Chien Lee, Incremental adaptation of XPath access control views, Proceedings of the 2nd ACM symposium on Information, computer and communications security, March 20-22, 2007, Singapore
Loreto Bravo , James Cheney , Irini Fundulaki, ACCOn: checking consistency of XML write-access control policies, Proceedings of the 11th international conference on Extending database technology: Advances in database technology, March 25-29, 2008, Nantes, France
Hye-Kyeong Ko , Min-Jeong Kim , SangKeun Lee, On the efficiency of secure XML broadcasting, Information Sciences: an International Journal, v.177 n.24, p.5505-5521, December, 2007
Ernesto Damiani , Majirus Fansi , Alban Gabillon , Stefania Marrara, A general approach to securely querying XML, Computer Standards & Interfaces, v.30 n.6, p.379-389, August, 2008

INDEX TERMS

Primary Classification:
  H. Information Systems
  H.2 DATABASE MANAGEMENT
      H.2.7 Database Administration
          Subjects: Security, integrity, and protection


General Terms:
Algorithms, Security


Keywords:
XML access control, XML views, XPath

Collaborative Colleagues:
Gabriel Kuper: colleagues
Fabio Massacci: colleagues
Nataliya Rassadko: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player