Abstract
Organizations are increasingly using the the eXtensible Markup Language (XML) for document representation and exchange on the Web. To protect an XML document from unauthorized access, authorizations are specified on the XML document itself or on the Document Type Definition (DTD) that defines the type of the XML document. Each XML document or DTD is associated with an XML Access Sheet (XAS) that specifies the authorizations. The DTD not being an XML document complicates the specification and enforcement of authorization policies. To overcome the above mentioned problem, XML Schemas need to be used instead of DTDs. In this paper, we show how XAS DTDs can be specified using XML Schemas and propose an access control architecture that can process XAS authorizations. Enforcement of access control allows users to view only those parts of the documents that they are authorized to view. These parts may not conform to the schema of the original document and hence may not be valid. Towards this end we propose a schema loosening algorithm that generates a schema that will be satisfied by documents satisfying the access control requirements.
This work was funded by AFOSR under Award No. FA9550-04-1-0102.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bertino, E., Castano, S., Ferrari, E.: On Specifying Security Policies for Web Documents with an XML-based Language. In: Proceedings of the First ACM Symposium on Access Control Models and Technologies, May 2001, pp. 57–65 (2001)
Bertino, E., Castano, S., Ferrari, E.: Securing XML Documents with Author-χ. IEEE Internet Computing 5, 21–151 (2001)
Bertino, E., Castano, S., Ferrari, E., Mesiti, M.: Specifying and Enforcing Access Control Policies for XML Document Sources. World Wide Web Journal 3(3), 139–151 (2001)
Bertino, E., Ferrari, E.: Secure and Selective Dissemination of XML Documents. ACM Transactions on Information and System Security 5(3), 290–331 (2002)
Damiani, E., Paraboschi, S., Samarati, P.: A Fine-Grained Access Control System for XML Documents. ACM Transactions on Information and System Security 5(2), 169–202 (2002)
Damiani, E., Vimercati, S., Paraboschi, S., Samarati, P.: Design and Implementation of Access Control Processor for XML Documents. In: Proceedings of the Ninth International World Wide Web Conference (May 2000)
Gabillon, A., Bruno, E.: Regulating Access to XML Documents. In: Proceedings of the Fifteenth IFIP WG 11.3 Working Conference on Data and Applications Security, Niagara On the Lake, Canada (July 2001)
Yoon, J.P.: Bitmap-based High-speed Access Control for XML Documents. In: Proceedings of the Seventeenth IFIP WG 11.3 Working Conference on Data and Applications Security, Estes Park, CO (August 2003)
Zhang, X., Park, J., Sandhu, R.: Schema Based XML Security: RBAC Approach. In: Proceedings of the Seventeenth IFIP WG 11.3 Working Conference on Data and Applications Security, Estes Park, CO (August 2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ray, I., Muller, M. (2004). Using Schemas to Simplify Access Control for XML Documents. In: Ghosh, R.K., Mohanty, H. (eds) Distributed Computing and Internet Technology. ICDCIT 2004. Lecture Notes in Computer Science, vol 3347. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30555-2_42
Download citation
DOI: https://doi.org/10.1007/978-3-540-30555-2_42
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-24075-4
Online ISBN: 978-3-540-30555-2
eBook Packages: Computer ScienceComputer Science (R0)