Abstract
Security concerns have been rapidly increasing because of repeated security incidents such as unexpected personal information leakage. Since XML [38] has been playing an important role in IT systems and applications, a big surge of requirements for legislative compliance is driving enterprises to protect their XML data for secure data management as well as privacy protection, and the access control mechanism is a central control point. In this chapter, we are concerned with fine-grained (element- and attribute-level) access control for XML database systems, rather than with document-level access control. We use the term XML access control to address such fine-grained access control. The XML access control deals with XML data and access control policies as well as schema definitions, e.g. XML Schema [40], and queries, e.g. XQuery [36]. The scope of XML access control is not limited to a specific application but covers broader areas that involve XML-based transactional systems such as e-commerce applications (Commerce XML [7] etc.), medical and health record applications (HL7 [16] etc.), and newspaper article distribution and applications (NewsML [17] etc.).
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
R. J. Lipton A. K. Jones and L. Snyder. A linear time algorithm for deciding security. In Proc. 17th Symposium on Foundations of Computer Science, pages 33–41, 1976.
M. Altinel and M. Franklin. Efficient filtering of xml documents for selective dissemination of information. pages 53–64, 2000.
E. Bertino, S. Castano, E. Ferrari, and M. Mesiti. Controlled access and dissemination of xml documents. pages 22–27, 1999.
M. Bishop and L. Snyder. The transfer of information and authority in a protection system. 1979.
L. Bouganim, F. D. Ngoc, and P. Pucheral. Client-based access control management for xml documents. In Proc. of VLDB, pages 84–95, 2004.
S. Cho, S. Amer-Yahia, L. V. S. Lakshmanan, and D. Srivastava. Optimizing the secure evaluation of twig queries. In Proc of VLDB, pages 490–501, 2000.
cXML. cXML Version 1.2.014, Jun 2005. http://www.cxml.org/.
Ernesto Damiani, S. De Capitani di Vimercati, S. Paraboschi, and Pierangela Samarati. Securing xml documents. In Advances in Database Technology-EDBT 2000, 7th International Conference on Extending Database Technology Konstanz, 2000 Proceedings, Springer Verlag LNCS 1777, pages 121–135. VLDB, Mar. 2000.
A. Deutsch and V. Tannen. Containment of regular path expressions under integrity constraints. In Proc. of KRDB, 2001.
Y. Diao, P. Fischer, M. Franklin, and R. To. Efficient and scalable filtering of xml documents. In Demo at ICDE, page 341, 2002.
W. Fan and L. Libkin. On xml integrity constraints in the presence of dtds. In Proceedings of Symposium on Principles of Database Systems, pages 114–125, 2001.
M. F. Fernandez and D. Suciu. Optimizing regular path expressions using graph schemas. In Proc. of ICDE, pages 14–23, 1998.
A. Gabillon and E. Bruno. Regulating access to xml documents. In Proc of Working Conference on Database and Application Security, pages 219–314, 2001.
Christian Geuer-Pollmann. Xml pool encryption. In Proceedings of Workshop on XML Security 2002, 2002.
L. Gong. A secure identity-based capability system. In Proc. IEEE Symposium on Security and Privacy, pages 56–65. IEEE, 1989.
HL7. Health Level 7 Ver 2.5, Jun 2003. http://www.hl7.org/.
International Press Telecommunications Council. NewsML 1.2, Oct 2003. http://www.newsml.org/.
ISO/TEC. Information technology-Open Systems Interconnection-Security frameworks for open systems: Access Control Framework, International Standard, ISO/IEC 10181-3, Sep. 1996.
Sushil Jajodia, Michiharu Kudo, and V. S. Subrahmanian. Provisional Authorizations, volume E-Commerce Security and Privacy, pages 133–159. Anup Ghosh, ed., Kluwer Academic Publishers, Boston, 2000.
R. Kaushik, P. Bohannon, J. F. Naughton, and H. F. Korth. Covering indexes for branching path queries. In Proc. SIGMOD, pages 133–144. ACM, 2002.
D. D. Kha, M. Yoshikawa, and S. Uemura. An xml indexing structure with relative region coordinate. In Proc. ICDE, pages 313–320, 2001.
Michiharu Kudo. Pbac: Provision-based access control model. International Journal of Information Security, 1(2):116–130, Feb 2002.
Michiharu Kudo and Satoshi Hada. Xml document security based on provisional authorization. In 7th ACM Conference on Computer and Communications Security, pages 87–96. ACM, Nov 2000.
Q. Li and B. Moon. Indexing and querying xml data for regular path expressions. In Proc. VLDB, pages 361–370, 2001.
M. Murata, A. Tozawa, M. Kudo, and S. Hada. Xml access control using static analysis. In 10th ACM Conference on Computer and Communication Security, pages 73–84. ACM, Oct 2003.
M. Murata, A. Tozawa, M. Kudo, and S. Hada. Xml access control using static analysis. ACM Transactions on Information and System Security, 2006.
F. Neven and T. Schwentick. Xpath containment in the presence of disjunction, dtds, and variables. In Proc. ICDT, pages 315–329, 2003.
OASIS. OASIS extensible Access Control Markup Language (XACML), Apr. 2002.
N. Qi and M. Kudo. Access-condition-table-driven access control for xml databases. In 9th European Symposium on Research in Computer Security, pages 17–31. ESORICS, 2004.
N. Qi and M. Kudo. Xml access control with policy matching tree. In Proc. ESORICS, pages 3–23, 2005.
N. Qi, M. Kudo, J. Myllymaki, and H. Pirahesh. A function-based access control model for xml databases. In Proc. CIKM, pages 115–122. ACM, 2005.
R. S. Sandhu, E. J. Coyne, H. L. Feinstein, and C. E. Youman. Role-based access control models. IEEE Computer, 29(2):38–47, Feb 1996.
Satoshi Hada and Michiharu Kudo. XML Access Control Language: Provisional Authorization for XML Documents, Apr 2002. http://www.trl.ibm.com/projects/xml/xss4j/docs/xacl-spec.html.
W3C. XML Linking Language (XLink) Version 1.0, W3C Recommendation 27 June 2001, Jun 2001. http://www.w3.org/TR/xlink/#N781.
W3C. XPointer Framework, W3C Recommendation 25 March 2003, Mar 2003. http://www.w3.org/TR/xptr-framework/.
W3C. XQuery 1.0: An XML Query Language, W3C Candidate Recommendation 3 November 2005, Nov 2005. http://www.w3.org/TR/2005/CR-xquery-20051103/.
World Wide Web Consortium. XML Path Language (XPath) Version 1.0, Nov. 1999.
World Wide Web Consortium (W3C). Extensible Markup Language (XML) 1.0, Second Edition, Aug. 2000.
World Wide Web Consortium (W3C). XML Encryption Syntax and Processing, W3C Candidate Recommendation 04 March 2002, Mar. 2002.
World Wide Web Consortium (W3C). XML Schema Part 1: Structures Second Edition, Oct. 2004.
T. Yu, D. Srivastava, L. V. S. Lakshmanan, and H. V. Jagadish. Compressed accessibility map: Efficient access control for xml. In Proc. VLDB, pages 478–489, 2002.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2007 Springer Science+Business Media, LLC
About this chapter
Cite this chapter
Kudo, M., Qi, N. (2007). Access Control Policy Models for XML. In: Yu, T., Jajodia, S. (eds) Secure Data Management in Decentralized Systems. Advances in Information Security, vol 33. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-27696-0_4
Download citation
DOI: https://doi.org/10.1007/978-0-387-27696-0_4
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-27694-6
Online ISBN: 978-0-387-27696-0
eBook Packages: Computer ScienceComputer Science (R0)