Skip to main content
SpringerLink
Log in

CSchema: A Downgrading Policy Language for XML Access Control

  • Regular Paper
  • Published:
Journal of Computer Science and Technology Aims and scope Submit manuscript

Abstract

The problem of regulating access to XML documents has attracted much attention from both academic and industry communities. In existing approaches, the XML elements specified by access policies are either accessible or inaccessible according to their sensitivity. However, in some cases, the original XML elements are sensitive and inaccessible, but after being processed in some appropriate ways, the results become insensitive and thus accessible. This paper proposes a policy language to accommodate such cases, which can express the downgrading operations on sensitive data in XML documents through explicit calculations on them. The proposed policy language is called calculation-embedded schema (CSchema), which extends the ordinary schema languages with protection type for protecting sensitive data and specifying downgrading operations. CSchema language has a type system to guarantee the type correctness of the embedded calculation expressions and moreover this type system also generates a security view after type checking a CSchema policy. Access policies specified by CSchema are enforced by a validation procedure, which produces the released documents containing only the accessible data by validating the protected documents against CSchema policies. These released documents are then ready to be accessed by, for instance, XML query engines. By incorporating this validation procedure, other XML processing technologies can use CSchema as the access control module.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Wenfei Fan, Chee-Yong Chan, Minos Garofalakis. Secure XML querying with security views. In Proc. the 2004 ACM Int. Conf. Management of Data, Paris, France, 2004, pp. 587–598.

  2. Damiani E, di Vimercati S, Paraboschi S et al. Securing XML documents. In Proc. Int. Conf. Extending Database Technology, Konstanz, Germany, 2000, LNCS 1777, pp. 121–135.

  3. Damiani E, di Vimercati S, Paraboschi S et al. A fine-grained access control system for XML documents. ACM Trans. Information and System Security, 2002, 5(2): 2: 169–202.

    Article  Google Scholar 

  4. Bertino E, Ferrari E. Secure and selective dissemination of XML documents. ACM Trans. Information and System Security, 2002, 5(3): 290–331.

    Article  Google Scholar 

  5. Gabilon A, Bruno E. Regulating access to XML documents. In Working Conf. Database and Application Security, Ontario, Canada, 2001, pp. 299–314.

  6. Makoto Murata, Akihiko Tozawa, Michiharu Kudo, Satoshi Hada. XML access control using static analysis. In Proc. 10th ACM Conf. Computer and Communications Security, Washington DC, USA, 2003, pp. 73–84.

  7. Hada S, Kudo M. XML access control language: Provisional authorization for XML documents. 2000, http://www.trl.ibm.com/projects/xml/xacl.

  8. Godik S, Moses T. eXtensible access control markup 2 language (XACML) Version 1.0. 2003, http://www.oasis-open.org/specs/index.php.

  9. Irini Fundulaki, Maarten Marx. Specifying access control policies for XML documents with XPath. In Proc. the 9th ACM Symp. Access Control Models and Technologies, New York, USA, 2004, pp. 61–69.

  10. Stephen Chong, Andrew C Myers. Security policies for downgrading. In Proc. the 11th ACM Conf. Computer and Communications Security, Washington DC, USA, 2004, pp. 198–209.

  11. Veronique Benzaken, Giuseppe Castagna, Alain Frisch. CDuce: An XML-centric general-purpose language. In Proc. the 8th Int. Conf. Functional Programming, Uppsala, Sweden, 2003, pp. 51–63.

  12. Jerome Simeon, Philip Wadler. The essence of XML. In Proc. the 30th ACM Symp. Principles of Programming Languages, New Orleans, Louisiana, USA, 2003, pp. 1–13.

  13. Hosoya H, Pierce B C. XDuce: A typed XML processing language. ACM Trans. Internet Technology, 2003, 3(2): 117–148.

    Article  Google Scholar 

  14. Dario Colazzo, Giorgio Ghelli, Paolo Manghi, Carlo Sartiani. Types for path correctness of XML queries. In Proc. the 9th ACM Int. Conf. Functional Programming, Snowbird, USA, 2004, pp. 126–137.

  15. Haruo Hosoya, Jerome Vouillon, Benjamin C Pierce. Regular expression types for XML. In Proc. the 5th ACM Int. Conf. Functional Programming, Montreal, Canada, 2000, pp. 11–22.

  16. Dongxi Liu, Zhenjiang Hu, Masato Takeichi. An environment for maintaining computation dependency in XML documents. In Proc. the 2005 ACM Symp. Document Engineering, Bristol, UK, 2005, pp. 42–51.

  17. W3C Recommendation. XML Query (XQuery). 2005, http://www.w3.org/XML/Query.

  18. Bierman G, Meijer E, Schulte W. The essence of data access in Comega. In European Conf. Object-Oriented Programming, LNCS 3586, Glasgow, UK, 2005, pp. 287–311.

  19. The Galax Team. Galax: An Implementation of XQuery. http://www.galaxquery.org.

  20. Mary Fernandez, Jerome Simeon. Build your own XQuery processor. In EDBT Summer School, Sardinia, Italy, 2004.

  21. Serge Abiteboul, Omar Benjelloun, Tova Milo. Positive active XML. In Proc. the 23rd ACM Symp. Principles of Database Systems, Paris, France, 2004, pp. 35–45.

  22. Schneider F B, Morrisett G, Harperi R. A language-based approach to security. Informatics: 10 Years Back, 10 Years Ahead, LNCS 2000, Springer-Verlag, 2000, pp. 86–101.

  23. George C Necula. Proof-carrying code. In Proc. the 24th ACM Symp. Principles of Programming Languages, Paris, France, 1997, pp. 106–119.

  24. Cedric Fournet, Andrew D Gordon. Stack inspection: Theory and variants. In Proc. the 29th ACM Symp. Principles of Programming Languages, Portland, Oregon, USA, 2002, pp. 307–318.

  25. Peng Li, Steve Zdancewic. Downgrading policies and relaxed noninterference. In Proc. ACM Symp. Principles of Programming Languages, Long Beach, California, 2005, pp. 158–170.

Download references

Author information

Authors and Affiliations

  1. Department of Mathematical Informatics, University of Tokyo, Tokyo, Japan

    Dong-Xi Liu

Authors
  1. Dong-Xi Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Dong-Xi Liu.

Additional information

Supported by the Program “Comprehensive Development of e-Society Foundation Software” of the MEXT, Japan, under the project “Programmable Structured Documents”.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Liu, DX. CSchema: A Downgrading Policy Language for XML Access Control. J Comput Sci Technol 22, 44–53 (2007). https://doi.org/10.1007/s11390-007-9012-z

Download citation

  • Received:

  • Revised:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11390-007-9012-z

Keywords

Search

Navigation