Skip to main content
SpringerLink
Log in
SpringerLink
Log in

Securing XML Documents

  • Conference paper
  • First Online:
Advances in Database Technology — EDBT 2000 (EDBT 2000)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 1777))

Included in the following conference series:

Abstract

Web-based applications greatly increase information availability and ease of access, which is optimal for public information. The distribution and sharing by the Web of information that must be accessed in a selective way requires the definition and enforcement of security controls, ensuring that information will be accessible only to authorized entities. Approaches proposed to this end level, independently from the semantics of the data to be protected and for this reason result limited. The eXtensible Markup Language (XML), a markup language promoted by the World Wide Web Consortium (W3C), represents an important opportunity to solve this problem. We present an access control model to protect information distributed on the Web that, by exploiting XML’s own capabilities, allows the definition and enforcement of access restrictions directly on the structure and content of XML documents. We also present a language for the specification of access restrictions that uses standard notations and concepts and briefly describe a system architecture for access control enforcement based on existing technology.

This work was supported in part by the INTERDATA and DATA-X - MURST 40% projects and by the Fifth (EC) Framework Programme under the FASTER project.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. AlphaWorks. XML Security Suite, April 1999. http://www.alphaWorks.com/-tech/xmlsecuritysuite.

  2. T. Berners-Lee, R. Fielding, and L. Masinter. Uniform Resource Identifiers (URI): Generic Syntax, 1998. http://www.isi.edu/in-notes/rfc2396.txt.

  3. T. Bray et.al. (ed.). Extensible Markup Language (XML) 1.0. World Wide Web Consortium (W3C), February 1998. http://www.w3.org/TR/REC-xml.

  4. S. Ceri, S. Comai, E. Damiani, P. Fraternali, S. Paraboschi, and L. Tanca. XML-GL: A Graphical Language for Querying and Restructuring XML Documents. In Proc. of the Eighth Int. Conference on the World Wide Web, Toronto, May 1999.

    Google Scholar 

  5. S. Ceri, P. Fraternali, and S. Paraboschi. Data-Driven, One-To-One Web Site Generation for Data-Intensive Applications. In Proc. of the 25th Int. Conference on VLDB, Edinburgh, September 1999.

    Google Scholar 

  6. CheckFree Corp. Open Financial Exchange Specification 1.0.2, 1998. http://www.ofx.net/.

  7. S. DeRose, D. Orchard, and B. Trafford. XML Linking Language (XLINK), July 1999. http://www.w3.org/TR/xlink.

  8. C. Ellerman. Channel Definition Format (CDF), March 1997. http://www.w3.org/TR/NOTE-CDFsubmit.html.

  9. E.B. Fernandez, E. Gudes, and H. Song. AModel of Evaluation and Administration of Security in Object-Oriented Databases. IEEE TKDE, 6(2):275–292, April 1994.

    Google Scholar 

  10. S. Jajodia, P. Samarati, and V.S. Subrahmanian. A Logical Language for Expressing Authorizations. In Proc. of the IEEE Symposium on Security and Privacy, pages 31–42, Oakland, CA, May 1997.

    Google Scholar 

  11. S. Jajodia, P. Samarati, V.S. Subramanian, and E. Bertino. A Unified Framework for Enforcing Multiple Access Control Policies. In Proc. of the 1997 ACM International SIGMOD Conference on Management of Data, Tucson, AZ, May 1997.

    Google Scholar 

  12. T.F. Lunt. Access Control Policies for Database Systems. In C.E. Landwehr, editor, Database Security, II: Status and Prospects, pages 41–52. North-Holland, Amsterdam, 1989.

    Google Scholar 

  13. F. Rabitti, E. Bertino, W. Kim, and D. Woelk. A Model of Authorization for Next-Generation Database Systems. ACM TODS, 16(1):89–131, March 1991.

    Article  Google Scholar 

  14. J. Reagle and L.F. Cranor. The Platform for Privacy Preferences. Communications of the ACM, 42(2):48–55, February 1999.

    Article  Google Scholar 

  15. Rutgers Security Team. WWW Security. A Survey, 1999. http://www-ns.rutgers.edu/www-security/.

  16. P. Samarati, E. Bertino, and S. Jajodia. An Authorization Model for a Distributed Hypertext System. IEEE TKDE, 8(4):555–562, August 1996.

    Google Scholar 

  17. A. van Hoff, H. Partovi, and T. Thai. The Open Software Description Format (OSD), August 1997. http://www.w3.org/TR/NOTE-OSD.html.

  18. L. Wood. Document Object Model Level 1 Specification, October 1998. http://www.w3.org/pub/WWW/REC-DOM-Level-1/.

  19. World Wide Web Consortium (W3C). Extensible Stylesheet Language (XSL) Specification, April 1999. http://www.w3.org/TR/WD-xsl.

  20. World Wide Web Consortium (W3C). XML Path Language (XPath) Version 1.0, October 1999. http://www.w3.org/TR/PR-xpath19991008.

Download references

Author information

Authors and Affiliations

  1. Dip. Scienze Informazione, Università di Milano, 20135, Milano, Italy

    Ernesto Damiani, Sabrina De Capitani di Vimercati & Pierangela Samarati

  2. Dip. Elettronica e Informazione, Politecnico di Milano, 20133, Milano, Italy

    Stefano Paraboschi

Authors
  1. Ernesto Damiani
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sabrina De Capitani di Vimercati
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Stefano Paraboschi
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Pierangela Samarati
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Computer Science Department, University of California, Los Angeles, CA, 90095, USA

    Carlo Zaniolo

  2. Computer Science Department, University of Karlsruhe, P.O. Box 6980, 76128, Karlsruhe, Germany

    Peter C. Lockemann

  3. University of Konstanz, P.O. Box D188, 78457, Konstanz, Germany

    Marc H. Scholl  & Torsten Grust  & 

Rights and permissions

Reprints and permissions

Copyright information

© 2000 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Damiani, E., di Vimercati, S.D.C., Paraboschi, S., Samarati, P. (2000). Securing XML Documents. In: Zaniolo, C., Lockemann, P.C., Scholl, M.H., Grust, T. (eds) Advances in Database Technology — EDBT 2000. EDBT 2000. Lecture Notes in Computer Science, vol 1777. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-46439-5_8

Download citation

  • DOI: https://doi.org/10.1007/3-540-46439-5_8

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-67227-2

  • Online ISBN: 978-3-540-46439-6

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation