Abstract
There has been considerable research in specifying authorization policies for XML documents. Most of these approaches consider only hierarchical structure of underlying data. They define authorization policies by directly identifying XML nodes in the policies. These approaches work well for hierarchical structure but are not suitable for other required characteristics we identify in this paper as semantical association and scatteredness.
This paper presents an attribute based protection model for JSON documents. We assign security-label attribute values to JSON elements and specify authorization policies using these values. By using security-label attribute, we leverage semantical association and scatteredness properties. Our protection mechanism defines two types of policies called authorization and labeling policies. We present an operational model to specify authorization policies and different models for defining labeling policies. Finally, we demonstrate a proof-of-concept for the proposed models in the Swift service of OpenStack IaaS cloud.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
The official YAML website. www.yaml.org. Accessed July 2016
Apache Cassandra. http://cassandra.apache.org/. Accessed Sept 2015
Apache CouchDBâ„¢. http://couchdb.apache.org/. Accessed Sept 2015
MongoDB. http://www.mongodb.org/. Accessed Sept 2015
Twitter API. https://dev.twitter.com/docs/api/1.1/overview. Accessed Sept 2015
Youtube API. https://developers.google.com/youtube/v3/. Accessed Sept 2015
Adam, N.R., Atluri, V., Bertino, E., Ferrari, E.: A content-based authorization model for digital libraries. IEEE KDE 14(2), 296–315 (2002)
Bertino, E., Castano, S., Ferrari, E., Mesiti, M.: Controlled access and dissemination of XML documents. In: 2nd ACM WIDM, pp. 22–27 (1999)
Bertino, E., Castano, S., Ferrari, E., Mesiti, M.: Specifying, enforcing access control policies for XML document sources. World Wide Web 3(3), 139–151 (2000). Springer
Bertino, E., Ferrari, E.: Secure and selective dissemination of XML documents. ACM TISSEC 5(3), 290–331 (2002)
Biswas, P., Sandhu, R., Krishnan, R.: A comparison of logical-formula and enumerated authorization policy ABAC models. In: Ranise, S., Swarup, V. (eds.) DBSec 2016. LNCS, vol. 9766, pp. 122–129. Springer, Heidelberg (2016). doi:10.1007/978-3-319-41483-6_9
Biswas, P., Sandhu, R., Krishnan, R.: Label-based access control: an ABAC model with enumerated authorization policy. In: Proceedings of the 2016 ACM International Workshop on Attribute Based Access Control, pp. 1–12 (2016)
Byun, J.-W., Bertino, E., Li, N.: Purpose based access control of complex data for privacy protection. In: 10th ACM SACMAT (2005)
Clark, J., DeRose, S.: XML path language (XPath) version 1.0 (1999)
Damiani, E., De Capitani di Vimercati, S., Paraboschi, S., Samarati, P.: A fine-grained access control system for XML documents. ACM TISSEC 5(2), 169–202 (2002)
Fan, W., Chan, C.-Y., Garofalakis, M.: Secure XML querying with security views. In: ACM SIGMOD/PODS, pp. 587–598 (2004)
Fundulaki, I., Marx, M.: Specifying access control policies for XML documents with XPath. In: 9th ACM SACMAT, pp. 61–69 (2004)
Goessner, S.: JSONPath Syntax. http://goessner.net/articles/JsonPath/. Accessed Sep 2015
Luo, B., Lee, D., Lee, W.-C., Liu, P., Qfilter: fine-grained run-time XML access control via NFA-based query rewriting. In: ACM CIKM (2004)
Murata, M., Tozawa, A., Kudo, M., Hada, S.: XML access control using static analysis. ACM TISSEC 9(3), 292–324 (2006)
Sandhu, R.S.: Lattice-based access control models. IEEE Comput. 26(11), 9–19 (1993)
Ravi, S.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Rolebased access control models. IEEE Comput. 29(2), 38–47 (1996)
Acknowledgement
This research is partially supported by NSF Grants CNS-1111925 and CNS-1423481.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing AG
About this paper
Cite this paper
Biswas, P., Sandhu, R., Krishnan, R. (2016). An Attribute-Based Protection Model for JSON Documents. In: Chen, J., Piuri, V., Su, C., Yung, M. (eds) Network and System Security. NSS 2016. Lecture Notes in Computer Science(), vol 9955. Springer, Cham. https://doi.org/10.1007/978-3-319-46298-1_20
Download citation
DOI: https://doi.org/10.1007/978-3-319-46298-1_20
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-46297-4
Online ISBN: 978-3-319-46298-1
eBook Packages: Computer ScienceComputer Science (R0)