Abstract
Most work on XML access control considers XML nodes as the smallest protection unit. This paper shows the limitation of this approach and introduces an XML access control mechanism that protects inter-node relationships. Our approach provides a finer granularity of access control than the node-based approaches(i.e., more expressive). Moreover, our approach helps achieve the “need-to-know” security principle and the “choice” privacy principle. This paper also shows how our approach can be implemented using a generic label infrastructure and suggests algorithms to create/check a secure set of labeled relationships in an XML document.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bertino, E., Ferrari, E.: Secure and selective dissemination of xml documents. ACM Trans. Inf. Syst. Secur. 5, 290–331 (2002)
Damiani, E., de C. di Vimercati, S., Paraboschi, S., Samarati, P.: A fine-grained access control system for xml documents. ACM Trans. Inf. Syst. Secur. 5, 169–202 (2002)
Fan, W.F., Chan, C.Y., Garofalakis, M.N.: Secure xml querying with security views. In: SIGMOD, pp. 587–598 (2004)
Gabillon, A., Bruno, E.: Regulating access to xml documents. In: Working Conference on Database and Application Security, pp. 311–328 (2001)
Kanza, Y., Mendelzon, A.O., Miller, R., Zhang, Z.: Authorization-transparent access control for xml under the non-truman model. In: EDBT, pp. 222–239 (2006)
Murata, M., Tozawa, A., Kudo, M., Hada, S.: Xml access control using static analysis. In: CCS, pp. 73–84. ACM Press, New York (2003)
Fundulaki, I., Marx, M.: Specifying access control policies for xml documents with xpath. In: SACMAT, pp. 61–69 (2004)
Miklau, G., Suciu, D.: Controlling access to published data using cryptography. In: VLDB, pp. 898–909 (2003)
Bertino, E., Castano, S., Ferrari, E.: On specifying security policies for web documents with an xml-based language. In: SACMAT, pp. 57–65 (2001)
Finance, B., Medjdoub, S., Pucheral, P.: The case for access control on xml relationships. Technical report, INRIA (2005), http://www-smis.inria.fr/dataFiles/FMP05a.pdf
Bhatti, R., Bertino, E., Ghafoor, A., Joshi, J.: Xml-based specification for web services document security. IEEE Computer 4(37), 41–49 (2004)
Wang, J.Z., Osborn, S.L.: A role-based approach to access control for xml databases. In: SACMAT, pp. 70–77 (2004)
IBM: Xml access control (2001), http://xml.coverpages.org/xacl.html
Oasis.: Oasis exensible access control markup language (xacml 2.0) (2005), http://www.oasis-open.org/committees/xacml
Rizvi, S., Mendelzon, A., Sudarshan, S., Roy, P.: Extending query rewriting techniques for fine-grained access control. In: SIGMOD, pp. 551–562 (2004)
Clark, J., DeRose, S.: XML Path Language (XPath) version 1.0 (1999), http://www.w3.org/TR/xpath
Rjaibi, W., Bird, P.: A multi-purpose implementation of mandatory access control in relational database management systems. In: VLDB, pp. 1010–1020 (2004)
Motro, A.: An access authorization model for relational databases based on algebraic manipulation of view definitions. In: ICDE, 1989, pp. 339–347 (1989)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Zhang, Z., Rjaibi, W. (2008). Inter-node Relationship Labeling: A Fine-Grained XML Access Control Implementation Using Generic Security Labels. In: Filipe, J., Obaidat, M.S. (eds) E-Business and Telecommunication Networks. ICETE 2006. Communications in Computer and Information Science, vol 9. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-70760-8_13
Download citation
DOI: https://doi.org/10.1007/978-3-540-70760-8_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-70759-2
Online ISBN: 978-3-540-70760-8
eBook Packages: Computer ScienceComputer Science (R0)