Abstract
The eXtensible Markup Language (XML) is recognized as a simple and universal standard for storing and exchanging information on the web. The risk of unauthorized leakage of this information mandates the use of access control at various levels of granularity. In this paper, we extend to the context of XML documents the notion of Observation-based Fine Grained Access Control (OFGAC) which was originally designed for the relational databases. In this setting, data are made accessible at various levels of abstractions depending on their sensitivity level. Therefore, unauthorized users are not able to infer the exact content of an attribute or element containing partial sensitive information, while they are allowed to get a relaxed view of it, according to their access rights, represented by a specific property.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bertino, E., Ferrari, E.: Secure and selective dissemination of xml documents. ACM Trans. on Information and System Security 5(3), 290–331 (2002)
Bertino, E., Jajodia, S., Samarati, P.: A flexible authorization mechanism for relational data management systems. ACM Trans. on Information Systems 17(2), 101–140 (1999)
Bouganim, L., Ngoc, F.D., Pucheral, P.: Client-based access control management for xml documents. In: Proc. of the 13th Int. Conf. on Very Large Data Bases (VLDB 2004), pp. 84–95. VLDB Endowment, Toronto (2004)
Cousot, P., Cousot, R.: Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: Conf. Record of the 6th Annual ACM POPL, pp. 238–252. ACM Press, Los Angeles (1977)
Damiani, E., de Capitani di Vimercati, S., Paraboschi, S., Samarati, P.: Design and implementation of an access control processor for xml documents. Journal of Computer and Telecommunications Netowrking 33(1-6), 59–75 (2000)
Damiani, E., De Capitani di Vimercati, S., Paraboschi, S., Samarati, P.: A fine-grained access control system for xml documents. ACM Trans. on Information and System Security 5(2), 169–202 (2002)
Griffiths, P.P., Wade, B.W.: An authorization mechanism for a relational database system. ACM Trans. on Database Systems 1(3), 242–255 (1976)
Halder, R., Cortesi, A.: Observation-based fine grained access control for relational databases. In: Proc. of the 5th Int. Conf. on Software and Data Technologies (ICSOFT 2010), pp. 254–265. INSTICC Press, Athens (2010)
Jajodia, S., Samarati, P., Subrahmanian, V.S., Bertino, E.: A unified framework for enforcing multiple access control policies. SIGMOD Record 26(2), 474–485 (1997)
Koromilas, L., Chinis, G., Fundulaki, I., Ioannidis, S.: Controlling Access to XML Documents Over XML Native and Relational Databases. In: Jonker, W., Petković, M. (eds.) SDM 2009. LNCS, vol. 5776, pp. 122–141. Springer, Heidelberg (2009)
Lee, D., Lee, W.-C., Liu, P.: Supporting XML Security Models Using Relational Databases: A Vision. In: Bellahsène, Z., Chaudhri, A.B., Rahm, E., Rys, M., Unland, R. (eds.) XSym 2003. LNCS, vol. 2824, pp. 267–281. Springer, Heidelberg (2003)
Luo, B., Lee, D., Lee, W.-C., Liu, P.: Qfilter: fine-grained run-time xml access control via nfa-based query rewriting. In: Proc. of the 13th ACM Int. Conf. on Information and Knowledge Management (CIKM 2004), pp. 543–552. ACM Press, Washington D.C (2004)
Murata, M., Tozawa, A., Kudo, M., Hada, S.: Xml access control using static analysis. ACM Trans. on Information and System Security 9(3), 292–324 (2006)
Tan, K.-L., Lee, M.-L., Wang, Y.: Access control of xml documents in relational database systems. In: Proc. of the Int. Conf. on Internet Computing (IC 2001), pp. 185–191. CSREA Press, Las Vegas (2001)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Halder, R., Cortesi, A. (2011). Observation-Based Fine Grained Access Control for XML Documents. In: Chaki, N., Cortesi, A. (eds) Computer Information Systems – Analysis and Technologies. Communications in Computer and Information Science, vol 245. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-27245-5_32
Download citation
DOI: https://doi.org/10.1007/978-3-642-27245-5_32
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-27244-8
Online ISBN: 978-3-642-27245-5
eBook Packages: Computer ScienceComputer Science (R0)