Abstract
The existing access control has not taken information structures and semantics into full account due to the fundamental limitations of HTML. In addition, access control for XML documents allows only read operations, and there exists the problem of slowing down system performance due to the complex authorization evaluation process. In order to resolve this problem, this paper designs and builds a XACS (XML Access Control System) which is capable of making fined-grained access control. This provides data only corresponding to its users’ authority levels by authorizing them to access only the specific items of XML documents when they’re searching XML documents. In order to do this, the XACS eliminates certain parts of documents which are inaccessible and transmits parts accessible depending on its users’ authority levels. In addition since XML documents are used on the basis of normal web sites, it can be expanded to existing web servers. Ultimately, this paper suggests empirical application to verify the adequacy and the validity with the proposed method. Accordingly, the satisfaction and the quality of mechanism will be improved the XML document.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Bray T (2000) Extensible Markup Language (XML) 1.0. World Wide Web Consortium (W3C), http://www.w3c. org/TR/REC-xml
Mohan S, Sengupta A, Wu Y (2006) A Framework for Access Control for XML, J ACM Trans Syst Inf Secur, pp 1–38
Hada S, Kudo M (2002) XML Access Control Language: Provisional Authorization for XML Documents. www.trl.ibm.com/projects/, pp 1–28
Gabillon A, Bruno E (2001) Regulating access to XML documents. In Proceedings of the 15th Annual IFIP WG 11.3 Working Conference on Database Security
Murat M, Tozawa A, Kudo M, Hada S (2006) Xml access control using static analysis, J ACM Trans Inf Syst Secur
Lim CH, Park S, Son SH (2003) Access Control of XML Documents Considering Update Operations. In Proceedings of the 10th ACM Workshop on XML Security, Fairfax, VA
World Wide Web Consortium (W3C) (2001) XML path language (XPath) 2.0, Available at http://www.w3.org/TR/xpath20
Jo SM, Chung KY (2009) Efficient authorization method for XML document security. J Korea Contents Assoc 9(8):113–120
Jo SM, Chung KY (2008) Policy system of data access control for web service. J Korea Contents Assoc 8(11):25–32
Schmidt AR, Waas F, Kersten ML, Florescu D, Manolescu I, Carey MJ, Busse R (2001) “The XML Benchmark Project,” Technical Report INS-R0103, CWI, Amsterdam
Bertino E, Ferrari E (2002) Secure and selective dissemination of XML documents. J ACM Trans Inf Syst Secur 5(3):290–331
Xinwen Zhang, Jaehong Park, Ravi Sandhu (2003) Schema based XML Security: RBAC Approach, IFIP WG 11.3 Working Conference on Data and Applications Security pp 300–343
Acknowledgement
This research was supported by Basic Science Research Program through the National Research Foundation of Korea funded by the Ministry of Education, Science and Technology. (No. 2011-0008934)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer Science+Business Media B.V.
About this paper
Cite this paper
Jo, SM., Chung, KY. (2012). Access Control Mechanism for XML Document. In: Kim, K., Ahn, S. (eds) Proceedings of the International Conference on IT Convergence and Security 2011. Lecture Notes in Electrical Engineering, vol 120. Springer, Dordrecht. https://doi.org/10.1007/978-94-007-2911-7_7
Download citation
DOI: https://doi.org/10.1007/978-94-007-2911-7_7
Published:
Publisher Name: Springer, Dordrecht
Print ISBN: 978-94-007-2910-0
Online ISBN: 978-94-007-2911-7
eBook Packages: EngineeringEngineering (R0)