Springer Nature is making SARS-CoV-2 and COVID-19 research free. View research | View latest news | Sign up for updates

CSchema: A Downgrading Policy Language for XML Access Control


The problem of regulating access to XML documents has attracted much attention from both academic and industry communities. In existing approaches, the XML elements specified by access policies are either accessible or inaccessible according to their sensitivity. However, in some cases, the original XML elements are sensitive and inaccessible, but after being processed in some appropriate ways, the results become insensitive and thus accessible. This paper proposes a policy language to accommodate such cases, which can express the downgrading operations on sensitive data in XML documents through explicit calculations on them. The proposed policy language is called calculation-embedded schema (CSchema), which extends the ordinary schema languages with protection type for protecting sensitive data and specifying downgrading operations. CSchema language has a type system to guarantee the type correctness of the embedded calculation expressions and moreover this type system also generates a security view after type checking a CSchema policy. Access policies specified by CSchema are enforced by a validation procedure, which produces the released documents containing only the accessible data by validating the protected documents against CSchema policies. These released documents are then ready to be accessed by, for instance, XML query engines. By incorporating this validation procedure, other XML processing technologies can use CSchema as the access control module.

This is a preview of subscription content, log in to check access.


  1. [1]

    Wenfei Fan, Chee-Yong Chan, Minos Garofalakis. Secure XML querying with security views. In Proc. the 2004 ACM Int. Conf. Management of Data, Paris, France, 2004, pp. 587–598.

  2. [2]

    Damiani E, di Vimercati S, Paraboschi S et al. Securing XML documents. In Proc. Int. Conf. Extending Database Technology, Konstanz, Germany, 2000, LNCS 1777, pp. 121–135.

  3. [3]

    Damiani E, di Vimercati S, Paraboschi S et al. A fine-grained access control system for XML documents. ACM Trans. Information and System Security, 2002, 5(2): 2: 169–202.

  4. [4]

    Bertino E, Ferrari E. Secure and selective dissemination of XML documents. ACM Trans. Information and System Security, 2002, 5(3): 290–331.

  5. [5]

    Gabilon A, Bruno E. Regulating access to XML documents. In Working Conf. Database and Application Security, Ontario, Canada, 2001, pp. 299–314.

  6. [6]

    Makoto Murata, Akihiko Tozawa, Michiharu Kudo, Satoshi Hada. XML access control using static analysis. In Proc. 10th ACM Conf. Computer and Communications Security, Washington DC, USA, 2003, pp. 73–84.

  7. [7]

    Hada S, Kudo M. XML access control language: Provisional authorization for XML documents. 2000,

  8. [8]

    Godik S, Moses T. eXtensible access control markup 2 language (XACML) Version 1.0. 2003,

  9. [9]

    Irini Fundulaki, Maarten Marx. Specifying access control policies for XML documents with XPath. In Proc. the 9th ACM Symp. Access Control Models and Technologies, New York, USA, 2004, pp. 61–69.

  10. [10]

    Stephen Chong, Andrew C Myers. Security policies for downgrading. In Proc. the 11th ACM Conf. Computer and Communications Security, Washington DC, USA, 2004, pp. 198–209.

  11. [11]

    Veronique Benzaken, Giuseppe Castagna, Alain Frisch. CDuce: An XML-centric general-purpose language. In Proc. the 8th Int. Conf. Functional Programming, Uppsala, Sweden, 2003, pp. 51–63.

  12. [12]

    Jerome Simeon, Philip Wadler. The essence of XML. In Proc. the 30th ACM Symp. Principles of Programming Languages, New Orleans, Louisiana, USA, 2003, pp. 1–13.

  13. [13]

    Hosoya H, Pierce B C. XDuce: A typed XML processing language. ACM Trans. Internet Technology, 2003, 3(2): 117–148.

  14. [14]

    Dario Colazzo, Giorgio Ghelli, Paolo Manghi, Carlo Sartiani. Types for path correctness of XML queries. In Proc. the 9th ACM Int. Conf. Functional Programming, Snowbird, USA, 2004, pp. 126–137.

  15. [15]

    Haruo Hosoya, Jerome Vouillon, Benjamin C Pierce. Regular expression types for XML. In Proc. the 5th ACM Int. Conf. Functional Programming, Montreal, Canada, 2000, pp. 11–22.

  16. [16]

    Dongxi Liu, Zhenjiang Hu, Masato Takeichi. An environment for maintaining computation dependency in XML documents. In Proc. the 2005 ACM Symp. Document Engineering, Bristol, UK, 2005, pp. 42–51.

  17. [17]

    W3C Recommendation. XML Query (XQuery). 2005,

  18. [18]

    Bierman G, Meijer E, Schulte W. The essence of data access in Comega. In European Conf. Object-Oriented Programming, LNCS 3586, Glasgow, UK, 2005, pp. 287–311.

  19. [19]

    The Galax Team. Galax: An Implementation of XQuery.

  20. [20]

    Mary Fernandez, Jerome Simeon. Build your own XQuery processor. In EDBT Summer School, Sardinia, Italy, 2004.

  21. [21]

    Serge Abiteboul, Omar Benjelloun, Tova Milo. Positive active XML. In Proc. the 23rd ACM Symp. Principles of Database Systems, Paris, France, 2004, pp. 35–45.

  22. [22]

    Schneider F B, Morrisett G, Harperi R. A language-based approach to security. Informatics: 10 Years Back, 10 Years Ahead, LNCS 2000, Springer-Verlag, 2000, pp. 86–101.

  23. [23]

    George C Necula. Proof-carrying code. In Proc. the 24th ACM Symp. Principles of Programming Languages, Paris, France, 1997, pp. 106–119.

  24. [24]

    Cedric Fournet, Andrew D Gordon. Stack inspection: Theory and variants. In Proc. the 29th ACM Symp. Principles of Programming Languages, Portland, Oregon, USA, 2002, pp. 307–318.

  25. [25]

    Peng Li, Steve Zdancewic. Downgrading policies and relaxed noninterference. In Proc. ACM Symp. Principles of Programming Languages, Long Beach, California, 2005, pp. 158–170.

Download references

Author information

Correspondence to Dong-Xi Liu.

Additional information

Supported by the Program “Comprehensive Development of e-Society Foundation Software” of the MEXT, Japan, under the project “Programmable Structured Documents”.

Rights and permissions

Reprints and Permissions

About this article

Cite this article

Liu, D. CSchema: A Downgrading Policy Language for XML Access Control. J Comput Sci Technol 22, 44–53 (2007).

Download citation


  • access control
  • programming language
  • security policy
  • type system
  • XML