Skip to main content
SpringerLink
Log in

Management of access control policies for XML document sources

  • Regular contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

The development of suitable mechanisms for securing XML documents is becoming an urgent need since XML is evolving into a standard for data representation and exchange over the Web. To answer this need, we have designed Author-X [1, 3], a Java-based system specifically conceived for the protection of XML documents. Distinguishing features of the access control model of Author-X are the support for a wide range of protection granularity levels and for subject credentials. Another key characteristic of Author-X is the enforcement of different access control strategies for document release: besides the traditional, on user demand, mode of access control, Author-X also supports push distribution, for document dissemination. Managing an access control system based on such a flexible and expressive model requires the design and implementation of suitable administration tools to help the Security Administrator in efficiently performing administrative operations related to access control policies management. In this paper, we present the strategies and related algorithms we have devised for policy management in Author-X , with particular emphasis on information push support. In the paper, besides presenting the algorithms and the related data structures, we provide a complexity study of the proposed algorithms. Additionally, we describe the implementation of the proposed algorithms in the framework of Author-X .

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Bertino E, Castano S, Ferrari E (2001) Author-X: a comprehensive system for securing XML documents. IEEE Internet Comput 5(3):21–31

  2. Bertino E, Castano S, Ferrari E (May 2001) On specifying security policies for Web documents with an XML-based language. In: Proc. of SACMAT’2001, ACM Symposium on Access Control Models and Technologies, Fairfax, VA

  3. Bertino E, Ferrari E (2002) Secure and selective dissemination of XML documents. ACM Transaction of Information System and Security, 5(3):290–331

  4. Damiani E, De Capitani di Vimercati S, Paraboschi S, Samarati P (2000) Securing XML documents. In: Proc. of the Int’l Conference on Extending Database Technology (EDBT2000), Konstanz, Germany

  5. Geuer Pollmann C (2003) The XML security page. http://www.nue.et-inf.uni-siegen.de/∼geuer-pollmann/xml_security.html

  6. Gladney H, Lotspiech J (May 1997) Safeguarding digital library contents and users: assuring convenient security and data quality. D-lib Magazine

  7. Hitchens M, Varadharajan V (2001) RBAC for XML document stores. Information and Communications Security (ICICS01), Lecture Notes in Computer Science, vol 2229. Springer, Berlin Heidelberg New York, pp 131–143

  8. Kudo M, Hada S (2000) XML document security and e-business applications. 7th ACM Conference on Computer and Communication Security, Nov. 2000

  9. Object Design Inc. (1998) An XML data server for building enterprise Web applications. White paper. Available at http://www.odi.com/excelon

  10. Stallings W (2000) Network security essentials: applications and standards. Prentice Hall

  11. Softlock Services Inc. Softlock. http://www.softlock.com

  12. Sibert O, Bernestein D, Van Die D (1995) The DigiBox: a self-protecting container for information commerce. In: Proc. First USENIX WorkShop on Electronic Commerce, New York, July, pp 11–12

  13. Winslett M, Ching N, Jones V, Slepchin I (1997) Using digital credentials on the World Wide Web. J Comput Secur, 5(3):255–267

  14. World Wide Web Consortium (1999) XML path language (Xpath), 1.0. W3C recommendation. Available athttp://www.w3.org/TR/xpath

  15. World Wide Web Consortium (2001) XML query (XQuery), 1.0. W3C working draft. Available athttp://www.w3.org/TR/xquery

  16. World Wide Web Consortium (1998) Extensible markup language (XML) 1.0. Available athttp://www.w3.org/TR/REC-xml

Download references

Author information

Authors and Affiliations

  1. Dipartimento di Informatica e Comunicazione, Universita’ degli Studi di Milano, Via Comelico, 39/41, 20135, Milano, Italy

    Barbara Carminati

  2. Dipartimento di Scienze Chimiche, Fisiche e Matematiche, Universita’ degli Studi dell’Insubria, Via Valleggio, 11, 22100, Como, Italy

    Elena Ferrari

Authors
  1. Barbara Carminati
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Elena Ferrari
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Barbara Carminati or Elena Ferrari .

Rights and permissions

Reprints and permissions

About this article

Cite this article

Carminati , B., Ferrari , E. Management of access control policies for XML document sources. IJIS 1, 236–260 (2003). https://doi.org/10.1007/s10207-003-0020-x

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-003-0020-x

Keywords

Search

Navigation