Abstract
The Extensible Markup Language (XML) is utilised in many Internet applications we are using today. However, as with many computing technologies, vulnerabilities exist in XML that can allow for malicious and unauthorised use. Applications that utilise XML are therefore susceptible to security faults if they do not provide their own methods. Our research focuses on developing a formal language which can provide access control to information stored in XML formatted documents. This formal language will have the capacity to reason if access to an XML document should be allowed. Our language, \(\mathcal{A}^{xml(T)}\), allows for the specification of authorisations on XML documents based on the popular Role-based Access Control model. Temporal interval reasoning is the study of logically representing time intervals and relationships between them. As part of our research, we have also included this aspect in our language \(\mathcal{A}^{xml(T)}\) because we believe it will allow us to specify even more powerful access control authorisations.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Allen, J.F.: Towards a general theory of action and time. Artif. Intell. 23(2), 123–154 (1984)
Almendros-Jiménez, J.M., Becerra-Terón, A., Enciso-ba, F.J.: Nos. Querying xml documents in logic programming*. Theory Pract. Log. Program. 8(3), 323–361 (2008)
Anutariya, C., Chatvichienchai, S., Iwaihara, M., Wuwongse, V., Kambayashi, Y.: A rule-based xml access control model. In: Schröder, M., Wagner, G. (eds.) RuleML 2003. LNCS, vol. 2876, pp. 35–48. Springer, Heidelberg (2003)
Baral, C.: Knowledge Representation, Reasoning and Declarative Problem Solving. Cambridge University Press, Cambridge (2003)
Bertino, E., Braun, M., Castano, S., Ferrari, E., Mesiti, M.: Author-x: A java-based system for xml data protection. In: IFIP Workshop on Database Security, pp. 15–26 (2000)
Bertino, E., Bettini, C., Ferrari, E., Samarati, P.: An access control model supporting periodicity constraints and temporal reasoning. ACM Trans. Database Syst. 23(3), 231–285 (1998)
Bertino, E., Carminati, B., Ferrari, E.: Access control for xml documents and data. Information Security Technical Report 9(3), 19–34 (2004)
The WWW Consortium. Xml path language (xpath) version 1.0. (1999), http://www.w3.org/TR/xpath
The WWW Consortium. Extensible markup language (xml) 1.0 (fifth edition) (November 2008), http://www.w3.org/TR/REC-xml
Crampton, J.: Applying hierarchical and role-based access control to xml documents. In: SWS 2004: Proceedings of the 2004 Workshop on Secure Web Wervice, pp. 37–46. ACM, New York (2004)
Damiani, E., De Capitani Vimercati, S., Paraboschi, S., Sarnarati, P.: Securing xml documents. In: Zaniolo, C., Grust, T., Scholl, M.H., Lockemann, P.C. (eds.) EDBT 2000. LNCS, vol. 1777, pp. 121–135. Springer, Heidelberg (2000)
Damiani, E., De Capitani di Vimercati, S., Paraboschi, S., Samarati, P.: A fine-grained access control system for xml documents. ACM Trans. Inf. Syst. Secur. 5(2), 169–202 (2002)
De Capitani di Vimercati, S., Marrara, S., Samarati, P.: An access control model for querying xml data. In: SWS 2005: Proceedings of the 2005 Workshop on Secure Web Services, pp. 36–42. ACM, New York (2005)
Fan, W., Chan, C., Garofalakis, M.: Secure xml querying with security views. In: SIGMOD 2004: Proceedings of the 2004 ACM SIGMOD International Conference on Management Data. ACM Press, New York (2004)
Ferraiolo, D.F., Cugini, J.A., Richard Kuhn, D.: Role-based access control (rbac): Features and motivations. In: 11th Annual Computer Security Applications Proceedings (1995)
Gabillon, A.: A formal access control model for xml databases. In: Jonker, W., Petković, M. (eds.) SDM 2005. LNCS, vol. 3674, pp. 86–103. Springer, Heidelberg (2005)
Gelfond, M., Lifschitz, V.: The stable model semantics for logic programming. In: Kowalski, R.A., Bowen, K. (eds.) Proceedings of the Fifth International Conference on Logic Programming, pp. 1070–1080. The MIT Press, Cambridge (1988)
Niemelä, I., Simons, P., Syrjänen, T.: Smodels: a system for answer set programming. In: Proceedingsof the 8th International Workshop on Non-Monotonic Reasoning (April 2000)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Policarpio, S., Zhang, Y. (2010). A Formal Language for Specifying Complex XML Authorisations with Temporal Constraints. In: Bao, F., Yung, M., Lin, D., Jing, J. (eds) Information Security and Cryptology. Inscrypt 2009. Lecture Notes in Computer Science, vol 6151. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-16342-5_32
Download citation
DOI: https://doi.org/10.1007/978-3-642-16342-5_32
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-16341-8
Online ISBN: 978-3-642-16342-5
eBook Packages: Computer ScienceComputer Science (R0)