Skip to main content
SpringerLink
Log in

A Formal Language for Specifying Complex XML Authorisations with Temporal Constraints

  • Conference paper
Information Security and Cryptology (Inscrypt 2009)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6151))

Included in the following conference series:

Abstract

The Extensible Markup Language (XML) is utilised in many Internet applications we are using today. However, as with many computing technologies, vulnerabilities exist in XML that can allow for malicious and unauthorised use. Applications that utilise XML are therefore susceptible to security faults if they do not provide their own methods. Our research focuses on developing a formal language which can provide access control to information stored in XML formatted documents. This formal language will have the capacity to reason if access to an XML document should be allowed. Our language, \(\mathcal{A}^{xml(T)}\), allows for the specification of authorisations on XML documents based on the popular Role-based Access Control model. Temporal interval reasoning is the study of logically representing time intervals and relationships between them. As part of our research, we have also included this aspect in our language \(\mathcal{A}^{xml(T)}\) because we believe it will allow us to specify even more powerful access control authorisations.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Allen, J.F.: Towards a general theory of action and time. Artif. Intell. 23(2), 123–154 (1984)

    Article  MATH  Google Scholar 

  2. Almendros-Jiménez, J.M., Becerra-Terón, A., Enciso-ba, F.J.: Nos. Querying xml documents in logic programming*. Theory Pract. Log. Program. 8(3), 323–361 (2008)

    Article  MATH  MathSciNet  Google Scholar 

  3. Anutariya, C., Chatvichienchai, S., Iwaihara, M., Wuwongse, V., Kambayashi, Y.: A rule-based xml access control model. In: Schröder, M., Wagner, G. (eds.) RuleML 2003. LNCS, vol. 2876, pp. 35–48. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  4. Baral, C.: Knowledge Representation, Reasoning and Declarative Problem Solving. Cambridge University Press, Cambridge (2003)

    Book  MATH  Google Scholar 

  5. Bertino, E., Braun, M., Castano, S., Ferrari, E., Mesiti, M.: Author-x: A java-based system for xml data protection. In: IFIP Workshop on Database Security, pp. 15–26 (2000)

    Google Scholar 

  6. Bertino, E., Bettini, C., Ferrari, E., Samarati, P.: An access control model supporting periodicity constraints and temporal reasoning. ACM Trans. Database Syst. 23(3), 231–285 (1998)

    Article  Google Scholar 

  7. Bertino, E., Carminati, B., Ferrari, E.: Access control for xml documents and data. Information Security Technical Report 9(3), 19–34 (2004)

    Article  Google Scholar 

  8. The WWW Consortium. Xml path language (xpath) version 1.0. (1999), http://www.w3.org/TR/xpath

  9. The WWW Consortium. Extensible markup language (xml) 1.0 (fifth edition) (November 2008), http://www.w3.org/TR/REC-xml

  10. Crampton, J.: Applying hierarchical and role-based access control to xml documents. In: SWS 2004: Proceedings of the 2004 Workshop on Secure Web Wervice, pp. 37–46. ACM, New York (2004)

    Chapter  Google Scholar 

  11. Damiani, E., De Capitani Vimercati, S., Paraboschi, S., Sarnarati, P.: Securing xml documents. In: Zaniolo, C., Grust, T., Scholl, M.H., Lockemann, P.C. (eds.) EDBT 2000. LNCS, vol. 1777, pp. 121–135. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  12. Damiani, E., De Capitani di Vimercati, S., Paraboschi, S., Samarati, P.: A fine-grained access control system for xml documents. ACM Trans. Inf. Syst. Secur. 5(2), 169–202 (2002)

    Article  Google Scholar 

  13. De Capitani di Vimercati, S., Marrara, S., Samarati, P.: An access control model for querying xml data. In: SWS 2005: Proceedings of the 2005 Workshop on Secure Web Services, pp. 36–42. ACM, New York (2005)

    Chapter  Google Scholar 

  14. Fan, W., Chan, C., Garofalakis, M.: Secure xml querying with security views. In: SIGMOD 2004: Proceedings of the 2004 ACM SIGMOD International Conference on Management Data. ACM Press, New York (2004)

    Google Scholar 

  15. Ferraiolo, D.F., Cugini, J.A., Richard Kuhn, D.: Role-based access control (rbac): Features and motivations. In: 11th Annual Computer Security Applications Proceedings (1995)

    Google Scholar 

  16. Gabillon, A.: A formal access control model for xml databases. In: Jonker, W., Petković, M. (eds.) SDM 2005. LNCS, vol. 3674, pp. 86–103. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  17. Gelfond, M., Lifschitz, V.: The stable model semantics for logic programming. In: Kowalski, R.A., Bowen, K. (eds.) Proceedings of the Fifth International Conference on Logic Programming, pp. 1070–1080. The MIT Press, Cambridge (1988)

    Google Scholar 

  18. Niemelä, I., Simons, P., Syrjänen, T.: Smodels: a system for answer set programming. In: Proceedingsof the 8th International Workshop on Non-Monotonic Reasoning (April 2000)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Intelligent Systems Laboratory School of Computing and Mathematics, University of Western Sydney, Penrith South DC, NSW, 1797, Australia

    Sean Policarpio & Yan Zhang

Authors
  1. Sean Policarpio
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yan Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Institute for Infocomm Research, Singapore

    Feng Bao

  2. Google Inc. and Computer Science Department, Columbia University, Room 464, S.W. Mudd Building, 10027, New York, NY, USA

    Moti Yung

  3. Institute of Software, SKLOIS, Chinese Academy of Sciences, 100190, Beijing, China

    Dongdai Lin

  4. SKLOIS, Graduate University of Chinese Academy of Sciences, 19A Yuquan Road, 100049, Beijing, China

    Jiwu Jing

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Policarpio, S., Zhang, Y. (2010). A Formal Language for Specifying Complex XML Authorisations with Temporal Constraints. In: Bao, F., Yung, M., Lin, D., Jing, J. (eds) Information Security and Cryptology. Inscrypt 2009. Lecture Notes in Computer Science, vol 6151. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-16342-5_32

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-16342-5_32

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-16341-8

  • Online ISBN: 978-3-642-16342-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation