Advertisement

From XML to RDF: Syntax, Semantics, Security, and Integrity (Invited Paper)

  • C. Farkas
  • V. Gowadia
  • A. Jain
  • D. Roy
Conference paper
Part of the IFIP International Federation for Information Processing book series (IFIPAICT, volume 193)

Abstract

In this paper we evaluate security methods for eXtensible Markup Language (XML) and the Resource Description Framework (RDF). We argue that existing models are insufficient to provide high assurance security for future Web-based applications. We begin with a brief overview of XML access control models, where the protection objects are identified by the XML syntax. However, these approaches are limited to handle updates and structural modifications of the XML documents. We argue that XML security methods must be based on the intended meaning of XML and the semantics of the application using XML. We identify two promising research directions to extend the XML model with semantics. The first approach incorporates traditional database concepts, like key and integrity constraints, in the XML model. The second approach aims to associate XML documents with metadata supporting Web-based applications. We propose the development of security models based on these semantics-oriented approaches to achieve high assurance. Further, we investigate the security needs of Web metadata, like RDF, RDFS, and OWL. In particular, we study the security risks of unwanted inferences and data aggregation, supported by these languages.

Keywords

Access Control Resource Description Framework Security Model Access Control Policy Access Control Model 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. [1]
    Kowari-metastore. http://www.kowari.org.Google Scholar
  2. [2]
    B. Aleman-Meza, C. Halaschek, J. B. Arpinar, and A. Sheth. Context-aware semantic association ranking. In Proceedings of the First International Work-shop on Semantic Web and Databases, pages 33–50. LSDIS Lab, University of Georgia, 2003.Google Scholar
  3. [3]
    K. Anyanwu and A. Sheth. p-Queries: Enabling Querying for Semantic Associations on the Semantic Web. In WWW’ 03: Proceedings of the 12th international conference on World Wide Web, pages 690–699, New York, NY, USA, 2003. ACM Press.Google Scholar
  4. [4]
    B. Atkinson, G. Della-Libera, S. Hada, and M. Hondo. Web Services Security (WS-Security). http://www-106.ibm.com/developerworks/webservices/library/ws-secure/, April 2002.Google Scholar
  5. [5]
    T. Bellwood, L. Clment, and C. von Riegen. Universal Description, Discovery and Integration (UDDI) V3.0. http://uddi.org/pubs/uddi-v3.0.1-20031014.pdf, October 2003. OASIS Specification.Google Scholar
  6. [6]
    E. Bertino, M. Braun, S. Castano, E. Ferrari, and M. Mesiti. Author-X: A Java-based System for XML Data Protection. In Proc. IFIP WG11.3 Working Conference on Database Security, The Netherlands, August 2000.Google Scholar
  7. [7]
    E. Bertino, S. Castano, and E. Ferrari. Securing XML Documents with Author-X. IEEE Internet Computing, 5(3):21–31, 2001.CrossRefGoogle Scholar
  8. [8]
    E. Bertino, S. Castano, E. Ferrari, and M. Mesiti. Controlled Access and Dissemination of XML Documents. In Proc. of 2nd ACM Workshop on Web Information and Data Management, pages 22–27, Kansas City, 1999.Google Scholar
  9. [9]
    E. Bertino, S. Castano, E. Ferrari, and M. Mesiti. Specifying and enforcing access control policies for XML document sources. World Wide Web, 3(3): 139–151, 2000.CrossRefzbMATHGoogle Scholar
  10. [10]
    P. Buneman, S. Davidson, W. Fan, C. Hara, and W.-C. Tan. Reasoning about keys for XML. Information Systems, 28(8): 1037–1063, 2003.CrossRefGoogle Scholar
  11. [11]
    E. Christensen, F. Curbera, G. Meredith, and S. Weerawarana. Web Services Description Language (WSDL) 1.1. http://www.w3.org/TR/wsdl, March 2001.Google Scholar
  12. [12]
    E. Damiani, S. De Capitani di Vimercati, S. Paraboschi, and P. Samarati. A fine-grained Access Control System for XML documents. ACM Trans. Inf. Syst. Secur., 5(2): 169–202, 2002.CrossRefGoogle Scholar
  13. [13]
    E. Damiani, S. D. C. di Vimercati, S. Paraboschi, and P. Samarati. Design and Implementation of an Access Control Processor for XML Documents. In 9th World Wide Web Conference, The Netherlands, 2000.Google Scholar
  14. [14]
    E. Damiani, S. D. C. di Vimercati, S. Paraboschi, and P. Samarati. Securing XML Documents. In Conference on Extending Database Technology, Prague, March 2002.Google Scholar
  15. [15]
    W. Fan and L. Libkin. On XML integrity constraints in the presence of DTDs. J. ACM, 49(3):368–406, 2002.MathSciNetCrossRefGoogle Scholar
  16. [16]
    W. Fan and J. Simeon. Integrity Constraints for XML. In Symposium on Principles of Database Systems, pages 23–34, 2000.Google Scholar
  17. [17]
    C. Farkas and A. Stoica. Correlated Data Inference in Ontology Guided XML Security Engine. In Proc. of IFIP WG 11.3 Working Group Conference on Data and Application Security, 2003.Google Scholar
  18. [18]
    V. Gowadia and C. Farkas. RDF metadata for XML Access Control. In Proceedings of the 2003 ACM workshop on XML security, pages 39–48. ACM Press, 2003.Google Scholar
  19. [19]
    V. Gowadia and C. Farkas. Tree automata for Schema-level Filtering of XML Associations. Journal of Research and Practice in Information Technology, page In Press, 2005.Google Scholar
  20. [20]
    E. Hung, Y. Deng, and V. S. Subrahmanian. TOSS: an extension of TAX with Ontologies and similarity queries. In SIGMOD’ 04: Proceedings of the 2004 ACM SIGMOD international conference on Management of data, pages 719–730, New York, NY, USA, 2004. ACM Press.Google Scholar
  21. [21]
    H. V. Jagadish, L. V. S. Lakshmanan, D. Srivastava, and K. Thompson. TAX: A Tree Algebra for XML. In Proceedings of DBPL’01, pages 149–164, 2001.Google Scholar
  22. [22]
    S. Jajodia, M. Kudo, and V. S. Subrahmanian. Provisional Authorizations. In Proc. 1st Workshop on Security and Privacy in E-Commerce, 2000.Google Scholar
  23. [23]
    N. Kodali, C. Farkas, and D. Wijesekera. An Authorization Model for Multimedia Digital Libraries. Journal of Digital Libraries, 4:139–155, 2004.CrossRefGoogle Scholar
  24. [24]
    N. Kodali, C. Farkas, and D. Wijesekera. Enforcing Semantics Aware Security in Multimedia Surveillance. Journal on Data Semantics (Springer LNCS) (Invited), 2:199–221, 2005.CrossRefGoogle Scholar
  25. [25]
    M. Kudo and S. Hada. XML document security based on provisional authorization. In CCS’ 00: Proceedings of the 7th ACM conference on Computer and communications security, pages 87–96, New York, NY, USA, 2000. ACM Press.Google Scholar
  26. [26]
    M. Kudo and S. Hada. Access Control Model with Provisional Actions. In IEICE Trans. Fundamentals, 2001.Google Scholar
  27. [27]
    S. Liu, J. Mei, A. Yue, and Z. Lin. XSDL: Making XML Semantics Explicit. In Proc. of Semantic Web and Databases, Second International Workshop, pages 64–83, Toronto, Canada, August 2004.Google Scholar
  28. [28]
    N. Mitra. SOAP Version 1.2 Part 0: Primer. http://www.w3.org/TR/2003/REC-soap12-part0-20030624/, June 2003.Google Scholar
  29. [29]
    M. Murata, A. Tozawa, M. Kudo, and S. Hada. XML Access Control using Static Analysis. In CCS’ 03: Proceedings of the 10th ACM conference on Computer and communications security, pages 73–84. ACM Press, 2003.Google Scholar
  30. [30]
    L. Qin and V. Atluri. Concept-level Access Control for the Semantic Web. In Proceedings of the 2003 ACM workshop on XML security, pages 94–103. ACM Press, 2003.Google Scholar
  31. [31]
    P. Reddivari, T. Finin, and A. Joshi. Policy based Access Control for a RDF Store. In Proceedings of the Policy Management for the Web Workshop, A WWW 2005 Workshop, pages 78–83. W3C, May 2005.Google Scholar
  32. [32]
    D. Roy. Multilevel XML Data Model. Master’s thesis, University of South Carolina, Columbia, July 2005.Google Scholar
  33. [33]
    A. Sheth, B. Aleman-Mezal, I. B. Arpinar, C. Halaschek, C. Ramakrishnan, C. Bertram, Y. Warke, D. Avant, F. S. Arpinar, K. Anyanwu, and K. Kochut. Semantic Association Identification and Knowledge Discovery for National Security Applications. Special Issue of JOURNAL OF DATABASE MANAGEMENT on Database Technology for Enhancing National Security, Ed. Lina Zhou. (Invited paper)., August 2003.Google Scholar
  34. [34]
    A. Sheth, C. Bertram, D. Avant, B. Hammond, K. Kochut, and Y. Warke. Managing semantic content for the web. IEEE Internet Computing, 6(4):80–87, 2002.CrossRefGoogle Scholar
  35. [35]
    A. Stoica and C. Farkas. Secure XML Views. In Proc. of IFIP WG11.3 Working Group Conference on Database and Application Security, 2002.Google Scholar
  36. [36]
    A. Stoica and C. Farkas. Ontology guided Security Engine. Journal of Intelligent Information Systems, 23:209–223, 2004.CrossRefzbMATHGoogle Scholar

Copyright information

© International Federation for Information Processing 2005

Authors and Affiliations

  • C. Farkas
    • 1
  • V. Gowadia
    • 1
  • A. Jain
    • 1
  • D. Roy
    • 1
  1. 1.Information Security Lab, Department of Computer Science and EngineeringUniversity of South CarolinaColumbia

Personalised recommendations