Credential-Based Policies Management in an Access Control Framework Protecting XML Resources
XML has been widely adopted for Web data representation under various applications (such as DBMSs, Digital Libraries etc). Therefore, access to XML data sources has become a crucial issue. In this paper we introduce a credential-based access control framework for protecting XML resources. Under this framework, we propose the use of access policy files containing policies concerning a specific credentials type. Moreover, we propose the reorganization of the policies in these files based on their frequency of use (the more frequently it is used the higher in the file it is placed). Our main goal is to improve request servicing times. Several experiments have been conducted which are carried out either on single request or on multiple requests base. The proposed framework is proven quite beneficial for protecting XML-based frameworks such as digital libraries or any other data resources whose format is expressed in XML.
Unable to display preview. Download preview PDF.
- 2.Bertino, E., Castano, S., Ferrari, E.: Securing XML Documents with Author-X. IEEE Internet Computing, 21–31 (May-June 2001)Google Scholar
- 3.Bertino, E., Ferrari, E., Perego, A.: MaX: An Access Control System for Digital Libraries and the Web. In: Proceedings of IEEE Int. Computer Software and Applications Conference, Oxford, England (2002)Google Scholar
- 4.Carminati, B., Ferrari, E.: AC-XML Documents: Improving the Performance of a Web Access Control Module. In: Proceedings of the 10th ACM Symposium of Access Control Models and Technologies, Stockholm, Sweden (2005)Google Scholar
- 5.Murata, M., Tozawa, A., Kudo, M., Hada, S.: XML Access Control Using Static Analysis. In: Proceedings of the 10th ACM Conference on Computer and Communications Security, Washington (2003)Google Scholar
- 6.Pallis, G., Stoupa, K., Vakali, A.: Storage and Access Control Issues for XML Documents. In: Taniar, D., Rahayu, J.W. (eds.) Web Information Systems, pp. 104–140. Idea Group Publishing (2004)Google Scholar
- 7.Sandhu, R.S., Coyne, E.J., Feinstein, H.L.: Role-Based Access Control Models. IEEE Computer, 38–47 (1996)Google Scholar
- 8.Stoupa, K., Vakali, A.: Policies for Web Security Services. In: Ferrari, E., Thuraisingham, B. (eds.) Web and Information Security, pp. 52–72. Idea Group Publishing (2006)Google Scholar
- 9.Winslett, M., Ching, N., Jones, V., Slepchin, I.: Using Digital Credentials on the World-Wide Web. Journal on Computer Security 5, 255–267 (1997)Google Scholar