Access Control Models for XML

  • S. De Capitani di Vimercati
  • S. Foresti
  • S. Paraboschi
  • P. Samarati
Chapter

Summary

XML has become a crucial tool for data storage and exchange. In this chapter, after a brief introduction on the basic structure of XML, we illustrate the most important characteristics of access control models. We then discuss two models for XML documents, pointing out their main characteristics. We finally present other proposals, describing their main features and their innovation compared to the previous two models.

Keywords

Access Control Access Control Policy Access Control Model Path Expression XPath Expression 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
This is a preview of subscription content, log in to check access.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Bray, T., Paoli, J., Sperberg-McQueen, C.M., Maler, E., Yergeau, F.: Extensible markup language (XML) 1.0 (fourth edition) (August 2006) W3C Recommendation.Google Scholar
  2. 2.
    Berglund, A.: Extensible stylesheet language (XSL) version 1.1 (December 2006) W3C Recommendation.Google Scholar
  3. 3.
    Clark, J., DeRose, S.: XML path language (XPath) version 1.0 (November 1999) W3C Recommendation.Google Scholar
  4. 4.
    Boag, S., Chamberlin, D., Fernndez, M.F., Florescu, D., Robie, J., Simon, J.: XQuery 1.0: An XML query language (January 2007) W3C Recommendation.Google Scholar
  5. 5.
    Bertino, E., Ferrari, E.: Secure and selective dissemination of XML documents. ACM Transaction Information System Security 5(3) (August 2002) 290–331Google Scholar
  6. 6.
    Qi, N., Kudo, M.: Access-condition-table-driven access control for XML databases. In: Proc. of the 9th European Symposium on Research in Computer Security, Sophia Antipolis, France (September 2004)Google Scholar
  7. 7.
    Qi, N., Kudo, M.: XML access control with policy matching tree. In: Proc. of the 10th European Symposium on Research in Computer Security, Milan, Italy (September 2005)Google Scholar
  8. 8.
    Gabillon, A.: An authorization model for XML databases. In: Proc. of the 2004 Workshop on Secure Web Service (SWS04), Fairfax, Virginia (November 2004)Google Scholar
  9. 9.
    Damiani, E., De Capitani di Vimercati, S., Paraboschi, S., Samarati, P.: A fine-grained access control system for XML documents. ACM Transaction Information System Security 5(2) (May 2002) 169–202Google Scholar
  10. 10.
    Kudo, M., Hada, S.: Xml document security based on provisional authorization. In: Proc. of the 7th ACM Conference on Computer and Communications Security (CCS00). (November 2000)Google Scholar
  11. 11.
    Jajodia, S., Samarati, P., Sapino, M., Subrahmanian, V.: Flexible support for multiple access control policies ACM Transactions on Database Systems 26(2) (June 2001) 214–260CrossRefGoogle Scholar
  12. 12.
    Samarati, P., di Vimercati, S.D.C.: Access control: Policies, models, and mechanisms. In Focardi, R., Gorrieri, R., eds.: Foundations of Security Analysis and Design. LNCS 2171. Springer-Verlag (2001)Google Scholar
  13. 13.
    Murata, M., Tozawa, A., Kudo, M., Hada, S.: XML access control using static analysis. ACM Transaction Information System Security 9(3) (August 2006) 292–324CrossRefGoogle Scholar
  14. 14.
    Damiani, E., De Capitani di Vimercati, S., Paraboschi, S., Samarati, P.: Design and implementation of an access control processor for XML documents. Computer Networks 33(1-6) (June 2000) 59–75CrossRefGoogle Scholar
  15. 15.
    Damiani, E., De Capitani di Vimercati, S., Paraboschi, S., Samarati, P.: Securing XML documents. In: Proc. of the 7th International Conference on Extending Database Technology (EDBT00), Konstanz, Germany (March 2000)Google Scholar
  16. 16.
    Damiani, E., Samarati, P., De Capitani di Vimercati, S., Paraboschi, S.: Controlling access to XML documents. IEEE Internet Computing 5(6) (November/December 2001) 18–28CrossRefGoogle Scholar
  17. 17.
    Qi, N., Kudo, M., Myllymaki, J., Pirahesh, H.: A function-based access control model for XML databases. In: Proc. of the 2005 ACM CIKM International Conference on Information and Knowledge Management, Bremen, Germany (October - November 2005)Google Scholar
  18. 18.
    Yu, T., Srivastava, D., Lakshmanan, L.V.S., Jagadish, H.V.: Compressed accessibility map: Efficient access control for XML. In: Proc. of the 28th International Conference on Very Large Data Bases (VLDB), Hong Kong, China (August 2002)Google Scholar
  19. 19.
    Luo, B., Lee, D., Lee, W.C., Liu, P.: QFilter: fine-grained run-time XML access control via NFA-based query rewriting. In: Proc. of the 2004 ACM CIKM International Conference on Information and Knowledge Management, Washington, DC, USA (November 2004)Google Scholar
  20. 20.
    Fan, W., Chan, C.Y., Garofalakis, M.: Secure XML querying with security views. In: Proc. of the 2004 ACM SIGMOD International Conference on Management of Data, Paris, France (June 2004)Google Scholar
  21. 21.
    Gabillon, A., Bruno, E.: Regulating access to XML documents. In: Proc. of the Fifteenth Annual Working Conference on Database and Application Security (Das01), Niagara, Ontario, Canada (July 2002)Google Scholar
  22. 22.
    Tan, K.L., Lee, M.L., Wang, Y.: Access control of XML documents in relational database systems. In: Proc. of the 2001 International Conference on Internet Computing, Las Vegas, Nevada, USA (June 2001)Google Scholar
  23. 23.
    Bertino, E., Braun, M., Castano, S., Ferrari, E., Mesiti, M.: Author-X: A Java-based system for XML data protection. In: Proc. of the IFIP TC11/ WG11.3 Fourteenth Annual Working Conference on Database Security, Amsterdam, The Netherlands (August 2000)Google Scholar
  24. 24.
    Bertino, E., Castano, S., Ferrari, E.: Securing XML documents with Author-X. IEEE Internet Computing 5(3) (May/June 2001) 21–31CrossRefGoogle Scholar
  25. 25.
    Bertino, E., Castano, S., Ferrari, E., Mesiti, M.: Specifying and enforcing access control policies for XML document sources. World Wide Web 3(3) (June 2000) 139–151MATHCrossRefGoogle Scholar
  26. 26.
    Goel, S.K., Clifton, C., Rosenthal, A.: Derived access control specification for XML. In: Proc. of the 2003 ACM Workshop on XML Security (XMLSEC-03), New York (October 2003)Google Scholar
  27. 27.
    Finance, B., Medjdoub, S., Pucheral, P.: The case for access control on XML relationships. In: Proc. of the 2005 ACM CIKM International Conference on Information and Knowledge Management, Bremen, Germany (October - November 2005)Google Scholar
  28. 28.
    Gowadia, V., Farkas, C.: RDF metadata for XML access control. In: Proc. of the 2003 ACM Workshop on XML Security (XMLSEC-03), New York (October 2003)Google Scholar
  29. 29.
    Hitchens, M., Varadharajan, V.: RBAC for XML document stores. In: Proc. of the Third International Conference on Information and Communications Security (ICICS01), Xian, China (November 2001)Google Scholar
  30. 30.
    Bouganim, L., Ngoc, F.D., Pucheral, P.: Client-based access control management for XML documents. In: Proc of the 30th VLDB Conference, Tornoto, Canada (September 2004)Google Scholar
  31. 31.
    Miklau, G., Suciu, D.: Controlling access to published data using cryptography. In: Proc. of the 29th VLDB Conference, Berlin, Germany (September 2003)Google Scholar
  32. 32.
    Wang, H., Lakshmanan, L.V.S.: Efficient secure query evaluation over encrypted XML databases. In: Proc. of the 32nd VLDB Conference, Seoul, Korea (September 2006)Google Scholar

Copyright information

© Springer Science+Business Media, LLC. 2008

Authors and Affiliations

  • S. De Capitani di Vimercati
    • 1
  • S. Foresti
    • 1
  • S. Paraboschi
    • 2
  • P. Samarati
    • 1
  1. 1.University of Milan26013 CremaItaly
  2. 2.University of BergamoItaly

Personalised recommendations