Web Data Protection: Principles and Research Issues

  • Elena Ferrari
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3268)


Protection of web documents is a challenging task which requires to address several issues, ranging from the development of suitable policy languages to policy enforcement. In this paper, we discuss the main problems that need to be faced in providing a comprehensive framework for securing web documents and outline possible techniques and mechanisms that can be adopted. Additionally, we discuss research trends in the field and we show the relations that exist between web data protection and clustering information over the web.


Access Control Policy Language Security Policy Security Mechanism Access Control Policy 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bertino, E., Carminati, B., Ferrari, E., Thuraisingham, B., Gupta, A.: Selective and Authentic Third-party Distribution of XML Documents. IEEE Transactions on Knowledge and Data Engineering (to appear)Google Scholar
  2. 2.
    Bertino, E., Castano, S., Ferrari, E.: Author-χ: A Comprehensive System for Securing XML Documents. IEEE Internet Computing 5(3), 21–31 (2001)CrossRefGoogle Scholar
  3. 3.
    Bertino, E., Castano, S., Ferrari, E.: On Specifying Security Policies for Web Documents with an XML-based Language. In: Proc. of the 1st ACM Symposium on Access Control Models and Technologies (SACMAT 2001), Chantilly, Virginia, USA. ACM Press, New York (2001)Google Scholar
  4. 4.
    Bertino, E., Ferrari, E., Mella, G.: Flow Policies: Specification and Enforcement. In: Proc. of the Workshop on Information Assurance (WIA 2004), Phoenix, Arizona, USA (April 2004)Google Scholar
  5. 5.
    Bertino, E., Ferrari, E., Parasiliti Provenza, L.: Signature and Access Control Policies for XML Documents. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol. 2808, pp. 1–22. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  6. 6.
    Ferraiolo, D.F., Sandhu, R.S., Gavrila, S.I., Kuhn, D.R., Chandramouli, R.: Proposed NIST Standard for Role-based Access Control. ACM Transactions on Information and System Security (TISSEC) 4(3) (2001)Google Scholar
  7. 7.
    Merkle, R.C.: A Certified Digital Signature. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 218–238. Springer, Heidelberg (1990)Google Scholar
  8. 8.
    OASIS eXtensible Access Control Markup Language TC. XACML 1.0 Specification Set (Febuary 18, 2003). OASIS Standard, Available at:
  9. 9.
  10. 10.
    Stallings, W.: Network Security Essentials: Applications and Standards. Prentice Hall, Englewood Cliffs (2000)Google Scholar
  11. 11.
    Tajima, K., Hatano, K., Matsukura, T., Sano, R., Tanaka, K.: Discovery and Retrieval of Logical Information Units in Web. In: Proc. of the Workshop on Organizing Web Space (WOWS), Berkeley, CA (1999)Google Scholar
  12. 12.
    World Wide Web Consortium. Extensible Markup Language (XML) 1.0, (Second Edition) (2000), Available at:
  13. 13.
    Xiao, J., Zhang, Y., Jia, X., Li, T.: Measuring Similarity of Interests for Clustering Web-users. In: Proc. of the 12th Australasian conference on Database Technologies, Queensland, Australia (2001)Google Scholar
  14. 14.
    Winslett, M., Ching, N., Jones, V., Slepchin, I.: Using Digital Credentials on the World Wide Web. Journal of Computer Security 7 (1997)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Elena Ferrari
    • 1
  1. 1.Università dell’InsubriaComoItaly

Personalised recommendations