A Formal Language for Specifying Complex XML Authorisations with Temporal Constraints

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6151)


The Extensible Markup Language (XML) is utilised in many Internet applications we are using today. However, as with many computing technologies, vulnerabilities exist in XML that can allow for malicious and unauthorised use. Applications that utilise XML are therefore susceptible to security faults if they do not provide their own methods. Our research focuses on developing a formal language which can provide access control to information stored in XML formatted documents. This formal language will have the capacity to reason if access to an XML document should be allowed. Our language, \(\mathcal{A}^{xml(T)}\), allows for the specification of authorisations on XML documents based on the popular Role-based Access Control model. Temporal interval reasoning is the study of logically representing time intervals and relationships between them. As part of our research, we have also included this aspect in our language \(\mathcal{A}^{xml(T)}\) because we believe it will allow us to specify even more powerful access control authorisations.


AI in computer security AI in database logic programming knowledge representation and reasoning access control authorisations XML databases and security 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Allen, J.F.: Towards a general theory of action and time. Artif. Intell. 23(2), 123–154 (1984)zbMATHCrossRefGoogle Scholar
  2. 2.
    Almendros-Jiménez, J.M., Becerra-Terón, A., Enciso-ba, F.J.: Nos. Querying xml documents in logic programming*. Theory Pract. Log. Program. 8(3), 323–361 (2008)zbMATHCrossRefMathSciNetGoogle Scholar
  3. 3.
    Anutariya, C., Chatvichienchai, S., Iwaihara, M., Wuwongse, V., Kambayashi, Y.: A rule-based xml access control model. In: Schröder, M., Wagner, G. (eds.) RuleML 2003. LNCS, vol. 2876, pp. 35–48. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  4. 4.
    Baral, C.: Knowledge Representation, Reasoning and Declarative Problem Solving. Cambridge University Press, Cambridge (2003)zbMATHCrossRefGoogle Scholar
  5. 5.
    Bertino, E., Braun, M., Castano, S., Ferrari, E., Mesiti, M.: Author-x: A java-based system for xml data protection. In: IFIP Workshop on Database Security, pp. 15–26 (2000)Google Scholar
  6. 6.
    Bertino, E., Bettini, C., Ferrari, E., Samarati, P.: An access control model supporting periodicity constraints and temporal reasoning. ACM Trans. Database Syst. 23(3), 231–285 (1998)CrossRefGoogle Scholar
  7. 7.
    Bertino, E., Carminati, B., Ferrari, E.: Access control for xml documents and data. Information Security Technical Report 9(3), 19–34 (2004)CrossRefGoogle Scholar
  8. 8.
    The WWW Consortium. Xml path language (xpath) version 1.0. (1999),
  9. 9.
    The WWW Consortium. Extensible markup language (xml) 1.0 (fifth edition) (November 2008),
  10. 10.
    Crampton, J.: Applying hierarchical and role-based access control to xml documents. In: SWS 2004: Proceedings of the 2004 Workshop on Secure Web Wervice, pp. 37–46. ACM, New York (2004)CrossRefGoogle Scholar
  11. 11.
    Damiani, E., De Capitani Vimercati, S., Paraboschi, S., Sarnarati, P.: Securing xml documents. In: Zaniolo, C., Grust, T., Scholl, M.H., Lockemann, P.C. (eds.) EDBT 2000. LNCS, vol. 1777, pp. 121–135. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  12. 12.
    Damiani, E., De Capitani di Vimercati, S., Paraboschi, S., Samarati, P.: A fine-grained access control system for xml documents. ACM Trans. Inf. Syst. Secur. 5(2), 169–202 (2002)CrossRefGoogle Scholar
  13. 13.
    De Capitani di Vimercati, S., Marrara, S., Samarati, P.: An access control model for querying xml data. In: SWS 2005: Proceedings of the 2005 Workshop on Secure Web Services, pp. 36–42. ACM, New York (2005)CrossRefGoogle Scholar
  14. 14.
    Fan, W., Chan, C., Garofalakis, M.: Secure xml querying with security views. In: SIGMOD 2004: Proceedings of the 2004 ACM SIGMOD International Conference on Management Data. ACM Press, New York (2004)Google Scholar
  15. 15.
    Ferraiolo, D.F., Cugini, J.A., Richard Kuhn, D.: Role-based access control (rbac): Features and motivations. In: 11th Annual Computer Security Applications Proceedings (1995)Google Scholar
  16. 16.
    Gabillon, A.: A formal access control model for xml databases. In: Jonker, W., Petković, M. (eds.) SDM 2005. LNCS, vol. 3674, pp. 86–103. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  17. 17.
    Gelfond, M., Lifschitz, V.: The stable model semantics for logic programming. In: Kowalski, R.A., Bowen, K. (eds.) Proceedings of the Fifth International Conference on Logic Programming, pp. 1070–1080. The MIT Press, Cambridge (1988)Google Scholar
  18. 18.
    Niemelä, I., Simons, P., Syrjänen, T.: Smodels: a system for answer set programming. In: Proceedingsof the 8th International Workshop on Non-Monotonic Reasoning (April 2000)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  1. 1.Intelligent Systems Laboratory School of Computing and MathematicsUniversity of Western SydneyPenrith South DCAustralia

Personalised recommendations