UI Tags: Confidentiality in Office Open XML

  • Lawrence KerrEmail author
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 589)


Maintaining confidentiality of data is critical, particularly in need-to-know environments. Dissemination of classified data must be controlled according to user clearance, and rests on the proper tagging of data to ensure appropriate access. The eXtensible Markup Language (XML) provides opportunity for tagging through its extensibility, and as a standard format for data storage, processing, and transmission. Its widespread usage covers a broad range of applications, especially in productivity software such as the Microsoft Office suite. This paper describes the UI Tags Project which presents a strategy for imposing security tags within Office Open XML (OOXML) format documents used with productivity suites. Leveraging the underlying XML of these document types enforces mandatory and attribute-based access control policies. Project development goals include a comprehensive system based on a native XML database which allows users to upload new documents as well as read, edit, or delete existing documents, and controls for derivative classification.


Mandatory access control Attribute based access control MAC ABAC XML OOXML Confidentiality Security tagging 


  1. 1.
    Ecma, T.C.: Office Open XML (2006)Google Scholar
  2. 2.
    ISO/IEC 29500-1:2012 - Information technology – Document description and processing languages – Office Open XML File Formats – Part 1: Fundamentals and Markup Language Reference (2012). Accessed 30 October 2014
  3. 3.
    Bell, D.E., La Padula, L.J.: Secure computer system: Unified exposition and Multics interpretation (1976)Google Scholar
  4. 4.
    Lunt, T.F.: Polyinstantiation: an inevitable part of a multilevel world. In: 1991 Proceedings of Computer Security Foundations Workshop IV, pp. 236 –238 (1991)Google Scholar
  5. 5.
    Wiseman, S.: Lies, Damned Lies and Databases (1991)Google Scholar
  6. 6.
    Jin, X., Krishnan, R., Sandhu, R.: A unified attribute-based access control model covering DAC, MAC and RBAC. In: Cuppens-Boulahia, N., Cuppens, F., Garcia-Alfaro, J. (eds.) DBSec 2012. LNCS, vol. 7371, pp. 41–55. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  7. 7.
    Kuhn, D.R., Coyne, E.J., Weil, T.R.: Adding attributes to role-based access control. Computer 43(6), 79–81 (2010)CrossRefGoogle Scholar
  8. 8.
    Wang, L., Wijesekera, D., Jajodia, S.: A logic-based framework for attribute based access control. In: Proceedings of the 2004 ACM Workshop on Formal Methods in Security Engineering, pp. 45–55 (2004)Google Scholar
  9. 9.
    Bobba, R., Fatemieh, O., Khan, F., Gunter, C.A., Khurana, H.: Using attribute-based access control to enable attribute-based messaging. In: 2006 22nd Annual Computer Security Applications Conference, ACSAC 2006, pp. 403–413 (2006)Google Scholar
  10. 10.
    Frikken, K., Atallah, M.J., Li, J.: Attribute-based access control with hidden policies and hidden credentials. IEEE Trans. Comput. 55(10), 1259–1270 (2006)CrossRefGoogle Scholar
  11. 11.
    Cirio, L., Cruz, I.F., Tamassia, R.: A role and attribute based access control system using semantic web technologies. In: Meersman, R., Tari, Z. (eds.) OTM-WS 2007, Part II. LNCS, vol. 4806, pp. 1256–1266. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  12. 12.
    Ecma Technical Committee 45, “Office Open Xml Overview.” Ecma International (2006)Google Scholar
  13. 13.
    Standard ECMA-376 (2012). Accessed 30 June 2013
  14. 14.
    Khan, L., Wang, L., Rao, Y.: Change detection of XML documents using signatures. In: Proceedings of Workshop on Real World RDF and Semantic Web Applications (2002)Google Scholar
  15. 15.
    Peters, L.: Change detection in XML trees: a survey. In: 3rd Twente Student Conference on IT (2005)Google Scholar
  16. 16.
    Cobena, G., Abiteboul, S., Marian, A.: Detecting changes in XML documents. In: 2002 Proceedings 18th International Conference on Data Engineering, pp. 41–52 (2002)Google Scholar
  17. 17.
    Lindholm, T.: A three-way merge for XML documents. In: Proceedings of the 2004 ACM Symposium on Document Engineering, pp. 1–10 (2004)Google Scholar
  18. 18.
    Rönnau, S., Pauli, C., Borghoff, U.M.: Merging changes in XML documents using reliable context fingerprints. In: Proceedings of the Eighth ACM Symposium on Document Engineering, pp. 52–61 (2008)Google Scholar
  19. 19.
    Rönnau, S., Philipp, G., Borghoff, U.M.: Efficient change control of XML documents. In: Proceedings of the 9th ACM Symposium on Document Engineering, pp. 3–12 (2009)Google Scholar
  20. 20.
    Kerr, L.: Polyinstantiation in multilevel secure XML databases. MS Thesis, Department of Computer Science, University of Idaho, Moscow, Idaho (2012)Google Scholar
  21. 21.
    Executive Order 13526- Classified National Security Information | The White House (2009). Accessed 22 October 2014
  22. 22.
    Amack, A.S.: Automating derivative classification in multi-level secure documents. MS Thesis, Department of Computer Science, University of Idaho, Moscow, Idaho (2014)Google Scholar
  23. 23.
    Bhaskar, D.V.: Software Design Specification for Storing Multilevel Secure XML for Easy Retrieval. University of Idaho, Moscow (2014)Google Scholar
  24. 24.
    Microsoft Corp. v. i4i Ltd. Partnership - Supreme Court (2010). Accessed 25 November 2014
  25. 25.
    eXistdb - The Open Source Native XML Database. Accessed 22 October 2014
  26. 26.
    Berglund, A., Boag, S., Chamberlin, D., Fernandez, M.F., Kay, M., Robie, J., Siméon, J.: XML path language (xpath). In: World Wide Web Consort. W3C (2003)Google Scholar
  27. 27.
    XQuery 1.0: An XML Query Language (Second Edition) (2011). Accessed 25 November 2014

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  1. 1.University of IdahoMoscowUSA

Personalised recommendations