Skip to main content

A Formal Language for Specifying Complex XML Authorisations with Temporal Constraints

  • Conference paper

Part of the Lecture Notes in Computer Science book series (LNSC,volume 6151)

Abstract

The Extensible Markup Language (XML) is utilised in many Internet applications we are using today. However, as with many computing technologies, vulnerabilities exist in XML that can allow for malicious and unauthorised use. Applications that utilise XML are therefore susceptible to security faults if they do not provide their own methods. Our research focuses on developing a formal language which can provide access control to information stored in XML formatted documents. This formal language will have the capacity to reason if access to an XML document should be allowed. Our language, \(\mathcal{A}^{xml(T)}\), allows for the specification of authorisations on XML documents based on the popular Role-based Access Control model. Temporal interval reasoning is the study of logically representing time intervals and relationships between them. As part of our research, we have also included this aspect in our language \(\mathcal{A}^{xml(T)}\) because we believe it will allow us to specify even more powerful access control authorisations.

Keywords

  • AI in computer security
  • AI in database
  • logic programming
  • knowledge representation and reasoning
  • access control
  • authorisations
  • XML databases and security

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-642-16342-5_32
  • Chapter length: 15 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   84.99
Price excludes VAT (USA)
  • ISBN: 978-3-642-16342-5
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   109.00
Price excludes VAT (USA)

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Allen, J.F.: Towards a general theory of action and time. Artif. Intell. 23(2), 123–154 (1984)

    MATH  CrossRef  Google Scholar 

  2. Almendros-Jiménez, J.M., Becerra-Terón, A., Enciso-ba, F.J.: Nos. Querying xml documents in logic programming*. Theory Pract. Log. Program. 8(3), 323–361 (2008)

    MATH  CrossRef  MathSciNet  Google Scholar 

  3. Anutariya, C., Chatvichienchai, S., Iwaihara, M., Wuwongse, V., Kambayashi, Y.: A rule-based xml access control model. In: Schröder, M., Wagner, G. (eds.) RuleML 2003. LNCS, vol. 2876, pp. 35–48. Springer, Heidelberg (2003)

    CrossRef  Google Scholar 

  4. Baral, C.: Knowledge Representation, Reasoning and Declarative Problem Solving. Cambridge University Press, Cambridge (2003)

    MATH  CrossRef  Google Scholar 

  5. Bertino, E., Braun, M., Castano, S., Ferrari, E., Mesiti, M.: Author-x: A java-based system for xml data protection. In: IFIP Workshop on Database Security, pp. 15–26 (2000)

    Google Scholar 

  6. Bertino, E., Bettini, C., Ferrari, E., Samarati, P.: An access control model supporting periodicity constraints and temporal reasoning. ACM Trans. Database Syst. 23(3), 231–285 (1998)

    CrossRef  Google Scholar 

  7. Bertino, E., Carminati, B., Ferrari, E.: Access control for xml documents and data. Information Security Technical Report 9(3), 19–34 (2004)

    CrossRef  Google Scholar 

  8. The WWW Consortium. Xml path language (xpath) version 1.0. (1999), http://www.w3.org/TR/xpath

  9. The WWW Consortium. Extensible markup language (xml) 1.0 (fifth edition) (November 2008), http://www.w3.org/TR/REC-xml

  10. Crampton, J.: Applying hierarchical and role-based access control to xml documents. In: SWS 2004: Proceedings of the 2004 Workshop on Secure Web Wervice, pp. 37–46. ACM, New York (2004)

    CrossRef  Google Scholar 

  11. Damiani, E., De Capitani Vimercati, S., Paraboschi, S., Sarnarati, P.: Securing xml documents. In: Zaniolo, C., Grust, T., Scholl, M.H., Lockemann, P.C. (eds.) EDBT 2000. LNCS, vol. 1777, pp. 121–135. Springer, Heidelberg (2000)

    CrossRef  Google Scholar 

  12. Damiani, E., De Capitani di Vimercati, S., Paraboschi, S., Samarati, P.: A fine-grained access control system for xml documents. ACM Trans. Inf. Syst. Secur. 5(2), 169–202 (2002)

    CrossRef  Google Scholar 

  13. De Capitani di Vimercati, S., Marrara, S., Samarati, P.: An access control model for querying xml data. In: SWS 2005: Proceedings of the 2005 Workshop on Secure Web Services, pp. 36–42. ACM, New York (2005)

    CrossRef  Google Scholar 

  14. Fan, W., Chan, C., Garofalakis, M.: Secure xml querying with security views. In: SIGMOD 2004: Proceedings of the 2004 ACM SIGMOD International Conference on Management Data. ACM Press, New York (2004)

    Google Scholar 

  15. Ferraiolo, D.F., Cugini, J.A., Richard Kuhn, D.: Role-based access control (rbac): Features and motivations. In: 11th Annual Computer Security Applications Proceedings (1995)

    Google Scholar 

  16. Gabillon, A.: A formal access control model for xml databases. In: Jonker, W., Petković, M. (eds.) SDM 2005. LNCS, vol. 3674, pp. 86–103. Springer, Heidelberg (2005)

    CrossRef  Google Scholar 

  17. Gelfond, M., Lifschitz, V.: The stable model semantics for logic programming. In: Kowalski, R.A., Bowen, K. (eds.) Proceedings of the Fifth International Conference on Logic Programming, pp. 1070–1080. The MIT Press, Cambridge (1988)

    Google Scholar 

  18. Niemelä, I., Simons, P., Syrjänen, T.: Smodels: a system for answer set programming. In: Proceedingsof the 8th International Workshop on Non-Monotonic Reasoning (April 2000)

    Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Policarpio, S., Zhang, Y. (2010). A Formal Language for Specifying Complex XML Authorisations with Temporal Constraints. In: Bao, F., Yung, M., Lin, D., Jing, J. (eds) Information Security and Cryptology. Inscrypt 2009. Lecture Notes in Computer Science, vol 6151. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-16342-5_32

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-16342-5_32

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-16341-8

  • Online ISBN: 978-3-642-16342-5

  • eBook Packages: Computer ScienceComputer Science (R0)