XML Access Control
XML access control refers to the practice of limiting access to (parts of) XML data to only authorized users. Similar to access control over other types of data and resources, XML access control is centered around two key problems: (i) the development of formal models for the specification of access control policies over XML data; and (ii) techniques for efficient enforcement of access control policies over XML data.
Access control is one of the fundamental security mechanisms in information systems. It is concerned with who can access which information under what circumstances. The need for access control arises naturally when a multi-user system offers selective access to shared information. As one of the oldest problems in security, access control has been studied extensively in a variety of contexts, including operating systems, databases, and computer networks.
The most influential policy models today are discretional access control (DAC),...
- 5.Fan W, Chan CY, Garofalakis M. Secure XML querying with security views. In: Proceedings of the ACM SIGMOD International Conference on Management of Data; 2004. p. 587–98.Google Scholar
- 6.Koudas N, Rabinovich M, Srivastava D, Yu T. Routing XML queries. In: Proceedings of the 20th International Conference on Data Engineering; 2004. p. 844.Google Scholar
- 7.Kudo M, Hada S. XML document security based on provisional authorization. In: Proceedings of the 7th ACM Conference on Computer and Communications Security; 2002. p. 87–96.Google Scholar
- 8.Li F, Luo B, Liu P, Lee D, Chu CH. Automaton segmentation: a new approach to preserve privacy in XML information brokering. In: Proceedings of the 14th ACM Conference on Computer and Communications Security; 2007. p. 508–18.Google Scholar
- 9.Luo B, Lee D, Lee WC, Liu P. QFilter: fine-grained run-time XML access control via NFA-based query rewriting. In: Proceedings Intrnational Conference on Information and Knowledge Management; 2004. p. 543–52.Google Scholar
- 10.Murata M, Tozawa A, Kudo M. XML access control using static analysis. In: Proceedings of the 10th ACM Conference on Computer and Communication Security; 2003. p. 73–84.Google Scholar