Abstract
Since XML tends to become the main format to exchange data over the Internet, it is necessary to define a security model to control the access to the content of these documents. Several such models have already been suggested, but we claim that none of them is sufficiently expressive to properly express some basic security requirements, especially those related to entity relationships protection. To cope with these limitations, we suggest to structure the access control policy using the new concept of block. This is used to hide relationships between nodes selected in different blocks. It provides means to specify confidentiality restriction associated with some relationships. An access control model, called XML-BB (XML Block Based Access Control), that includes this concept of block is presented and a formal semantics for this model is defined.
This is a preview of subscription content, log in via an institution to check access.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Sandhu, R., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. IEEE Computer, 38–47 (1996)
Bertino, E., Castano, S., Ferrari, E., Mesiti, M.: Specifying and Enforcing Access Control Policies for XML Document Sources. World Wide Web Journal (2000)
Damiani, E., De Capitani di Vimercati, S., Paraboschi, S., Samarati, P.: Securing XML documents. In: Zaniolo, C., Grust, T., Scholl, M.H., Lockemann, P.C. (eds.) EDBT 2000. LNCS, vol. 1777, p. 121. Springer, Heidelberg (2000)
Damiani, E., De Capitani di Vimercati, S., Paraboschi, S., Samarati, P.: A Fine-Grained Access Control System for XML Documents. In: ACM Transactions on Information and System Security (TISSEC) (2002)
Gabillon, A., Bruno, E.: Regulating Access to XML documents. In: Fifteenth Annual IFIP WG 11.3 Working Conference on Database Security, Niagara on the Lake, Ontario, Canada (2001)
Gabillon, A.: An Authorization Model for XML DataBases. In: ACM Workshop on Secure Web Services, Fairfax, VA (2004)
Kudo, M., Hada, S.: XML Document Security Based on Provisional Authorisation. In: ACM Computer and Communications Security, Athens Greece (2000)
Brewer, D., Nash, M.: The Chinese wall security policy. In: IEEE Symposium on Security and Privacy, Oakland (1989)
Clark, J., DeRose, S.: XML Path Language (XPath) Version 1.0. Technical report, World Wide Web Consortium, W3C (2000), http://www.w3c.org/TR/xpath
Laux, A., Martin, L.: XML Update (XUpdate) language. Technical report, XML:DB working draft (1999), http://www.xmldb.org/xupdate
Fan, W., Chan, C.Y., Garofalakis, M.: Secure XML Querying with Security Views. In: SIGMOD (2004)
Cuppens, F., Miège, A.: Modelling contexts in the Or-BAC model. In: 19th Annual Computer Security Applications Conference, Las Vegas (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Cuppens, F., Cuppens-Boulahia, N., Sans, T. (2005). Protection of Relationships in XML Documents with the XML-BB Model. In: Jajodia, S., Mazumdar, C. (eds) Information Systems Security. ICISS 2005. Lecture Notes in Computer Science, vol 3803. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11593980_11
Download citation
DOI: https://doi.org/10.1007/11593980_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-30706-8
Online ISBN: 978-3-540-32422-5
eBook Packages: Computer ScienceComputer Science (R0)