Abstract
As large corporations and organizations increasingly exploit the Internet as a means of improving business-transaction efficiency and productivity, it is increasingly common to find operational data and other business information in XML format. Access control for XML database is non-trivial subjects. A number of recent research efforts have considered access control models for XML data[1 − 5]. Our first contribution is a novel model for specifying XML security access control. Given an XML document accompanied by a document DTD, we allow a two-stage access control policies to pledge to security access XML document at file-level and element-level respectively. On the element-level access control, our approach for these access control policies is based on the novel notion of hide-node views. While the hide-node view DTD is exposed to authorized users, neither the internal XPath annotations nor the full document DTD is visible. Authorized users can only operate data over the hide-node view, making use of the exposed view DTD to access data. Our hide-node view mechanism guarantees that unauthorized user cannot access sensitive data and protects the schema information from access by unauthorized users. We think that the schema information also is sensitive data and should be protected from gain through the data accessing.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Damiani, E., di Vimercati, S., Paraboschi, S., Samarati, P.: A Fine-Grained Access Control System for XML documents. TISSEC 5(2), 169–202 (2002)
Hada, S., Kudo, M.: XML access control language: Provisional authorization for XML documents, http://www.trl.ibm.com/projects/xml/xacl/xacl-spec.html
Oasis. eXtensible Access Control Markup Language (XACML), http://www.oasis-open.org/committees/xcaml
Li, L., He, Y.Z., Feng, D.G.: A Fine-Grained Mandatory Access Control Model for XML Documents. Journal of software 15(10), 1528–1537 (2004)
Sandhu, R., Coyne, E.J., Feinstein, H.L.: Role Based Access Control Models. IEEE Computer 29(2), 38–47 (1996)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Sun, W., Liu, Dx., Wang, T. (2005). Two-Stage Access Control Model for XML Security. In: Fox, E.A., Neuhold, E.J., Premsmit, P., Wuwongse, V. (eds) Digital Libraries: Implementing Strategies and Sharing Experiences. ICADL 2005. Lecture Notes in Computer Science, vol 3815. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11599517_64
Download citation
DOI: https://doi.org/10.1007/11599517_64
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-30850-8
Online ISBN: 978-3-540-32291-7
eBook Packages: Computer ScienceComputer Science (R0)