Skip to main content
SpringerLink
Log in

XML-Based Distributed Access Control System

  • Conference paper
  • First Online:
E-Commerce and Web Technologies (EC-Web 2002)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2455))

Included in the following conference series:

Abstract

The use of attribute certificates andthe concept of mobile policies have been proposedto overcome some of the limitations of the role basedaccess control (RBAC) paradigm andto implement security requirements such as the “originator controlled” (ORCON) policy. Mobile policies are attachedto the data that they control andenforced by their execution in trusted servers. In this paper we extendthis idea to allow the execution of the policies in untrustedsystems. Our extension allows policies to be boundto the data but not attachedto. Through this modification security administrators are able to change policies dynamically and transparently. Additionally, we introduce X-ACS, an XML-based language designedto express policies in a simple andunam biguous way overcoming the limitations of other approaches. Important features of X-ACS are that it can be used by processors with limited capabilities such as smart cards while allowing the automated validation of policies.

Work partially supported by the E.U. through project IST 2001-32446

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Thompson, M., et al.: Certificate-basedAccess Control for Widely Distributed Resources. In: Proc. of the Eighth USENIX Security Symposium (1999) 215–227

    Google Scholar 

  2. Fayad, A., Jajodia, S.: Going Beyond MAC and DAC Using Mobile Policies. In: Proc. of 16th IFIP SEC. Kluwer Academic Publishers (2001)

    Google Scholar 

  3. McCollum, C.J., Messing, J.R., Notargiacomo, L.: Beyondthe pale of MAC and DAC—Defining new forms of access control. In: Proc. of the IEEE Symposium on Security and Privacy (1990) 190–200

    Google Scholar 

  4. Jajodia, S., Samarati, P., Sapino, M.L., Subrahmanian, V.S.: Flexible support for multiple access control policies. ACM Transactions on Database Systems (2000)

    Google Scholar 

  5. Osborn, S., Sandhu, R., Munawer, Q.: Configuring Role-Based Access Control to Enforce Mandatory and Discretionary Access Control Policies. In: ACM Transactions on Information andSystem Security, Vol.3(2) (2000) 85–106

    Article  Google Scholar 

  6. Sandhu, R., Ferraiolo, D., Kuhn, R.: The NIST Model for Role-Based Access Control: Towards a Unified Standard. In: Proc. of the 5th ACM Workshop on RolebasedAccess Control (2000) 47–63

    Google Scholar 

  7. Damianou, N., Dulay, N., Lupu, E., Sloman, M.: The Ponder Policy Specification Language. In: Proc. of Policy Worshop (2001)

    Google Scholar 

  8. Wedde, H.F., Lischka, M.: Modular Authorization. In: Proc. of the 6th ACM Symposium on Access Control Models and Technologies (SACMAT) (2001)

    Google Scholar 

  9. Röscheisen, M., Winograd, T.: A Network-Centric Design for Relationship-based Security and Access Control. In: Journal of Computer Security, Special Issue on Security in the World-Wide Web (1997)

    Google Scholar 

  10. Sloman, M.S.: Policy Driven Management for Distributed Systems. Journal of Network and Systems Management, Vol. 2(4) (1994) 333–360

    Article  Google Scholar 

  11. Jajodia, S., Samarati, P., Subrahmanian, V.S.: A Logical Language for Expressing Authorizations. In: Proc. of IEEE Symp. on Security and Privacy (1997) 31–42

    Google Scholar 

  12. Chadwick, D. W.: An X.509 Role-based Privilege Management Infrastructure. Business Briefing. In: Global Infosecurity (2002) http://www.permis.org/

  13. ContentGuard, Inc.: eXtensible Rights Markup Language, XrML 2.0. (2001) http://www.xrml.org

  14. Org. for the Advancement of Structured Information Standards.: eXtensible Access Control Markup Language. http://www.oasis-open.org/committees/xacml/

  15. Org. for the Advancement of Structured Information Standards.: SAML 1.0 Specification Set (2002) http://www.oasis-open.org/committees/security/

  16. Damiani, E., De Capitani di Vimercati, S., Paraboschi, S., Samarati, P.: A finegrainedaccess control system for XML documents. In: ACM Transactions on Information andSystem Security (TISSEC), to appear.

    Google Scholar 

  17. Yagüe, M.I., Aldana, J.F., Gómez, C.A.: Integrity issues in the Web. In: Doorn, J. and L. Rivero (eds.): Database Integrity: Challenges andSolutions (2002) 293–321

    Google Scholar 

  18. Maña, A., Pimentel, E.: An Efficient Software Protection Scheme. In: Proc. of 16th IFIP SEC. Kluwer Academic Publishers (2001)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Computer Science Department, Spain

    Javier López, Antonio Maña & Mariemma I. Yagüe

Authors
  1. Javier López
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Antonio Maña
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mariemma I. Yagüe
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. IFI, University of Zurich, Winterthurer Straße 190, 8057, Zürich, Switzerland

    Kurt Bauknecht

  2. Institute of Software Technology and Interactive Systems, Vienna University of Technology, Favoritenstraße 9-11/188, 1040, Vienna, Austria

    A Min Tjoa

  3. Institute of Computer Science and Business Informatics, University of Vienna, Liebiggasse 4, 1010, Vienna, Austria

    Gerald Quirchmayr

Rights and permissions

Reprints and permissions

Copyright information

© 2002 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

López, J., Maña, A., Yagüe, M.I. (2002). XML-Based Distributed Access Control System. In: Bauknecht, K., Tjoa, A.M., Quirchmayr, G. (eds) E-Commerce and Web Technologies. EC-Web 2002. Lecture Notes in Computer Science, vol 2455. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45705-4_22

Download citation

  • DOI: https://doi.org/10.1007/3-540-45705-4_22

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-44137-3

  • Online ISBN: 978-3-540-45705-3

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation