Abstract
The paper proposes an XML-based approach for a controlled distribution of documents, that must be subject to distributed and collaborative updates. In particular, the approach we propose allows one to attach a flow policy to a document, that partially or totally specifies the list of subjects that have to receive the document. Flow policies associated with documents can be dynamically changed during document transmission. Such modifications are regulated by a set of modification control rules, specified according to a model that we present in this paper. A key feature of the proposed solution is that a subject, upon receiving a document can also locally verify the correctness of the path and of the modification operations possibly performed over it, without interacting with other parties. In the paper, besides presenting the language to specify flow policies and modification control rules, we describe the suite of protocols we have developed to perform the above-mentioned checks on document paths.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Atluri, V., Chun, S.A., Mazzoleni, P.: A Chinese wall security model for decentralized workflow systems. In: Proc. of the 8th ACM conference on Computer and Communications Security, Philadelphia, PA, USA, pp. 48–57 (2001)
Bertino, E., Correndo, G., Ferrari, E., Mella, G.: An Infrastructure for Managing Secure Update Operations for XML Data. In: Proc. of the 8th ACM Symposium on Access Control Models and Technologiesz, Villa Gallia, Como, Italy, June 2-3 (2003)
Bertino, E., Ferrari, E.: Secure and Selective Dissemination of XML Documents. ACM Transactions on Information and System Security (TISSEC) 5(3), 290–331 (2002)
Bertino, E., Ferrari, E., Mella, G.: A Framework for Distributed and Cooperative Updates of XML Documents. In: Proc. of the 16th Annual IFIP WG 11.3, Working Conference on Data and Application Security, Cambridge, UK, July 2002, pp. 211–227 (2002)
Bertino, E., Ferrari, E., Mella, G.: Flow Policies: Specification and Enforcement. In: Proc. of the Workshop on Information Assurance, WIA2004, yeld in conjunction with the 23rd IEEE International Performance Computing and Communications Conference, Phoenix, Arizona, pp. 14–17 (2004)
Damiani, E., De Capitani di Vimercati, S., Paraboschi, S., Samarati, P.: Securing XML Documents. In: Proc. 6th International Conference on Extending Database Technology, Konstanz, Germany, March 2000, pp. 121–135 (2000)
Geuer Pollmann, C.: The XML Security Page , http://www.nue.et-inf.unisiegen.de/~geuer-pollmann/xmlsecurity.html
Security Assertion Markup Language, SAML v1.1 Standard Specification set x: OASIS Standard,September 2 (2003) Available at: http://www.oasis-open.org/committees/tchome.php?wgabbrev=security
Thuraisingham, B., Gupta, A., Bertino, E., Ferrari, E.: Collaborative Commerce and Knowledge Management. Knowledge and Process Management 9(1), 43–53 (2002)
Winslett, M., Ching, N., Jones, V., Slepchin, I.: Using Digital Credentials on the World Wide Web. Journal of Computer Security 7 (1997)
World Wide Web Consortium. Available at: http://www.w3.org/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bertino, E., Ferrari, E., Mella, G. (2004). An XML-Based Approach to Document Flow Verification. In: Zhang, K., Zheng, Y. (eds) Information Security. ISC 2004. Lecture Notes in Computer Science, vol 3225. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30144-8_18
Download citation
DOI: https://doi.org/10.1007/978-3-540-30144-8_18
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-23208-7
Online ISBN: 978-3-540-30144-8
eBook Packages: Springer Book Archive