Abstract
Reasoning about the access control model for AXML documents is a non-trivial topic because of its own challenging issues: the hierarchical nature of XML with embedded service call and query transformation. In this paper, we present a methodology to specify an access control model (GUPster) for AXML (Active XML) documents by translating a query, schema, and access control policy in CSP language. Then, we show how to verify access control policies of AXML documents, by illustrating the running example, with the FDR model checker. Finally, the examples demonstrate that our automated static verification is efficient to analyze security problems, not only whether the policies give legitimate users enough permissions to read data, but also whether the policies prevent unauthorized users from reading sensitive data.
This work was supported by the INRIA projects ARC-ASAX.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Abiteboul, S., Alxe, B., Benjelloun, O., Cautis, B., Fundulaki, I., Milo, T., Sahuguet, A.: An Electronic Patient Record ”On Steroids”: Distributed, Peer-to-Peer, Secure and Privacy-conscious. In: Proceedings of VLDB Conference (2004)
Bryans, J.: Reasoning about XACML policies using CSP. In: Proceedings of SWS Workshop, pp. 28–35 (2005)
Active XML (AXML) Home Page (2004), http://activexml.net
E. Damiani. S. De Capitani di Vimercati, S. Paraboschi, and P. Samarati. “A Fine-Grained Access Control System for XML Documents”, TISSEC, 5(2):169-202, 2002.
Formal Systems Ltd. FDR2 User Manual (Aug. 1999)
Gabillion, A., Bruno, E.: Regulating Access to XML Documents. In: Proceedings of Working Conference on Database and Application Security (2001)
Godik, S., Moses, T.: eXtensible Access Control Markup Language(XACML) version 1.0. Technical Report, OASIS (2003)
Murata, M., Tozawa, A., Kudo, M.: XML Access Control Using Static Analysis. In: Proceedings of CCS Conference, pp. 73–84 (2002)
Roscoe, A.W.: The Theory and Practice of Concurrency. Prentice-Hall, Englewood Cliffs (1997)
Sahuguet, A., Hull, R., Lieuwen, D.F., Xiong, M.: Enter Once, Share Everywhere: User Profile Management in Converged Networks. In: Proceedings of CIDR Conference (2003)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer Berlin Heidelberg
About this paper
Cite this paper
Kim, IG. (2007). Static Verification of Access Control Model for AXML Documents . In: Dong, G., Lin, X., Wang, W., Yang, Y., Yu, J.X. (eds) Advances in Data and Web Management. APWeb WAIM 2007 2007. Lecture Notes in Computer Science, vol 4505. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-72524-4_71
Download citation
DOI: https://doi.org/10.1007/978-3-540-72524-4_71
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-72483-4
Online ISBN: 978-3-540-72524-4
eBook Packages: Computer ScienceComputer Science (R0)