Skip to main content
SpringerLink
Log in

Generating XACML Enforcement Policies for Role-Based Access Control of XML Documents

  • Conference paper
  • First Online:
Web Information Systems and Technologies (WEBIST 2013)

Part of the book series: Lecture Notes in Business Information Processing ((LNBIP,volume 189))

Included in the following conference series:

Abstract

Ensuring the security of electronic data has morphed into one of the most important requirements in domains such as health care, where the eXtensible Markup Language (XML) has been leveraged via standards such as the Health Level 7’s Clinical Document Architecture and the Continuity of Care Record. These standards dictate a need for approaches to secure XML schemas and documents. In this paper, we present a secure information engineering method that is capable of generating eXtensible Access Control Markup Language (XACML) enforcement policies, defined in a role-based access control model (RBAC), that target XML schemas and their instances, allowing instances to be customized for users depending on their roles. To achieve this goal, we extend the Unified Modeling Language (UML) with two new diagrams: the XML Schema Class Diagram, which defines the structure of an XML document in UML style; and, the XML Role-Slice Diagram, which defines roles and associated privileges at a granular access control level. We utilize a personal health assistant mobile application for medication and chronic disease management to demonstrate the enforcement component of our work.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Baumer, D., Earp, J.B., Payton, F.C.: Privacy of medical records: IT implications of HIPAA. In: Tavani, H.T. (ed.) Ethics, Computing, and Genomics, pp. 137–152. Jones and Bartlett, Sudbury (2006)

    Google Scholar 

  2. Bertino, E., Carminati, B., Ferrari, E.: Access control for XML documents and data. Inf. Secur. Techn. Rep. 9, 19–34 (2004)

    Article  Google Scholar 

  3. Bertino, E., Ferrari, E.: Secure and selective dissemination of XML documents. ACM Trans. Inf. Syst. Secur. (TISSEC) 5, 290–331 (2002)

    Article  Google Scholar 

  4. Clark, J.: Xsl Transformations (Xslt). World Wide Web Consortium (W3C). http://www.w3.org/TR/xslt (1999)

  5. Damiani, E., De Capitani di Vimercati, S., Paraboschi, S., et al.: Design and implementation of an access control processor for XML documents. Comput. Netw. 33, 59–75 (2000)

    Article  Google Scholar 

  6. Damiani, E., Fansi, M., Gabillon, A., et al.: A general approach to securely querying XML. Comput. Stan. Interfaces 30, 379–389 (2008)

    Article  Google Scholar 

  7. De la Rosa Algarín, A., Demurjian, S.A.: An approach to facilitate security assurance for information sharing and exchange in big data applications. In: Akhgar, B., Arabnia, H.R. (eds.) Accepted in Emerging Trends in Information and Communication Technologies Security. Elsevier, Amsterdam (2013)

    Google Scholar 

  8. De la Rosa Algarín, A., Demurjian, S.A., Ziminski, T.B., et al.: Securing XML with role-based access control: case study in health care. In: Ruiz Martínez, A., Pereñíguez García, F., Marín López, R. (eds.) Architectures and Protocols for Secure Information Technology, pp. 334–365. IGI Global, Hershey (2013)

    Chapter  Google Scholar 

  9. De la Rosa Algarín, A., Demurjian, S. A., Berhe, S., et al.: A Security Framework for XML Schemas and Documents for Healthcare, pp. 782–789 (2012)

    Google Scholar 

  10. Dolin, R.H., Alschuler, L., Boyer, S., et al.: HL7 clinical document architecture, release 2. J. Am. Med. Inform. Assoc. 13, 30–39 (2006)

    Article  Google Scholar 

  11. Estrin, D., Sim, I.: Open mHealth architecture: an engine for health care innovation. Science 330, 759–760 (2010). (Washington)

    Article  Google Scholar 

  12. Ferraiolo, D.F., Sandhu, R., Gavrila, S., et al.: Proposed NIST standard for role-based access control. ACM Trans. Inf. Syst. Secur. (TISSEC) 4, 224–274 (2001)

    Article  Google Scholar 

  13. Kuper, G., Massacci, F., Rassadko, N.: Generalized XML security views. In: SACMAT 2005: Proceedings of the 10th ACM Symposium on Access Control Models and Technologies, pp. 77–84. ACM Press, New York (2005)

    Google Scholar 

  14. Leonardi, E., Bhowmick, S., Iwaihara, M.: Efficient database-driven evaluation of security clearance for federated access control of dynamic XML documents. In: Kitagawa, H., Ishikawa, Y., Li, Q., Watanabe, C. (eds.) DASFAA 2010. LNCS, vol. 5981, pp. 299–306. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  15. Müldner, T., Leighton, G., Miziołek, J.K.: Parameterized role-based access control policies for XML documents. Inf. Secur. J. A Globa. Persp. 18, 282–296 (2009)

    Article  Google Scholar 

  16. Pavlich-Mariscal, J.A., Michel, L., Demurjian, S.A.: A formal enforcement framework for role-based access control using aspect-oriented programming. In: Briand, L.C., Williams, C. (eds.) MoDELS 2005. LNCS, vol. 3713, pp. 537–552. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, University of Connecticut, Storrs, USA

    Alberto De la Rosa Algarín, Timoteus B. Ziminski, Steven A. Demurjian & Yaira K. Rivera Sánchez

  2. Department of Computer Science, Columbia University, New York, USA

    Robert Kuykendall

Authors
  1. Alberto De la Rosa Algarín
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Timoteus B. Ziminski
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Steven A. Demurjian
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Yaira K. Rivera Sánchez
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Robert Kuykendall
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Alberto De la Rosa Algarín .

Editor information

Editors and Affiliations

  1. RWTH Aachen University, Aachen, Germany

    Karl-Heinz Krempels

  2. Virtual Vehicle Research Center, Graz, Austria

    Alexander Stocker

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

De la Rosa Algarín, A., Ziminski, T.B., Demurjian, S.A., Rivera Sánchez, Y.K., Kuykendall, R. (2014). Generating XACML Enforcement Policies for Role-Based Access Control of XML Documents. In: Krempels, KH., Stocker, A. (eds) Web Information Systems and Technologies. WEBIST 2013. Lecture Notes in Business Information Processing, vol 189. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-44300-2_2

Download citation

  • DOI: https://doi.org/10.1007/978-3-662-44300-2_2

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-662-44299-9

  • Online ISBN: 978-3-662-44300-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation