Abstract
Ensuring the security of electronic data has morphed into one of the most important requirements in domains such as health care, where the eXtensible Markup Language (XML) has been leveraged via standards such as the Health Level 7’s Clinical Document Architecture and the Continuity of Care Record. These standards dictate a need for approaches to secure XML schemas and documents. In this paper, we present a secure information engineering method that is capable of generating eXtensible Access Control Markup Language (XACML) enforcement policies, defined in a role-based access control model (RBAC), that target XML schemas and their instances, allowing instances to be customized for users depending on their roles. To achieve this goal, we extend the Unified Modeling Language (UML) with two new diagrams: the XML Schema Class Diagram, which defines the structure of an XML document in UML style; and, the XML Role-Slice Diagram, which defines roles and associated privileges at a granular access control level. We utilize a personal health assistant mobile application for medication and chronic disease management to demonstrate the enforcement component of our work.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Baumer, D., Earp, J.B., Payton, F.C.: Privacy of medical records: IT implications of HIPAA. In: Tavani, H.T. (ed.) Ethics, Computing, and Genomics, pp. 137–152. Jones and Bartlett, Sudbury (2006)
Bertino, E., Carminati, B., Ferrari, E.: Access control for XML documents and data. Inf. Secur. Techn. Rep. 9, 19–34 (2004)
Bertino, E., Ferrari, E.: Secure and selective dissemination of XML documents. ACM Trans. Inf. Syst. Secur. (TISSEC) 5, 290–331 (2002)
Clark, J.: Xsl Transformations (Xslt). World Wide Web Consortium (W3C). http://www.w3.org/TR/xslt (1999)
Damiani, E., De Capitani di Vimercati, S., Paraboschi, S., et al.: Design and implementation of an access control processor for XML documents. Comput. Netw. 33, 59–75 (2000)
Damiani, E., Fansi, M., Gabillon, A., et al.: A general approach to securely querying XML. Comput. Stan. Interfaces 30, 379–389 (2008)
De la Rosa Algarín, A., Demurjian, S.A.: An approach to facilitate security assurance for information sharing and exchange in big data applications. In: Akhgar, B., Arabnia, H.R. (eds.) Accepted in Emerging Trends in Information and Communication Technologies Security. Elsevier, Amsterdam (2013)
De la Rosa Algarín, A., Demurjian, S.A., Ziminski, T.B., et al.: Securing XML with role-based access control: case study in health care. In: Ruiz Martínez, A., Pereñíguez García, F., Marín López, R. (eds.) Architectures and Protocols for Secure Information Technology, pp. 334–365. IGI Global, Hershey (2013)
De la Rosa Algarín, A., Demurjian, S. A., Berhe, S., et al.: A Security Framework for XML Schemas and Documents for Healthcare, pp. 782–789 (2012)
Dolin, R.H., Alschuler, L., Boyer, S., et al.: HL7 clinical document architecture, release 2. J. Am. Med. Inform. Assoc. 13, 30–39 (2006)
Estrin, D., Sim, I.: Open mHealth architecture: an engine for health care innovation. Science 330, 759–760 (2010). (Washington)
Ferraiolo, D.F., Sandhu, R., Gavrila, S., et al.: Proposed NIST standard for role-based access control. ACM Trans. Inf. Syst. Secur. (TISSEC) 4, 224–274 (2001)
Kuper, G., Massacci, F., Rassadko, N.: Generalized XML security views. In: SACMAT 2005: Proceedings of the 10th ACM Symposium on Access Control Models and Technologies, pp. 77–84. ACM Press, New York (2005)
Leonardi, E., Bhowmick, S., Iwaihara, M.: Efficient database-driven evaluation of security clearance for federated access control of dynamic XML documents. In: Kitagawa, H., Ishikawa, Y., Li, Q., Watanabe, C. (eds.) DASFAA 2010. LNCS, vol. 5981, pp. 299–306. Springer, Heidelberg (2010)
Müldner, T., Leighton, G., Miziołek, J.K.: Parameterized role-based access control policies for XML documents. Inf. Secur. J. A Globa. Persp. 18, 282–296 (2009)
Pavlich-Mariscal, J.A., Michel, L., Demurjian, S.A.: A formal enforcement framework for role-based access control using aspect-oriented programming. In: Briand, L.C., Williams, C. (eds.) MoDELS 2005. LNCS, vol. 3713, pp. 537–552. Springer, Heidelberg (2005)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
De la Rosa Algarín, A., Ziminski, T.B., Demurjian, S.A., Rivera Sánchez, Y.K., Kuykendall, R. (2014). Generating XACML Enforcement Policies for Role-Based Access Control of XML Documents. In: Krempels, KH., Stocker, A. (eds) Web Information Systems and Technologies. WEBIST 2013. Lecture Notes in Business Information Processing, vol 189. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-44300-2_2
Download citation
DOI: https://doi.org/10.1007/978-3-662-44300-2_2
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-44299-9
Online ISBN: 978-3-662-44300-2
eBook Packages: Computer ScienceComputer Science (R0)