skip to main content
10.1145/1229285.1229336acmconferencesArticle/Chapter ViewAbstractPublication Pagesasia-ccsConference Proceedingsconference-collections
Article

History-based access control for XML documents

Published: 20 March 2007 Publication History

Abstract

XML is a widely used standard for information storage and exchange in today's IT systems. Therefore, it is essential to protect XML documents from unauthorized access. For this purpose, we present a model for access control for XML documents with three key features. First, we record the effects of the operations on the documents in a history, depending on which we can grant or deny access. Second, we use the history information to define permissions for the operations of our model including the transfer of document parts. Third, since the text content of an element can be composed of parts of text from different sources, we consider units smaller than the XML element as a protection unit. Therefore, we keep track of these parts and allow to define access to them individually.

References

[1]
D. Bell and L. LaPadula. Secure Computer Systems: Mathematical Foundations and Model. Technical Report M74-244, The MITRE Corp., Bedfort, 1973.]]
[2]
E. Bertino and E. Ferrari. Secure and Selective Dissemination of XML Documents. ACM Transactions on Information and System Security, 5(3):290--331, 2002.]]
[3]
F. D. Brewer and J. M. Nash. The Chinese Wall Security Policy. In IEEE Symposium on Security and Privacy. IEEE Computer Society Press, 1989.]]
[4]
J. Clark and S. DeRose. XML path language (XPath) version 1.0. W3C recommendation, W3C, Nov. 1999. http://www.w3.org/TR/1999/REC-xpath-19991116.]]
[5]
E. Damiani, S. D. Capitani, S. Paraboschi, and P. Samarati. Securing XML Documents. In EDBT, March 2000.]]
[6]
E. Damiani, S. D. C. di Vimercati, S. Paraboschi, and P. Samarati. A Fine-Grained Access Control System for XML Documents. In TISSEC, volume 5, pages 169--202, May 2002.]]
[7]
I. Fundulaki and M. Marx. Specifying Access Control Policies for XML Documents with XPath. In SACMAT '04: Proceedings of the ninth ACM symposium on Access control models and technologies, pages 61--69, New York, NY, USA, 2004. ACM Press.]]
[8]
L. A. Gordon, M. P. Loeb, W. Lucyshyn, and R. Richardson. 2005 CSI/FBI Computer Crime and Security Survey. Technical report, CSI, 2005.]]
[9]
R. S. Sandhu, E. J. Coyne, H. L. Feinstein, and C. E. Youman. Role-Based Access Control Models. IEEE Computer, 29(2):38--47, 1996.]]

Cited By

View all
  • (2021)Access Control ModelsCybernetics and Information Technologies10.2478/cait-2021-004421:4(77-104)Online publication date: 1-Dec-2021
  • (2019)Access Control Architecture for Smart City IoT Platform2019 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE)10.1109/TrustCom/BigDataSE.2019.00102(717-722)Online publication date: Aug-2019
  • (2012)Flexible access control framework for MARC recordsThe Electronic Library10.1108/0264047121127568430:5(623-652)Online publication date: 28-Sep-2012
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
ASIACCS '07: Proceedings of the 2nd ACM symposium on Information, computer and communications security
March 2007
323 pages
ISBN:1595935746
DOI:10.1145/1229285
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 20 March 2007

Permissions

Request permissions for this article.

Check for updates

Qualifiers

  • Article

Conference

Asia CCS07
Sponsor:

Acceptance Rates

ASIACCS '07 Paper Acceptance Rate 33 of 180 submissions, 18%;
Overall Acceptance Rate 418 of 2,322 submissions, 18%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)4
  • Downloads (Last 6 weeks)1
Reflects downloads up to 20 Jan 2025

Other Metrics

Citations

Cited By

View all
  • (2021)Access Control ModelsCybernetics and Information Technologies10.2478/cait-2021-004421:4(77-104)Online publication date: 1-Dec-2021
  • (2019)Access Control Architecture for Smart City IoT Platform2019 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE)10.1109/TrustCom/BigDataSE.2019.00102(717-722)Online publication date: Aug-2019
  • (2012)Flexible access control framework for MARC recordsThe Electronic Library10.1108/0264047121127568430:5(623-652)Online publication date: 28-Sep-2012
  • (2010)Privacy-aware access control in XML databasesProceedings of the Twenty-First Australasian Conference on Database Technologies - Volume 10410.5555/1862242.1862255(85-92)Online publication date: 1-Jan-2010
  • (2007)A system architecture for history-based access control for XML documentsProceedings of the 9th international conference on Information and communications security10.5555/1785001.1785038(362-374)Online publication date: 12-Dec-2007
  • (2007)On flexible modeling of history-based access control policies for XML documentsProceedings of the 11th international conference, KES 2007 and XVII Italian workshop on neural networks conference on Knowledge-based intelligent information and engineering systems: Part III10.5555/1771230.1771383(1090-1097)Online publication date: 12-Sep-2007

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media