Two-Stage Access Control Model for XML Security (original) (raw)

Abstract

As large corporations and organizations increasingly exploit the Internet as a means of improving business-transaction efficiency and productivity, it is increasingly common to find operational data and other business information in XML format. Access control for XML database is non-trivial subjects. A number of recent research efforts have considered access control models for XML data[1 − 5]. Our first contribution is a novel model for specifying XML security access control. Given an XML document accompanied by a document DTD, we allow a two-stage access control policies to pledge to security access XML document at file-level and element-level respectively. On the element-level access control, our approach for these access control policies is based on the novel notion of hide-node views. While the hide-node view DTD is exposed to authorized users, neither the internal XPath annotations nor the full document DTD is visible. Authorized users can only operate data over the hide-node view, making use of the exposed view DTD to access data. Our hide-node view mechanism guarantees that unauthorized user cannot access sensitive data and protects the schema information from access by unauthorized users. We think that the schema information also is sensitive data and should be protected from gain through the data accessing.

Similar content being viewed by others

References

1. Damiani, E., di Vimercati, S., Paraboschi, S., Samarati, P.: A Fine-Grained Access Control System for XML documents. TISSEC 5(2), 169–202 (2002)
   Article Google Scholar
2. Hada, S., Kudo, M.: XML access control language: Provisional authorization for XML documents, http://www.trl.ibm.com/projects/xml/xacl/xacl-spec.html
3. Oasis. eXtensible Access Control Markup Language (XACML), http://www.oasis-open.org/committees/xcaml
4. Li, L., He, Y.Z., Feng, D.G.: A Fine-Grained Mandatory Access Control Model for XML Documents. Journal of software 15(10), 1528–1537 (2004)
   MATH Google Scholar
5. Sandhu, R., Coyne, E.J., Feinstein, H.L.: Role Based Access Control Models. IEEE Computer 29(2), 38–47 (1996)
   Google Scholar

Download references

Author information

Authors and Affiliations

1. College of Computer Science and Technology, HARBIN Engineering University, HARBIN, Heilongjiang Province, China
   Wei Sun, Da-xin Liu & Tong Wang

Authors

1. Wei Sun
2. Da-xin Liu
3. Tong Wang

Editor information

Editors and Affiliations

1. Virginia Tech, 24061, Blacksburg, VA
   Edward A. Fox
2. University of Vienna, Vienna, Austria
   Erich J. Neuhold
3. Department of Library Science, Chulalongkorn University, 10330, Bangkok, Thailand
   Pimrumpai Premsmit
4. School of Engineering and Technology, Asian Institute of Technology, P.O. Box 4, 12120, Klong Luang, Pathum Thani, Thailand
   Vilas Wuwongse

Rights and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Sun, W., Liu, Dx., Wang, T. (2005). Two-Stage Access Control Model for XML Security. In: Fox, E.A., Neuhold, E.J., Premsmit, P., Wuwongse, V. (eds) Digital Libraries: Implementing Strategies and Sharing Experiences. ICADL 2005. Lecture Notes in Computer Science, vol 3815. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11599517\_64

Download citation

• .RIS
• .ENW
• .BIB
• DOI: https://doi.org/10.1007/11599517\_64
• Publisher Name: Springer, Berlin, Heidelberg
• Print ISBN: 978-3-540-30850-8
• Online ISBN: 978-3-540-32291-7
• eBook Packages: Computer ScienceComputer Science (R0)Springer Nature Proceedings Computer Science

Publish with us