Towards Secure XML Document with Usage Control

XML promoted by the World Wide Web Consortium (W3C) is a de facto standard language for document representation and exchange on the Internet. XML documents may contain private information that cannot be shared by all user communities. Several approaches are designed to protect information in a website. However, these approaches typically are used at file system level, rather than for the data in XML documents that have to be protected from unauthorized access. Usage control has been considered as the next generation access control model with distinguishing properties of decision continuity. In this paper, we present a usage control model to protect information distributed on the web, which allows the access restrictions directly on structures and documents. The model not only supports complex constraints for XML components, such as elements, attributes and datatypes but also provides a mechanism to build rich reuse relationships between models and documents. Finally, comparisons with related works are analysed.

[1]  Ernesto Damiani,et al.  Securing XML Documents , 2000, EDBT.

[2]  Elisa Bertino,et al.  Securing XML documents: the author-X project demonstration , 2001, SIGMOD '01.

[3]  Ernesto Damiani,et al.  Fine grained access control for SOAP E-services , 2001, WWW '01.

[4]  C. M. Sperberg-McQueen,et al.  Extensible Markup Language (XML) , 1997, World Wide Web J..

[5]  Alan O. Freier,et al.  The SSL Protocol Version 3.0 , 1996 .

[6]  Ernesto Damiani,et al.  Towards securing XML Web services , 2002, XMLSEC '02.

[7]  E. F. Michiels,et al.  ISO/IEC 10181-4:1995 Information technology Open Systems Interconnection Security frameworks for open systems: Non-repudiation framework , 1996 .

[8]  Li Qin,et al.  Concept-level access control for the Semantic Web , 2003, XMLSEC '03.

[9]  Elisa Bertino,et al.  Controlled access and dissemination of XML documents , 1999, WIDM '99.

[10]  Roy T. Fielding,et al.  Hypertext Transfer Protocol - HTTP/1.1 , 1997, RFC.

[11]  Marcelo Arenas,et al.  A normal form for XML documents , 2004, TODS.

[12]  D. Box,et al.  Simple object access protocol (SOAP) 1.1 , 2000 .

[13]  Jaehong Park,et al.  Towards usage control models: beyond traditional access control , 2002, SACMAT '02.

[14]  Paul F. Syverson,et al.  Onion routing , 1999, CACM.

[15]  Peter C. Lockemann,et al.  Advances in Database Technology — EDBT 2000 , 2000, Lecture Notes in Computer Science.

[16]  Elisa Bertino,et al.  Specifying and enforcing access control policies for XML document sources , 2004, World Wide Web.

[17]  Elisa Bertino,et al.  A unified framework for enforcing multiple access control policies , 1997, SIGMOD '97.

[18]  Paul Syverson,et al.  Onion Routing for Anonymous and Private Internet Connections , 1999 .

[19]  Elisa Bertino,et al.  Secure and selective dissemination of XML documents , 2002, TSEC.

[20]  W. Ford,et al.  Secure Electronic Commerce: Building the Infrastructure for Digital Signatures and Encryption , 2000 .

[21]  Yanchun Zhang,et al.  Formal Authorisation Allocation Approaches for Permission-role Assignment Using Relational Algebra Operations , 2003, ADC.

[22]  Michiharu Kudo,et al.  XML document security based on provisional authorization , 2000, CCS.

[23]  Warwick Ford,et al.  Secure electronic commerce , 1997 .

[24]  Sabrina De Capitani di Vimercati,et al.  An authorization model for temporal XML documents , 2002, SAC '02.

[25]  Yanchun Zhang,et al.  Achieving secure and flexible M-services through tickets , 2003, IEEE Trans. Syst. Man Cybern. Part A.

[26]  Jaehong Park,et al.  Schema Based XML Security: RBAC Approach , 2003, DBSec.