Distributed Access Control For XML Document Centric Collaborations

This paper introduces a distributed and fine grained access control mechanism based on encryption for XML document centric collaborative applications. This mechanism also makes it possible to simultaneously protect the confidentiality of a document and to verify its authenticity and integrity, as well to trace its updates. The enforcement of access control is distributed to participants and does not rely on a central authority. Novel aspects of the proposed framework include the adoption of a decentralized key management scheme to support the client-based enforcement of the access control policy. This scheme is driven by the expression of access patterns of interest of the participants over document parts to determine the keys required. A lazy rekeying protocol is also defined to accommodate the delegation of access control decisions that in particular reduces rekeying latency when faced with the addition and removal of participants.

[1]  Gene Tsudik,et al.  Simple and fault-tolerant key agreement for dynamic collaborative groups , 2000, CCS.

[2]  Makoto Murata,et al.  XML access control using static analysis , 2006, TSEC.

[3]  Sabrina De Capitani di Vimercati,et al.  A fine-grained access control system for XML documents , 2002, TSEC.

[4]  Gabriel M. Kuper,et al.  Generalized XML security views , 2005, SACMAT.

[5]  Ernesto Damiani,et al.  Fine grained access control for SOAP E-services , 2001, WWW '01.

[6]  Elisa Bertino,et al.  Merkle Tree Authentication in UDDI Registries , 2004, Int. J. Web Serv. Res..

[7]  Elisa Bertino,et al.  Controlled and cooperative updates of XML documents in byzantine and failure-prone distributed systems , 2006, TSEC.

[8]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[9]  Luc Bouganim,et al.  Dynamic access-control policies on XML encrypted data , 2008, TSEC.

[10]  Yuqing Wu,et al.  ACXESS - Access Control for XML with Enhanced Security Specifications , 2006, 22nd International Conference on Data Engineering (ICDE'06).

[11]  Mohammad Ashiqur Rahaman A distributed access control framework for XML document centric collaborations , 2008 .

[12]  David K. Y. Yau,et al.  Distributed collaborative key agreement protocols for dynamic peer groups , 2002, 10th IEEE International Conference on Network Protocols, 2002. Proceedings..

[13]  Xiaozhou Li,et al.  Batch rekeying for secure group communications , 2001, WWW '01.

[14]  Ralph C. Merkle,et al.  A Certified Digital Signature , 1989, CRYPTO.

[15]  Elisa Bertino,et al.  Secure and selective dissemination of XML documents , 2002, TSEC.

[16]  Dan Suciu,et al.  Controlling Access to Published Data Using Cryptography , 2003, VLDB.

[17]  Elisa Bertino,et al.  Secure Dissemination of XML Content Using Structure-based Routing , 2006, 2006 10th IEEE International Enterprise Distributed Object Computing Conference (EDOC'06).

[18]  Wenfei Fan,et al.  Secure XML querying with security views , 2004, SIGMOD '04.

[19]  Michael Gertz,et al.  Flexible authentication of XML documents , 2001, CCS '01.

[20]  Peng Liu,et al.  A Flexible Framework for Architecting XML Access Control Enforcement Mechanisms , 2004, Secure Data Management.