Secure Model Management Operations for the Web

The interoperability among different data formats over the Internet has drawn increasing interest recently due to more and more heterogeneous data models are used in different Web services. In order to ease the manipulation of data models for heterogeneous data, generic model management has been intensively researched and also implemented in a prototype since its first introduction. Access control specifications attached to each individual data model require significant amount of efforts to manually specify. Based on a general security model for access control specifications on heterogeneous data models and its visual representation, we present secure model management operators for managing access control specifications.The secure model management operators disccussed in the paper include a secure match operator and a secure merge operator. We introduce a novel graphical schema matching algorithm and extend the algorithm to make a secure match operator. The paper also discusses secure merge principles for the integration of data models.

[1]  Bhavani Thuraisingham,et al.  Security Constraints in a Multilevel Secure Distributed Database Management System , 1995, IEEE Trans. Knowl. Data Eng..

[2]  Erhard Rahm,et al.  Rondo: a programming platform for generic model management , 2003, SIGMOD '03.

[3]  Sushil Jajodia,et al.  Towards Secure XML Federations , 2002, DBSec.

[4]  Vijayalakshmi Atluri,et al.  An authorization model for geospatial data , 2004, IEEE Transactions on Dependable and Secure Computing.

[5]  Jun Kong,et al.  Model Management Through Graph Transformation , 2004, 2004 IEEE Symposium on Visual Languages - Human Centric Computing.

[6]  Mong-Li Lee,et al.  Access Control of XML Documents in Relational Database Systems , 2001, International Conference on Internet Computing.

[7]  Bradford W. Wade,et al.  An authorization mechanism for a relational database system , 1976, TODS.

[8]  Peng Liu,et al.  A Flexible Framework for Architecting XML Access Control Enforcement Mechanisms , 2004, Secure Data Management.

[9]  Erhard Rahm,et al.  A survey of approaches to automatic schema matching , 2001, The VLDB Journal.

[10]  Ernesto Damiani,et al.  Securing XML Documents , 2000, EDBT.

[11]  C. M. Sperberg-McQueen,et al.  Extensible Markup Language (XML) , 1997, World Wide Web J..

[12]  Csilla FARKAS,et al.  APTA : an Automated Policy Translation Architecture , 2003 .

[13]  Bhavani Thuraisingham,et al.  Security Constraint Processing in a Multilevel Secure Distributed Database Management System , 2004 .

[14]  Ernesto Damiani,et al.  Fine grained access control for SOAP E-services , 2001, WWW '01.

[15]  Erhard Rahm,et al.  Generic Schema Matching with Cupid , 2001, VLDB.

[16]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[17]  Elisa Bertino,et al.  Secure and selective dissemination of XML documents , 2002, TSEC.

[18]  Philip A. Bernstein,et al.  Merging Models Based on Given Correspondences , 2003, VLDB.

[19]  Sabrina De Capitani di Vimercati,et al.  A fine-grained access control system for XML documents , 2002, TSEC.

[20]  Jaehong Park,et al.  The UCONABC usage control model , 2004, TSEC.

[21]  Erhard Rahm,et al.  Similarity flooding: a versatile graph matching algorithm and its application to schema matching , 2002, Proceedings 18th International Conference on Data Engineering.

[22]  Sushil Jajodia,et al.  Toward a multilevel secure relational data model , 1991, SIGMOD '91.

[23]  Philip A. Bernstein,et al.  A vision for management of complex models , 2000, SGMD.

[24]  Jiannong Cao,et al.  Towards access control for visual Web model management , 2005, 2005 IEEE International Conference on e-Technology, e-Commerce and e-Service.

[25]  Jayant Madhavan,et al.  Composing Mappings Among Data Sources , 2003, VLDB.

[26]  Sushil Jajodia,et al.  Flexible support for multiple access control policies , 2001, TODS.

[27]  Fang Chen,et al.  The multilevel relational (MLR) data model , 1998, TSEC.

[28]  Elisa Bertino,et al.  A unified framework for enforcing multiple access control policies , 1997, SIGMOD '97.