Access Control Policy Languages in XML

Policy specifcation for XML data access control has been difficult since the specification languages usually have complicated semantics and syntax. In this chapter, first we introduce the semantics and syntax of two security policy languages and one policy framework. Then we address several tools for policy modeling and generation which help users in capturing security concerns during the design, and developing the security policies and functions during the implementation.

[1]  Sushil Jajodia,et al.  Flexible support for multiple access control policies , 2001, TODS.

[2]  Alan W. Brown,et al.  Using Service-Oriented Architecture and Component-Based Development to Build Web Service Applications , 2003 .

[3]  Yuichi Nakamura,et al.  Adding Authentication to Model Driven Security , 2006, 2006 IEEE International Conference on Web Services (ICWS'06).

[4]  Stephen Fickas,et al.  Goal-Directed Requirements Acquisition , 1993, Sci. Comput. Program..

[5]  David A. Basin,et al.  SecureUML: A UML-Based Modeling Language for Model-Driven Security , 2002, UML.

[6]  Stephen J. Garland,et al.  Larch: Languages and Tools for Formal Specification , 1993, Texts and Monographs in Computer Science.

[7]  Jan Jürjens,et al.  Towards Development of Secure Systems Using UMLsec , 2001, FASE.

[8]  Lorrie Faith Cranor,et al.  The platform for privacy preferences , 1999, CACM.

[9]  Daniel Jackson,et al.  Alloy: a lightweight object modelling notation , 2002, TSEM.

[10]  Ivar Jacobson,et al.  The unified modeling language reference manual , 2010 .

[11]  J. Michael Spivey,et al.  The Z notation - a reference manual , 1992, Prentice Hall International Series in Computer Science.

[12]  Michiharu Kudo,et al.  XML document security based on provisional authorization , 2000, CCS.

[13]  Sushil Jajodia,et al.  A logical language for expressing authorizations , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).