论文信息 - A Rule-Based XML Access Control Model

A Rule-Based XML Access Control Model

Due to a widely use of XML language in various application domains, a well-established mechanism for the definition and enforcement of security controls on specific accesses to XML documents is demanded, in order to ensure that only authorized entities can perform certain actions on the protected data. The proposed rule-based, declarative approach supports definition of (possibly implicit and complex) authorization rules on particular nodes within a document as well as enforcement of multiple user-defined policies, specifying selected mechanisms to resolve conflicts or to apply default authorization. Moreover, by founded on both RDF and XDD theory, the developed approach yields a simple yet flexible and interchangeable XML access control model with well-defined declarative semantics.

Chutiporn Anutariya | Yahiko Kambayashi | Mizuho Iwaihara | Somchai Chatvichienchai | Vilas Wuwongse

[1] Amir Herzberg,et al. Relying Party Credentials Framework , 2004, Electron. Commer. Res..

[2] Elisa Bertino,et al. On specifying security policies for web documents with an XML-based language , 2001, SACMAT '01.

[3] Dan Brickley,et al. Rdf vocabulary description language 1.0 : Rdf schema , 2004 .

[4] Chutiporn Anutariya,et al. An Equivalent-Tranformation-Based XML Rule Language , 2002, RuleML.

[5] Michiharu Kudo,et al. XML document security based on provisional authorization , 2000, CCS.

[6] Chutiporn Anutariya,et al. A Data Model for XML Databases , 2001, Journal of Intelligent Information Systems.

[7] Elisa Bertino,et al. A unified framework for enforcing multiple access control policies , 1997, SIGMOD '97.

[8] Sabrina De Capitani di Vimercati,et al. A fine-grained access control system for XML documents , 2002, TSEC.

[9] Elisa Bertino,et al. Specifying and enforcing access control policies for XML document sources , 2004, World Wide Web.

[10] Chutiporn Anutariya,et al. XML Declarative Description: A Language for the Semantic Web , 2001, IEEE Intell. Syst..

[11] Amir Herzberg,et al. Access control meets public key infrastructure, or: assigning roles to strangers , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.