Access Control Method with XML Databases

XML documents usually contain private information that cannot be shared by every user communities. It is widely used in web environment. XML database is becoming increasingly important since it consists of XML documents. Several applications for supporting selective access to data are available over the web. Usage control has been considered as the next generation access control model with distinguishing properties of decision continuity. It has been proven efficient to improve security administration with flexible authorization management. Object-oriented database systems represent complex data structure and XML databases may be stored in the objects-oriented database system. Therefore authorization models for XML databases could be used the same the models as object-oriented databases. In this paper, we propose usage control models to access XML databases and compare with an authorization model designed for object-oriented databases. We have analysed the characteristics of various access authorizations and presented detailed models for different kinds of authorizations. Finally, comparisons with related works are analysed.

[1]  Jaehong Park,et al.  Usage Control: A Vision for Next Generation Access Control , 2003, MMM-ACNS.

[2]  Elisa Bertino,et al.  Controlled access and dissemination of XML documents , 1999, WIDM '99.

[3]  Jaehong Park,et al.  Schema Based XML Security: RBAC Approach , 2003, DBSec.

[4]  Lili Sun,et al.  DTD level authorization in XML documents with usage control , 2006 .

[5]  Elissar Toufaily,et al.  The Adoption of "E-Banking" by Lebanese Banks: Success and Critical Factors , 2009, Int. J. E Serv. Mob. Appl..

[6]  Ting Yu,et al.  XML Access Control , 2009, Encyclopedia of Database Systems.

[7]  Jaehong Park,et al.  Towards usage control models: beyond traditional access control , 2002, SACMAT '02.

[8]  Sabrina De Capitani di Vimercati,et al.  A fine-grained access control system for XML documents , 2002, TSEC.

[9]  Gabriel M. Kuper,et al.  Generalized XML security views , 2005, SACMAT.

[10]  Gottfried Vossen,et al.  Identification, Specification, and Development of Web-Oriented Architectures , 2012, Int. J. Inf. Syst. Serv. Sect..

[11]  Yanchun Zhang,et al.  Ubiquitous computing environments and its usage access control , 2006, InfoScale '06.

[12]  Ernesto Damiani,et al.  Controlling Access to XML Documents , 2001, IEEE Internet Comput..

[13]  E. Bertino Protecting XML documents , 2000, Proceedings 24th Annual International Computer Software and Applications Conference. COMPSAC2000.

[14]  Sylvia L. Osborn,et al.  A role-based approach to access control for XML databases , 2004, SACMAT '04.

[15]  Elisa Bertino,et al.  A model of authorization for next-generation database systems , 1991, TODS.

[16]  Michiharu Kudo,et al.  XML document security based on provisional authorization , 2000, CCS.

[17]  Kian-Lee Tan,et al.  A Scalable XML Access Control System , 2001, WWW Posters.

[18]  Alban Gabillon An authorization model for XML databases , 2004, SWS '04.

[19]  Jaehong Park,et al.  Security architectures for controlled digital information dissemination , 2000, Proceedings 16th Annual Computer Security Applications Conference (ACSAC'00).

[20]  Valeria Cardellini,et al.  Performance and Dependability in Service Computing : Concepts , Techniques and Research Directions , 2022 .

[21]  Nicole B. Koppel,et al.  InformatIon SyStemS In the ServIce Sector , 2010 .

[22]  Elisa Bertino,et al.  Secure and selective dissemination of XML documents , 2002, TSEC.

[23]  Ernesto Damiani,et al.  Towards securing XML Web services , 2002, XMLSEC '02.

[24]  Jinli Cao,et al.  Towards Secure XML Document with Usage Control , 2005, APWeb.