Observation-Based Fine Grained Access Control for XML Documents

The eXtensible Markup Language (XML) is recognized as a simple and universal standard for storing and exchanging information on the web. The risk of unauthorized leakage of this information mandates the use of access control at various levels of granularity. In this paper, we extend to the context of XML documents the notion of Observation-based Fine Grained Access Control (OFGAC) which was originally designed for the relational databases. In this setting, data are made accessible at various levels of abstractions depending on their sensitivity level. Therefore, unauthorized users are not able to infer the exact content of an attribute or element containing partial sensitive information, while they are allowed to get a relaxed view of it, according to their access rights, represented by a specific property.

[1]  Elisa Bertino,et al.  A flexible authorization mechanism for relational data management systems , 1999, TOIS.

[2]  Sotiris Ioannidis,et al.  Controlling Access to XML Documents over XML Native and Relational Databases , 2009, Secure Data Management.

[3]  Bradford W. Wade,et al.  An authorization mechanism for a relational database system , 1976, TODS.

[4]  Peng Liu,et al.  Supporting XML Security Models Using Relational Databases: A Vision , 2003, Xsym.

[5]  Agostino Cortesi,et al.  Observation-based Fine Grained Access Control for Relational Databases , 2010, ICSOFT.

[6]  Elisa Bertino,et al.  A unified framework for enforcing multiple access control policies , 1997, SIGMOD '97.

[7]  Elisa Bertino,et al.  Secure and selective dissemination of XML documents , 2002, TSEC.

[8]  Peng Liu,et al.  QFilter: fine-grained run-time XML access control via NFA-based query rewriting , 2004, CIKM '04.

[9]  Makoto Murata,et al.  XML access control using static analysis , 2006, TSEC.

[10]  Dan Suciu,et al.  Database and XML Technologies , 2004, Lecture Notes in Computer Science.

[11]  Ernesto Damiani,et al.  Design and implementation of an access control processor for XML documents , 2000, Comput. Networks.

[12]  Lu Chang Client-Based Access Control Management for XML Documents , 2006 .

[13]  BertinoElisa,et al.  A flexible authorization mechanism for relational data management systems , 1999 .

[14]  Mong-Li Lee,et al.  Access Control of XML Documents in Relational Database Systems , 2001, International Conference on Internet Computing.

[15]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[16]  Sabrina De Capitani di Vimercati,et al.  A fine-grained access control system for XML documents , 2002, TSEC.