Access Control Policy Models for XML

Security concerns have been rapidly increasing because of repeated security incidents such as unexpected personal information leakage. Since XML [38] has been playing an important role in IT systems and applications, a big surge of requirements for legislative compliance is driving enterprises to protect their XML data for secure data management as well as privacy protection, and the access control mechanism is a central control point. In this chapter, we are concerned with fine-grained (element- and attribute-level) access control for XML database systems, rather than with document-level access control. We use the term XML access control to address such fine-grained access control. The XML access control deals with XML data and access control policies as well as schema definitions, e.g. XML Schema [40], and queries, e.g. XQuery [36]. The scope of XML access control is not limited to a specific application but covers broader areas that involve XML-based transactional systems such as e-commerce applications (Commerce XML [7] etc.), medical and health record applications (HL7 [16] etc.), and newspaper article distribution and applications (NewsML [17] etc.).

[1]  Ernesto Damiani,et al.  Securing XML Documents , 2000, EDBT.

[2]  Michael J. Franklin,et al.  Efficient Filtering of XML Documents for Selective Dissemination of Information , 2000, VLDB.

[3]  Alban Gabillon,et al.  Regulating Access to XML documents , 2001, DBSec.

[4]  Scott Boag,et al.  XQuery 1.0 : An XML Query Language , 2007 .

[5]  Michiharu Kudo,et al.  Access-Condition-Table-Driven Access Control for XML Databases , 2004, ESORICS.

[6]  Satoshi Hada,et al.  XML Access Control Language : Provisional Authorization for XML Documents , 2000 .

[7]  Elisa Bertino,et al.  Controlled access and dissemination of XML documents , 1999, WIDM '99.

[8]  Richard J. Lipton,et al.  A Linear time algorithm for deciding security , 1976, 17th Annual Symposium on Foundations of Computer Science (sfcs 1976).

[9]  Christian Geuer-Pollmann XML pool encryption , 2002, XMLSEC '02.

[10]  Steven J. DeRose,et al.  Xml linking language (xlink), version 1. 0 , 2000, WWW 2000.

[11]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[12]  Jeffrey F. Naughton,et al.  Covering indexes for branching path queries , 2002, SIGMOD '02.

[13]  Thomas Schwentick,et al.  XPath Containment in the Presence of Disjunction, DTDs, and Variables , 2003, ICDT.

[14]  Lawrence Snyder,et al.  The transfer of information and authority in a protection system , 1979, SOSP '79.

[15]  Steven J. DeRose,et al.  XML Path Language (XPath) Version 1.0 , 1999 .

[16]  E. F. Michiels,et al.  ISO/IEC 10181-4:1995 Information technology Open Systems Interconnection Security frameworks for open systems: Non-repudiation framework , 1996 .

[17]  Wenfei Fan,et al.  On XML integrity constraints in the presence of DTDs , 2001, JACM.

[18]  Masatoshi Yoshikawa,et al.  An XML indexing structure with relative region coordinate , 2001, Proceedings 17th International Conference on Data Engineering.

[19]  Jussi Myllymaki,et al.  A function-based access control model for XML databases , 2005, CIKM '05.

[20]  Michiharu Kudo PBAC: Provision-based access control model , 2002, International Journal of Information Security.

[21]  Michiharu Kudo,et al.  XML Access Control with Policy Matching Tree , 2005, ESORICS.

[22]  Laks V. S. Lakshmanan,et al.  Compressed Accessibility Map: Efficient Access Control for XML , 2002, VLDB.

[23]  Dan Suciu,et al.  Optimizing regular path expressions using graph schemas , 1998, Proceedings 14th International Conference on Data Engineering.

[24]  Quanzhong Li,et al.  Indexing and Querying XML Data for Regular Path Expressions , 2001, VLDB.

[25]  Li Gong,et al.  A secure identity-based capability system , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.

[26]  Laks V. S. Lakshmanan,et al.  Optimizing the Secure Evaluation of Twig Queries , 2002, VLDB.

[27]  C. M. Sperberg-McQueen,et al.  Extensible Markup Language (XML) , 1997, World Wide Web J..

[28]  Michiharu Kudo,et al.  XML document security based on provisional authorization , 2000, CCS.

[29]  Luc Bouganim,et al.  Client-Based Access Control Management for XML documents , 2004, VLDB.