INTER-NODE RELATIONSHIP LABELING: A FINE-GRAINED XML ACCESS CONTROL IMPLEMENTATION USING GENERIC SECURITY LABELS

Zheng Zhang, Walid Rjaibi

Abstract

Most work on XML access control considers XML nodes as the smallest protection unit. This paper shows the limitation of this approach and introduces an XML access control mechanism that protects inter-node relationships. Our approach provides a finer granularity of access control than the node-based approaches(i.e., more expressive). Moreover, our approach helps achieve the “need-to-know” security principle and the “choice” privacy principle. This paper also shows how our approach can be implemented using a generic label infrastructure and suggests algorithms to create/check a secure set of labeled relationships in an XML document.

References

  1. Bertino, E., Castano, S., and Ferrari, E. (2001). On specifying security policies for web documents with an xmlbased language. In SACMAT, pages 57-65.
  2. Bertino, E. and Ferrari, E. (2002). Secure and selective dissemination of xml documents. ACM Trans. Inf. Syst. Secur., 5(3):290-331.
  3. Bhatti, R., Bertino, E., Ghafoor, A., and Joshi, J. (2004). Xml-based specification for web services document security. In IEEE Computer, volume 4 of 37, pages 41-49.
  4. Clark, J. and DeRose, S. (1999). Language (XPath) version 1.0. http://www.w3.org/TR/xpath.
  5. Damiani, E., de C. di Vimercati, S., Paraboschi, S., and Samarati, P. (2002). A fine-grained access control system for xml documents. ACM Trans. Inf. Syst. Secur., 5(2):169-202.
  6. Fan, W. F., Chan, C. Y., and Garofalakis, M. N. (2004). Secure xml querying with security views. In SIGMOD, pages 587-598.
  7. Finance, B., Medjdoub, S., and Pucheral, P. (2005). The case for access control on xml relationships. Technical report, INRIA. Available from http://wwwsmis.inria.fr/dataFiles/FMP05a.pdf.
  8. Fundulaki, I. and Marx, M. (2004). Specifying access control policies for xml documents with xpath. In SACMAT, pages 61-69.
  9. Gabillon, A. and Bruno, E. (2001). Regulating access to xml documents. In Working Conference on Database and Application Security, pages 311-328.
  10. IBM (2001). Xml access control. http://xml.coverpages.org /xacl.html.
  11. Kanza, Y., Mendelzon, A., Miller, R., and Zhang, Z. (2006). Authorization-transparent access control for xml under the non-truman model. In EDBT, pages 222-239.
  12. Miklau, G. and Suciu, D. (2003). Controlling access to published data using cryptography. In VLDB, pages 898- 909.
  13. Motro, A. (1989). An access authorization model for relational databases based on algebraic manipulation of view definitions. In ICDE, pages 339-347.
  14. Murata, M., Tozawa, A., Kudo, M., and Hada, S. (2003). Xml access control using static analysis. In CCS, pages 73-84. ACM Press.
  15. Oasis. (2005). Oasis exensible access control markup language (xacml 2.0). http://www.oasis-open.org/ committees/xacml.
  16. Rizvi, S., Mendelzon, A., Sudarshan, S., and Roy, P. (2004). Extending query rewriting techniques for fine-grained access control. In SIGMOD, pages 551-562.
  17. Rjaibi, W. and Bird, P. (2004). A multi-purpose implementation of mandatory access control in relational database management systems. In VLDB, pages 1010-1020.
  18. Wang, J. Z. and Osborn, S. L. (2004). A role-based approach to access control for xml databases. In SACMAT, pages 70-77.
Download


Paper Citation


in Harvard Style

Zhang Z. and Rjaibi W. (2006). INTER-NODE RELATIONSHIP LABELING: A FINE-GRAINED XML ACCESS CONTROL IMPLEMENTATION USING GENERIC SECURITY LABELS . In Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2006) ISBN 978-972-8865-63-4, pages 371-378. DOI: 10.5220/0002104803710378


in Bibtex Style

@conference{secrypt06,
author={Zheng Zhang and Walid Rjaibi},
title={INTER-NODE RELATIONSHIP LABELING: A FINE-GRAINED XML ACCESS CONTROL IMPLEMENTATION USING GENERIC SECURITY LABELS},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2006)},
year={2006},
pages={371-378},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002104803710378},
isbn={978-972-8865-63-4},
}


in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2006)
TI - INTER-NODE RELATIONSHIP LABELING: A FINE-GRAINED XML ACCESS CONTROL IMPLEMENTATION USING GENERIC SECURITY LABELS
SN - 978-972-8865-63-4
AU - Zhang Z.
AU - Rjaibi W.
PY - 2006
SP - 371
EP - 378
DO - 10.5220/0002104803710378