SUCCINCT ACCESS CONTROL POLICIES FOR PUBLISHED XML DATASETS

Tomasz Müldner, Jan Krzysztof Miziołek, Gregory Leighton

2008

Abstract

We consider the setting of secure publishing of XML documents, in which read-only access control policies (ACPs) over static XML datasets are enforced using cryptographic keys. The role-based access control (RBAC) model provides a flexible method for specifying such policies. Extending the RBAC model to include role parameterization addresses the problem of role proliferation which can occur in large scale systems. In this paper, we describe the complete design of a parameterized RBAC (PRBAC) model for XML documents. We also describe algorithms for generating the minimum number of keys required to enforce an arbitrary PRBAC policy; for distributing to each user only keys needed for decrypting accessible nodes; and for applying the minimal number of encryption operations to an XML document required to satisfy the protection requirements of the policy. The time complexity of our approach is linear w.r.t. document size and the number of roles.

References

  1. Bertino, E., Ferrari, E. Secure and Selective Dissemination of XML Documents. ACM Transactions on Information and System Security (TISSEC), 5(3):290-331, (2002).
  2. Bertino, E., Carminati, B., Ferrari, E., Thuraisingham, B., and Gupta A. Selective and Authentic Third-Party Distribution of XML Documents. IEEE Transactions on Knowledge and Data Engineering (TKDE), 16(10):1263-1278, (2004).
  3. Damiani, E., De Capitani di Vimercati, S., Paraboschi, S. and Samarati, P. A Fine-grained Access Control System for XML Documents. ACM Transactions on Information and System Security, 5(2): 169-202, (2002).
  4. Devanbu, P., Gertz, M., Kwong, A., Martel, C., Nuckolls, G. and S.G. Stubblebine. Flexible Authentication of XML documents. In Proc. of the 8th ACM Conf. on Computer and Communications Security, ACM Press, (2001).
  5. Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.S. and Chandramouli, R. Proposed NIST Standard for RoleBased Access Control. ACM Transactions on Information and System Security, Vol. 4, No. 3, (2001), 224-274.
  6. Fundulaki, I. and Marx, M. Specifying access control policies for XML documents. Proceedings of the ninth ACM symposium on Access control models and technologies (2004) 61 - 69.
  7. Ge, M. and Osborn., S.L. A Design for Parameterized Roles. DBSec (2004), 251-264.
  8. Miklau, G. and Suciu, D. Controlling Access to Published Data Using Cryptography, In Proc. of the 29th VLDB Conference, Berlin, Germany, (2003).
  9. Müldner, T., Leighton, G. and Miziolek, J.K. Using MultiEncryption to Provide Secure and Controlled Access to XML Documents. Extreme Markup Languages 2006, (2006), Montreal, Canada.
  10. Osborn, S., Sandhu, R., Munawer, Q. Configuring RoleBased Access Control to Enforce Mandatory and Discretionary Access Control Policies. ACM Trans. on Information and System Security, 3:2, (2000), 85-106.
  11. Wang, J. and Osborn, AS. A role-based approach to access control for XML databases. Proceedings of the ninth ACM symposium on Access control models and technologies Yorktown Heights, US (2004): 70 - 77.
  12. W3C XML Encryption http://w3.org/Encryption/2001.
  13. XML Path Language. http://www.w3.org/TR/xpath.
  14. XML Schema http://www.w3.org/TR/xmlschema-0/
Download


Paper Citation


in Harvard Style

Müldner T., Krzysztof Miziołek J. and Leighton G. (2008). SUCCINCT ACCESS CONTROL POLICIES FOR PUBLISHED XML DATASETS . In Proceedings of the Tenth International Conference on Enterprise Information Systems - Volume 1: ICEIS, ISBN 978-989-8111-36-4, pages 380-385. DOI: 10.5220/0001726103800385


in Bibtex Style

@conference{iceis08,
author={Tomasz Müldner and Jan Krzysztof Miziołek and Gregory Leighton},
title={SUCCINCT ACCESS CONTROL POLICIES FOR PUBLISHED XML DATASETS},
booktitle={Proceedings of the Tenth International Conference on Enterprise Information Systems - Volume 1: ICEIS,},
year={2008},
pages={380-385},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0001726103800385},
isbn={978-989-8111-36-4},
}


in EndNote Style

TY - CONF
JO - Proceedings of the Tenth International Conference on Enterprise Information Systems - Volume 1: ICEIS,
TI - SUCCINCT ACCESS CONTROL POLICIES FOR PUBLISHED XML DATASETS
SN - 978-989-8111-36-4
AU - Müldner T.
AU - Krzysztof Miziołek J.
AU - Leighton G.
PY - 2008
SP - 380
EP - 385
DO - 10.5220/0001726103800385