Secure publishing using schema-level role-based access control policies for fragments of XML documents

Balisage Series on Markup Technologies

Volumn 1, Issue , 2008, Pages

  Müldner, Tomasz ^a   McNeill, Robin ^a   Miziołek, Jan Krzysztof ^b  

^a ACADIA UNIVERSITY   (Canada)

^b UNIVERSITY OF WARSAW   (Poland)

Author keywords

[No Author keywords available]

Indexed keywords

EID: 84870549558     PISSN: 19472609     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.4242/BalisageVol1.Muldner01     Document Type: Conference Paper

References (24)

1. Baldonado, M., Bertino, E. and Ferrari, E. Secure and Selective Dissemination of XML Documents. ACM Transactions on Information and System Security (TISSEC), 5(3):290-331, (2002). doi:10.1145/545186.545190.
2. Bertino, E., Carminati, B., Ferrari, E., Thuraisingham B. and A. Gupta. Selective and Authentic Third-Party Distribution of XML Documents. IEEE Transactions on Knowledge and Data Engineering (TKDE), 16(10), 2004, pp. 1263-1278. doi:10.1109/TKDE.2004.63.
3. Bertino, E., Carminati, B. and Ferrari, E. A temporal key management scheme for secure broadcasting of XML documents. Conference on Computer and Comm. Security. Proc. of the 9th ACM conference on Computer and communications security (2002): 31-40. doi:10.1145/586110.586116.
4. Bertino, E., Carminati, B. and Ferrari, E. Securing XML Documents with Author-X. IEEE Internet Computing Volume 5, Issue 3 (2001): 21-31. doi:10.1109/4236.935172.
5. Crampton, J. Applying hierarchical and role-based access control to XML documents. Proc. of the 2004 workshop on Secure web service (2004): 37-46. doi:10.1145/1111348.1111353.
6. Damiani, E. De Capitani di Vimercati, S.D.C. and Samarati, P. New paradigms for access control in open environments. Signal Processing and Information Technology, Proc. of the Fifth IEEE International Symposium (2005): 540-545. doi:10.1109/ISSPIT.2005.1577155.
7. Damiani, E., De Capitani di Vimercati, S., Paraboschi, S. and Samarati, P. A Fine-grained Access Control System for XML Documents. ACM Transactions on Information and System Security,5(2): 169-202,(2002). doi:10.1145/505586.505590.
8. De Capitani di Vimercati, S., Paraboschi, S. and Samarati, P. Access control: principles and solutions. Software Practice and Experience, Vol, 33, Issue 5 (April 2003): 397-421. John Wiley and Sons, Inc. doi:10.1002/spe.513.
9. Devanbu, P., Gertz, M., Kwong, A., Martel, C., Nuckolls, G. and S.G. Stubblebine. Flexible Authentication of XML documents. In Proc. of the 8th ACM Conference on Computer and Communications Security, ACM Press, (2001). doi:10.1145/501983.502003.
10. Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.S. and Chandramouli, R. Proposed NIST Standard for Role-Based Access Control. ACM Trans. on Information and System Security, 4 (3), (2001), 224-274. doi:10.1145/501978.501980.
11. Fundulaki, I. and Marx, M. Specifying access control policies for XML documents. Proceedings of the ninth ACM symposium on Access control models and technologies (2004) 61-69. doi:10.1145/990036.990046.
12. Goel, S K., Clinton, C. and Rosenthal, A. Derived access control specification for XML. Proc. of the 2003 ACM workshop on XML security (2003): 1-14. doi:10.1145/968559.968561.
13. Kudo, M. and Hada S. XML document security based on provisional authorization. Proc. of the 7th ACM conference on Computer and communications security (2000): 87-96. doi:10.1145/352600.352613.
14. Kuper, G., Massaci, F. and Rassadko, N. Generalized XML security views. Proc. of the tenth ACM symposium on Access control models and technologies. (2005):77-84. doi:10.1145/1063979.1063994.
15. Miklau, G. and Suciu, D. Controlling Access to Published Data Using Cryptography, In Proc. of the 29th VLDB Conference, Berlin, Germany, (2003).
16. Müldner, T., Leighton, G. and Miziolek, J.K. Using Multi-Encryption to Provide Secure and Controlled Access to XML Documents. Extreme Markup Languages 2006, (2006), Montreal, Canada.
17. Müldner, T., Leighton, G. and Miziolek, J.K. Succinct Access Control Policies for Published XML Datasets. 10th International Conference on Enterprise Information Systems. 12-16, June 2008, Barcelona, Spain.
18. Ramaswamy C. A Policy Validation Framework for Enterprise Authorization Specification. 19th Annual Computer Security Applications Conference ACSAC, (2003): 319-329. doi:10.1109/CSAC.2003.1254336.
19. Extensible Markup Language (XML) 1.0 (Fourth Edition) http://www.w3.org/TR/REC-xml/.
20. XML Path Language. http://www.w3.org/TR/xpath.
21. XML Schema http://www.w3.org/TR/xmlschema-0/.
22. Zhang, X., Park, J. and Sandhu, R. Schema based XML Security: RBAC Approach, 17th IFIP 11.3. Working Conference on Data and Application Security, 2003. doi:10.1007/1-4020-8070-0-24.
23. [Xerces2008] http://xerces.apache.org/xerces-c/.
24. [Cryptopp++2008] http://www.cryptopp.com/.