Introduction to algorithms
XML document security based on provisional authorization
Proceedings of the 7th ACM conference on Computer and communications security
SIGMOD '01 Proceedings of the 2001 ACM SIGMOD international conference on Management of data
A fine-grained access control system for XML documents
ACM Transactions on Information and System Security (TISSEC)
Regulating access to SMIL formatted pay-per-view movies
Proceedings of the 2002 ACM workshop on XML security
The complexity of XPath query evaluation
Proceedings of the twenty-second ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems
XML access control using static analysis
Proceedings of the 10th ACM conference on Computer and communications security
Extending xQuery with transformation operators
Proceedings of the 2003 ACM symposium on Document engineering
Secure XML querying with security views
SIGMOD '04 Proceedings of the 2004 ACM SIGMOD international conference on Management of data
QFilter: fine-grained run-time XML access control via NFA-based query rewriting
Proceedings of the thirteenth ACM international conference on Information and knowledge management
Generalized XML security views
Proceedings of the tenth ACM symposium on Access control models and technologies
The case for access control on XML relationships
Proceedings of the 14th ACM international conference on Information and knowledge management
Access control for XML: a dynamic query rewriting approach
Proceedings of the 14th ACM international conference on Information and knowledge management
An access control model for querying XML data
Proceedings of the 2005 workshop on Secure web services
SMOQE: a system for providing secure access to XML
VLDB '06 Proceedings of the 32nd international conference on Very large data bases
Automated generation of Promela model from SDL specification
Computer Standards & Interfaces
Client-based access control management for XML documents
VLDB '04 Proceedings of the Thirtieth international conference on Very large data bases - Volume 30
KES'07/WIRN'07 Proceedings of the 11th international conference, KES 2007 and XVII Italian workshop on neural networks conference on Knowledge-based intelligent information and engineering systems: Part III
A formal access control model for XML databases
SDM'05 Proceedings of the Second VDLB international conference on Secure Data Management
An efficient yet secure XML access control enforcement by safe and correct query modification
DEXA'06 Proceedings of the 17th international conference on Database and Expert Systems Applications
Protection of relationships in XML documents with the XML-BB model
ICISS'05 Proceedings of the First international conference on Information Systems Security
RAVI, a proposed standard for the interchange of audio/visual interactive applications
IEEE Journal on Selected Areas in Communications
Privacy-aware access control in XML databases
ADC '10 Proceedings of the Twenty-First Australasian Conference on Database Technologies - Volume 104
Light-weight access control scheme for XML data
KES'10 Proceedings of the 14th international conference on Knowledge-based and intelligent information and engineering systems: Part II
QFilter: rewriting insecure XML queries to secure ones using non-deterministic finite automata
The VLDB Journal — The International Journal on Very Large Data Bases
Secure XML querying based on authorization graphs
Information Systems Frontiers
On securely manipulating XML data
FPS'12 Proceedings of the 5th international conference on Foundations and Practice of Security
SVMAX: a system for secure and valid manipulation of XML data
Proceedings of the 17th International Database Engineering & Applications Symposium
Hi-index | 0.00 |
XML access control requires the enforcement of highly expressive access control policies to support schema-, document and object-specific protection requirements. Access control models for XML data can be classified in two major categories: node filtering and query rewriting systems. The first category includes approaches that use access policies to compute secure user views on XML data sets. User queries are then evaluated on those views. In the second category of approaches, authorization rules are used to transform user queries to be evaluated against the original XML data set. The pros and cons for these approaches have been widely discussed in the framework of XML access control standardization activities. The aim of this paper is to describe a model combining the advantages of these approaches and overcoming their limitations, suitable as the basis of a standard technique for XML access control enforcement. The model specification is given using a Finite State Automata, ensuring generality w.r.t. specific implementation techniques.