A Fine-Grained Access Control System Combining MAC and RBACK Models for XML

Authors:
Mustafa M. Kocatürk;Taflan İ. Gündem
Affiliations:
Computer Engineering Dept., Boğaziçi University, 34342 Bebek, İstanbul, Turkey, e-mail: mirackocaturk@yahoo.com, gundem@boun.edu.tr;Computer Engineering Dept., Boğaziçi University, 34342 Bebek, İstanbul, Turkey, e-mail: mirackocaturk@yahoo.com, gundem@boun.edu.tr
Venue:
Informatica
Year:
2008

Citing 12
Cited 1

Role-Based Access Control Models

Computer
Mandatory access control and role-based access control revisited

RBAC '97 Proceedings of the second ACM workshop on Role-based access control
XML document security based on provisional authorization

Proceedings of the 7th ACM conference on Computer and communications security
Protection in operating systems

Communications of the ACM
Protection and administration of XML data sources

Data & Knowledge Engineering - Data and applications security
Securing XML Documents with Author-X

IEEE Internet Computing
Lattice-Based Access Control Models

Computer
Access Control in Distributed Object Systems: Problems With Access Control Lists

WETICE '01 Proceedings of the 10th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises
XML access control using static analysis

Proceedings of the 10th ACM conference on Computer and communications security
Access control of XML documents considering update operations

Proceedings of the 2003 ACM workshop on XML security
Secure XML querying with security views

SIGMOD '04 Proceedings of the 2004 ACM SIGMOD international conference on Management of data
Compressed accessibility map: efficient access control for XML

VLDB '02 Proceedings of the 28th international conference on Very Large Data Bases

Secure XML querying based on authorization graphs

Information Systems Frontiers

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this paper, we present a novel fine-grained access control system for applications where the information flow is critical; the confidentiality of the data is essential and there are a huge number of users who access different portions of an XML document as in military applications. We combine MAC and RBACK models for XML for use in the mentioned type of applications. In accordance with the peculiarities of the target applications, the access control model is structured in such a way that the implementation can be done efficiently for large number of users. In the system presented, instead of using access control lists, we use a security labeling approach in defining the grant rules. By combining the advantages of role-based and mandatory access control schemes, the access control system presented provides a fine-grained, flexible and effective access for applications where the confidentiality of data is crucial. The system is implemented and tested for correctness. Performance analysis is also given.