Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Regular expression types for XML
ICFP '00 Proceedings of the fifth ACM SIGPLAN international conference on Functional programming
Stack inspection: theory and variants
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A fine-grained access control system for XML documents
ACM Transactions on Information and System Security (TISSEC)
Secure and selective dissemination of XML documents
ACM Transactions on Information and System Security (TISSEC)
POPL '03 Proceedings of the 30th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
XDuce: A statically typed XML processing language
ACM Transactions on Internet Technology (TOIT)
Regulating access to XML documents
Das'01 Proceedings of the fifteenth annual working conference on Database and application security
CDuce: an XML-centric general-purpose language
ICFP '03 Proceedings of the eighth ACM SIGPLAN international conference on Functional programming
XML access control using static analysis
Proceedings of the 10th ACM conference on Computer and communications security
Specifying access control policies for XML documents with XPath
Proceedings of the ninth ACM symposium on Access control models and technologies
Secure XML querying with security views
SIGMOD '04 Proceedings of the 2004 ACM SIGMOD international conference on Management of data
Types for path correctness of XML queries
Proceedings of the ninth ACM SIGPLAN international conference on Functional programming
Security policies for downgrading
Proceedings of the 11th ACM conference on Computer and communications security
Downgrading policies and relaxed noninterference
Proceedings of the 32nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
PODS '04 Proceedings of the twenty-third ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems
An environment for maintaining computation dependency in XML documents
Proceedings of the 2005 ACM symposium on Document engineering
The essence of data access in Cω: the power is in the dot!
ECOOP'05 Proceedings of the 19th European conference on Object-Oriented Programming
| Hi-index | 0.00 |
The problem of regulating access to XML documents has attracted much attention from both academic and industry communities. In existing approaches, the XML elements specified by access policies are either accessible or inaccessible according to their sensitivity. However, in some cases, the original XML elements are sensitive and inaccessible, but after being processed in some appropriate ways, the results become insensitive and thus accessible. This paper proposes a policy language to accommodate such cases, which can express the downgrading operations on sensitive data in XML documents through explicit calculations on them. The proposed policy language is called calculation-embedded schema (CSchema), which extends the ordinary schema languages with protection type for protecting sensitive data and specifying downgrading operations. CSchema language has a type system to guarantee the type correctness of the embedded calculation expressions and moreover this type system also generates a security view after type checking a CSchema policy. Access policies specified by CSchema are enforced by a validation procedure, which produces the released documents containing only the accessible data by validating the protected documents against CSchema policies. These released documents are then ready to be accessed by, for instance, XML query engines. By incorporating this validation procedure, other XML processing technologies can use CSchema as the access control module.