A fine-grained access control system for XML documents
ACM Transactions on Information and System Security (TISSEC)
The Theory and Practice of Concurrency
The Theory and Practice of Concurrency
Regulating access to XML documents
Das'01 Proceedings of the fifteenth annual working conference on Database and application security
XML access control using static analysis
Proceedings of the 10th ACM conference on Computer and communications security
Reasoning about XACML policies using CSP
Proceedings of the 2005 workshop on Secure web services
An electronic patient record "on steroids": distributed, peer-to-peer, secure and privacy-conscious
VLDB '04 Proceedings of the Thirtieth international conference on Very large data bases - Volume 30
Automated xacml policy reconfiguration for evaluation optimisation
Proceedings of the fourth international workshop on Software engineering for secure systems
| Hi-index | 0.00 |
Reasoning about the access control model for AXML documents is a non-trivial topic because of its own challenging issues: the hierarchical nature of XML with embedded service call and query transformation. In this paper, we present a methodology to specify an access control model (GUPster) for AXML (Active XML) documents by translating a query, schema, and access control policy in CSP language. Then, we show how to verify access control policies of AXML documents, by illustrating the running example, with the FDR model checker. Finally, the examples demonstrate that our automated static verification is efficient to analyze security problems, not only whether the policies give legitimate users enough permissions to read data, but also whether the policies prevent unauthorized users from reading sensitive data.