XML document security based on provisional authorization
Proceedings of the 7th ACM conference on Computer and communications security
A fine-grained access control system for XML documents
ACM Transactions on Information and System Security (TISSEC)
The case for access control on XML relationships
Proceedings of the 14th ACM international conference on Information and knowledge management
An authorization model for XML databases
SWS '04 Proceedings of the 2004 workshop on Secure web service
Protection of relationships in XML documents with the XML-BB model
ICISS'05 Proceedings of the First international conference on Information Systems Security
Secure XML querying based on authorization graphs
Information Systems Frontiers
Hi-index | 0.00 |
Since XML became the core meta language for many data formats, we need a fine-grained access control model for XML to protect sensitive information carried by XML elements or by relationships between these elements. Several models have already been suggested, but we claim that none of them is sufficiently expressive to properly express some basic security requirements, especially those related to entity relationships protection. To cope with these limitations, we suggest to structure the access control policy using the new concept of block. This is used to hide relationships between nodes selected in different blocks. It provides means to specify confidentiality restriction associated with some relationships. An access control model, called XML-BB (XML Block Based Access Control), that includes this concept of block is presented and the implementation of this model is described.