A fine-grained access control system for XML documents
ACM Transactions on Information and System Security (TISSEC)
Secure and selective dissemination of XML documents
ACM Transactions on Information and System Security (TISSEC)
An Authorization Model for a Distributed Hypertext System
IEEE Transactions on Knowledge and Data Engineering
EDBT '00 Proceedings of the 7th International Conference on Extending Database Technology: Advances in Database Technology
Derived access control specification for XML
Proceedings of the 2003 ACM workshop on XML security
Secure XML querying with security views
SIGMOD '04 Proceedings of the 2004 ACM SIGMOD international conference on Management of data
QFilter: fine-grained run-time XML access control via NFA-based query rewriting
Proceedings of the thirteenth ACM international conference on Information and knowledge management
Generalized XML security views
Proceedings of the tenth ACM symposium on Access control models and technologies
Applying hierarchical and role-based access control to XML documents
SWS '04 Proceedings of the 2004 workshop on Secure web service
Anatomy: simple and effective privacy preservation
VLDB '06 Proceedings of the 32nd international conference on Very large data bases
Incremental adaptation of XPath access control views
ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
History-based access control for XML documents
ASIACCS '07 Proceedings of the 2nd ACM symposium on Information, computer and communications security
A general approach to securely querying XML
Computer Standards & Interfaces
Extending XML triggers with path-granularity
WISE'07 Proceedings of the 8th international conference on Web information systems engineering
XTrigger: XML database trigger
Computer Science - Research and Development
| Hi-index | 0.00 |
With the growing use of XML for data transfer and data storage across the web, securing XML documents has become an important issue. The XML privacy and data access control issues are especially significant in XML data repositories because they typically store large collections of highly sensitive business data, health information, etc. Protecting privacy by only restricting access to individual nodes in the XML document tree is not sufficient, as combinations of nodes and aggregations thereof can lead to disclosure of sensitive information. Moreover, a mechanism is required to cope with such combined data privacy levels, as they must be validated on query-time. Extending from XML access control models, this paper proposes a privacy-aware access control model for XML with composite security levels, which adds a further level of fine-granularity to existing approaches. In order to enforce these composite security levels, we then introduce a methodology based on path-triggers. Finally, we evaluate the performance of our new approach using three different implementation techniques.