XML document security based on provisional authorization
Proceedings of the 7th ACM conference on Computer and communications security
Proposed NIST standard for role-based access control
ACM Transactions on Information and System Security (TISSEC)
A fine-grained access control system for XML documents
ACM Transactions on Information and System Security (TISSEC)
Access control in a relational data base management system by query modification
ACM '74 Proceedings of the 1974 annual conference - Volume 1
Organization based access control
POLICY '03 Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks
Extending query rewriting techniques for fine-grained access control
SIGMOD '04 Proceedings of the 2004 ACM SIGMOD international conference on Management of data
The case for access control on XML relationships
Proceedings of the 14th ACM international conference on Information and knowledge management
On the correctness criteria of fine-grained access control in relational databases
VLDB '07 Proceedings of the 33rd international conference on Very large data bases
A formal access control model for XML databases
SDM'05 Proceedings of the Second VDLB international conference on Secure Data Management
Protection of relationships in XML documents with the XML-BB model
ICISS'05 Proceedings of the First international conference on Information Systems Security
Rewriting of SPARQL/update queries for securing data access
ICICS'10 Proceedings of the 12th international conference on Information and communications security
PAIRSE: a privacy-preserving service-oriented data integration system
ACM SIGMOD Record
Hi-index | 0.00 |
RDF is an increasingly used framework for describing Web resources, including sensitive and confidential resources. In this context, we need an expressive language to query RDF databases. SPARQL has been defined to easily localize and extract data in an RDF graph. Since confidential data are accessed, SPARQL queries must be filtered so that only authorized data are returned with respect to some confidentiality policy. In this paper, we model a confidentiality policy as a set of positive and negative filters (corresponding respectively to permissions and prohibitions) that apply to SPARQL queries. We then define rewriting algorithms that transform the queries so that the results returned by transformed queries are compliant with the confidentiality policy.