A formal language for specifying complex XML authorisations with temporal constraints

Authors:
Sean Policarpio;Yan Zhang
Affiliations:
Intelligent Systems Laboratory, School of Computing and Mathematics, University of Western Sydney, Penrith South DC, NSW, Australia;Intelligent Systems Laboratory, School of Computing and Mathematics, University of Western Sydney, Penrith South DC, NSW, Australia
Venue:
Inscrypt'09 Proceedings of the 5th international conference on Information security and cryptology
Year:
2009

Citing 12
Cited 0

Towards a general theory of action and time

Artificial Intelligence
An access control model supporting periodicity constraints and temporal reasoning

ACM Transactions on Database Systems (TODS)
A fine-grained access control system for XML documents

ACM Transactions on Information and System Security (TISSEC)
Knowledge Representation, Reasoning, and Declarative Problem Solving

Knowledge Representation, Reasoning, and Declarative Problem Solving
Securing XML Documents

EDBT '00 Proceedings of the 7th International Conference on Extending Database Technology: Advances in Database Technology
Author-X: A Java-Based System for XML Data Protection

Proceedings of the IFIP TC11/ WG11.3 Fourteenth Annual Working Conference on Database Security: Data and Application Security, Development and Directions
Secure XML querying with security views

SIGMOD '04 Proceedings of the 2004 ACM SIGMOD international conference on Management of data
An access control model for querying XML data

Proceedings of the 2005 workshop on Secure web services
Applying hierarchical and role-based access control to XML documents

SWS '04 Proceedings of the 2004 workshop on Secure web service
Querying xml documents in logic programming*

Theory and Practice of Logic Programming
Access control for XML documents and data

Information Security Tech. Report
A formal access control model for XML databases

SDM'05 Proceedings of the Second VDLB international conference on Secure Data Management

Quantified Score

Hi-index	0.00

Visualization

Abstract

The Extensible Markup Language (XML) is utilised in many Internet applications we are using today. However, as with many computing technologies, vulnerabilities exist in XML that can allow for malicious and unauthorised use. Applications that utilise XML are therefore susceptible to security faults if they do not provide their own methods. Our research focuses on developing a formal language which can provide access control to information stored in XML formatted documents. This formal language will have the capacity to reason if access to an XML document should be allowed. Our language, Axml(T), allows for the specification of authorisations on XML documents based on the popular Role-based Access Control model. Temporal interval reasoning is the study of logically representing time intervals and relationships between them. As part of our research, we have also included this aspect in our language Axml(T) because we believe it will allow us to specify even more powerful access control authorisations.