Ordered and Unordered Tree Inclusion
SIAM Journal on Computing
Role-Based Access Control Models
Computer
XML document security based on provisional authorization
Proceedings of the 7th ACM conference on Computer and communications security
SIGMOD '01 Proceedings of the 2001 ACM SIGMOD international conference on Management of data
A fine-grained access control system for XML documents
ACM Transactions on Information and System Security (TISSEC)
An infrastructure for managing secure update operations on XML data
Proceedings of the eighth ACM symposium on Access control models and technologies
Secure XML publishing without information leakage in the presence of data inference
VLDB '04 Proceedings of the Thirtieth international conference on Very large data bases - Volume 30
Structural signatures for tree data structures
Proceedings of the VLDB Endowment
Fine-grained sticky provenance architecture for office documents
IWSEC'07 Proceedings of the Security 2nd international conference on Advances in information and computer security
Hi-index | 0.00 |
To provide fine-grained access control to data in an XML document, XML access control policy is defined based on the contents and structure of the document. In this paper, we discuss confidential information leakage problem caused by unsecure-update that modifies contents or structures of the document referred by the access control policy. In order to solve this problem, we propose an algorithm that computes update constraints of a user on some data in the document under access control policy of the user. We also propose an algorithm that decides whether a given update request of a user against an XML document is an unsecure-update under the user's access control policy.