A model of authorization for next-generation database systems
ACM Transactions on Database Systems (TODS)
A fine-grained access control system for XML documents
ACM Transactions on Information and System Security (TISSEC)
Towards usage control models: beyond traditional access control
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
Secure and selective dissemination of XML documents
ACM Transactions on Information and System Security (TISSEC)
Security architectures for controlled digital information dissemination
ACSAC '00 Proceedings of the 16th Annual Computer Security Applications Conference
A logical specification for usage control
Proceedings of the ninth ACM symposium on Access control models and technologies
A role-based approach to access control for XML databases
Proceedings of the ninth ACM symposium on Access control models and technologies
A Flexible Payment Scheme and Its Role-Based Access Control
IEEE Transactions on Knowledge and Data Engineering
Database Security-Concepts, Approaches, and Challenges
IEEE Transactions on Dependable and Secure Computing
Purpose based access control of complex data for privacy protection
Proceedings of the tenth ACM symposium on Access control models and technologies
An authorization model for XML databases
SWS '04 Proceedings of the 2004 workshop on Secure web service
Ubiquitous computing environments and its usage access control
InfoScale '06 Proceedings of the 1st international conference on Scalable information systems
VLDB '02 Proceedings of the 28th international conference on Very Large Data Bases
Access control management for ubiquitous computing
Future Generation Computer Systems
Towards secure XML document with usage control
APWeb'05 Proceedings of the 7th Asia-Pacific web conference on Web Technologies Research and Development
Privacy-Preserving database systems
Foundations of Security Analysis and Design III
| Hi-index | 0.00 |
With the growing importance of privacy in data access, much research has been done on the privacy protecting technology in the recent years. Developing an access control model and related mechanisms to support a selective access data has become important. The extensible markup language (XML) is rapidly emerging as the new standard language for semi-structured data representation and exchange on the Internet with more and more information being distributed in XML format. In this paper, we present a comprehensive approach for privacy preserving access control based on the notion of purpose. In our model, purpose information associated with a given data element in an XML document specifies the intended use of the data elements. An important issue addressed in this paper is the granularity of data labeling for data elements in XML documents and tree databases with which purposes can be associated. We address this issue in native XML databases and propose different labeling schemes for XML documents. We also propose an approach to represent purpose information to support access control based on purpose information. Our proposed solution relies on usage access control models as well as the components that are based on the notions of the purpose information used in subjects and objects. Finally, comparisons with related works are analysed. Copyright © 2011 John Wiley & Sons, Ltd.