Protection and administration of XML data sources

Authors:
Elisa Bertino;Silvana Castano;Elena Ferrari;Marco Mesiti
Affiliations:
Dipartimento di Scienze dell'Informazione, Università degli Studi di Milano, Via Comelico, 39/41, 20135 Milano, Italy;Dipartimento di Scienze dell'Informazione, Università degli Studi di Milano, Via Comelico, 39/41, 20135 Milano, Italy;Dipartimento di Scienze Chimiche, Fisiche e Matematiche, Università degli Studi dell'Insubria, Via Valleggio, 11, 22100 Como, Italy;Dipartimento di Informatica e Scienze dell'Informazione, Università degli Studi di Genova, Via Dodecaneso, 35, 16146 Genova, Italy
Venue:
Data & Knowledge Engineering - Data and applications security
Year:
2002

Citing 7
Cited 9

A query language for XML

WWW '99 Proceedings of the eighth international conference on World Wide Web
Using digital credentials on the World Wide Web

Journal of Computer Security - Special issue on security in the World Wide Web
On specifying security policies for web documents with an XML-based language

SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Securing XML documents: the author-X project demonstration

SIGMOD '01 Proceedings of the 2001 ACM SIGMOD international conference on Management of data
Network Security Essentials: Applications and Standards

Network Security Essentials: Applications and Standards
Securing XML Documents with Author-X

IEEE Internet Computing
An Authorization Model for a Distributed Hypertext System

IEEE Transactions on Knowledge and Data Engineering

A matching algorithm for measuring the structural similarity between an XML document and a DTD and its applications

Information Systems - Special issue on web data integration
Specifying access control policies for XML documents with XPath

Proceedings of the ninth ACM symposium on Access control models and technologies
Policy Administration Control and Delegation Using XACML and Delegent

GRID '05 Proceedings of the 6th IEEE/ACM International Workshop on Grid Computing
Measuring the structural similarity among XML documents and DTDs

Journal of Intelligent Information Systems
A Secure Mediator for Integrating Multiple Level Access Control Policies

KES '08 Proceedings of the 12th international conference on Knowledge-Based Intelligent Information and Engineering Systems, Part II
A Fine-Grained Access Control System Combining MAC and RBACK Models for XML

Informatica
A novel client-based approach for signing and checking web forms by using XML against DoS attacks

Proceedings of the 12th International Conference on Information Integration and Web-based Applications & Services
Secure XML querying based on authorization graphs

Information Systems Frontiers
Engineering Financial Enterprise Content Management Services: Integration and Control

International Journal of Systems and Service-Oriented Engineering

Quantified Score

Hi-index	0.00

Visualization

Abstract

EXtensible Markup Language (XML) security has become a relevant research topic due to the wide-spread use of XML as the language for information interchange and document definition over the Web. In this context, developing an access control mechanism in terms of XML is an important step for Web information security. In this paper, we present the protection and administration facilities of Author-X, a Java-based system for discretionary access control to XML documents. Relevant features of Author-X are both a set-oriented and a document-oriented credential-based document protection, a differentiated protection of document/document type contents through the support of multi-granularity protection objects and positive/negative authorizations, and the support for different access control strategies. In this paper, we focus on the strategies we have developed for enforcing access control. Additionally, we provide a description of the environment we have developed to help the Security Officer in performing administrative activities related to both security policy and subject credential management.