A taxonomy for secure object-oriented databases
ACM Transactions on Database Systems (TODS)
XML document security based on provisional authorization
Proceedings of the 7th ACM conference on Computer and communications security
A fine-grained access control system for XML documents
ACM Transactions on Information and System Security (TISSEC)
A cryptographic solution to implement access control in a hierarchy and more
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
Containment and equivalence for an XPath fragment
Proceedings of the twenty-first ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems
Secure and selective dissemination of XML documents
ACM Transactions on Information and System Security (TISSEC)
ICICS '01 Proceedings of the Third International Conference on Information and Communications Security
Author-X: A Java-Based System for XML Data Protection
Proceedings of the IFIP TC11/ WG11.3 Fourteenth Annual Working Conference on Database Security: Data and Application Security, Development and Directions
Regulating access to XML documents
Das'01 Proceedings of the fifteenth annual working conference on Database and application security
XML access control using static analysis
Proceedings of the 10th ACM conference on Computer and communications security
RDF metadata for XML access control
Proceedings of the 2003 ACM workshop on XML security
A role-based approach to access control for XML databases
Proceedings of the ninth ACM symposium on Access control models and technologies
Secure XML querying with security views
SIGMOD '04 Proceedings of the 2004 ACM SIGMOD international conference on Management of data
An authorization model for XML databases
SWS '04 Proceedings of the 2004 workshop on Secure web service
Optimizing the secure evaluation of twig queries
VLDB '02 Proceedings of the 28th international conference on Very Large Data Bases
Client-based access control management for XML documents
VLDB '04 Proceedings of the Thirtieth international conference on Very large data bases - Volume 30
Journal of Cognitive Neuroscience
IPAC: an interactive approach to access control for semi-structured data
VLDB '06 Proceedings of the 32nd international conference on Very large data bases
Dynamic access-control policies on XML encrypted data
ACM Transactions on Information and System Security (TISSEC)
A general approach to securely querying XML
Computer Standards & Interfaces
A rewrite based approach for enforcing access constraints for XML
KES'07/WIRN'07 Proceedings of the 11th international conference, KES 2007 and XVII Italian workshop on neural networks conference on Knowledge-based intelligent information and engineering systems: Part III
XML-BB: a model to handle relationships protection in XML documents
KES'07/WIRN'07 Proceedings of the 11th international conference, KES 2007 and XVII Italian workshop on neural networks conference on Knowledge-based intelligent information and engineering systems: Part III
Hasslefree: simplified access control management for XML documents
ICDCIT'07 Proceedings of the 4th international conference on Distributed computing and internet technology
fQuery: SPARQL query rewriting to enforce data confidentiality
DBSec'10 Proceedings of the 24th annual IFIP WG 11.3 working conference on Data and applications security and privacy
QFilter: rewriting insecure XML queries to secure ones using non-deterministic finite automata
The VLDB Journal — The International Journal on Very Large Data Bases
Authorization-Transparent access control for XML under the non-truman model
EDBT'06 Proceedings of the 10th international conference on Advances in Database Technology
Secure XML querying based on authorization graphs
Information Systems Frontiers
Pragmatic XML access control using off-the-shelf RDBMS
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
| Hi-index | 0.00 |
With the emergence of XML as the de facto standard to exchange and disseminate information, the problem of regulating access to XML documents has attracted a considerable attention in recent years. Existing models attach authorizations to nodes of an XML document but disregard relationships between them. However, ancestor and sibling relationships may reveal information as sensitive as the one carried out by the nodes themselves (e.g., classification). This paper advocates the integration of relationships as first class citizen in the access control models for XML and makes the following contributions. First, it characterizes important relationship authorizations and identifies the mechanisms required to translate them accurately in an authorized view of a source document. Second, it introduces a rule-based formulation for expressing these classes of relationship authorizations and defines an associated conflict resolution strategy. Rather than being yet-another XML access control model, the proposed approach allows a seamless integration of relationship authorizations in existing XML access control model.