CRYPTO '89 Proceedings on Advances in cryptology
Application of XML tools for enterprise-wide RBAC implementation tasks
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
XML document security based on provisional authorization
Proceedings of the 7th ACM conference on Computer and communications security
Cryptographic solution to a problem of access control in a hierarchy
ACM Transactions on Computer Systems (TOCS)
Minimization of tree pattern queries
SIGMOD '01 Proceedings of the 2001 ACM SIGMOD international conference on Management of data
Flexible authentication of XML documents
CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
A fine-grained access control system for XML documents
ACM Transactions on Information and System Security (TISSEC)
A cryptographic solution to implement access control in a hierarchy and more
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
Containment and equivalence for an XPath fragment
Proceedings of the twenty-first ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems
Handbook of Applied Cryptography
Handbook of Applied Cryptography
Executing SQL over encrypted data in the database-service-provider model
Proceedings of the 2002 ACM SIGMOD international conference on Management of data
Using Compatible Keys for Secure Multicasting in E-Commerce
IPDPS '02 Proceedings of the 16th International Parallel and Distributed Processing Symposium
Cryptography and Relational Database Management Systems
IDEAS '01 Proceedings of the International Database Engineering & Applications Symposium
iButton Enrolment and Verification Requirements for the Pressure Sequence Smartcard Biometric
E-SMART '01 Proceedings of the International Conference on Research in Smart Cards: Smart Card Programming and Security
Organization based access control
POLICY '03 Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks
XPath queries on streaming data
Proceedings of the 2003 ACM SIGMOD international conference on Management of data
Efficient Filtering of XML Documents with XPath Expressions
ICDE '02 Proceedings of the 18th International Conference on Data Engineering
XGRIND: A Query-Friendly XML Compressor
ICDE '02 Proceedings of the 18th International Conference on Data Engineering
Using the Extension Function of XSLT and DSL to Secure XML Documents
AINA '04 Proceedings of the 18th International Conference on Advanced Information Networking and Applications - Volume 2
An evaluation of binary xml encoding optimizations for fast stream based xml processing
Proceedings of the 13th international conference on World Wide Web
Secure XML querying with security views
SIGMOD '04 Proceedings of the 2004 ACM SIGMOD international conference on Management of data
EXPedite: a system for encoded XML processing
Proceedings of the thirteenth ACM international conference on Information and knowledge management
Processing XML streams with deterministic automata and stream indexes
ACM Transactions on Database Systems (TODS)
Security analysis of cryptographically controlled access to XML documents
Proceedings of the twenty-fourth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems
Safe data sharing and data dissemination on smart devices
Proceedings of the 2005 ACM SIGMOD international conference on Management of data
Securing XML data in third-party distribution systems
Proceedings of the 14th ACM international conference on Information and knowledge management
The case for access control on XML relationships
Proceedings of the 14th ACM international conference on Information and knowledge management
An authorization model for XML databases
SWS '04 Proceedings of the 2004 workshop on Secure web service
Introduction to Automata Theory, Languages, and Computation (3rd Edition)
Introduction to Automata Theory, Languages, and Computation (3rd Edition)
Chip-secured data access: confidential data on untrusted servers
VLDB '02 Proceedings of the 28th international conference on Very Large Data Bases
Optimizing the secure evaluation of twig queries
VLDB '02 Proceedings of the 28th international conference on Very Large Data Bases
GnatDb: a small-footprint, secure database system
VLDB '02 Proceedings of the 28th international conference on Very Large Data Bases
Path queries on compressed XML
VLDB '03 Proceedings of the 29th international conference on Very large data bases - Volume 29
Controlling access to published data using cryptography
VLDB '03 Proceedings of the 29th international conference on Very large data bases - Volume 29
ClientBased access control evaluator for XML databases
CIT'09 Proceedings of the 3rd International Conference on Communications and information technology
Hi-index | 0.00 |
The erosion of trust put in traditional database servers and in Database Service Providers and the growing interest for different forms of selective data dissemination are different factors that lead to move the access-control from servers to clients. Different data encryption and key dissemination schemes have been proposed to serve this purpose. By compiling the access-control rules into the encryption process, all these methods suffer from a static way of sharing data. With the emergence of hardware security elements on client devices, more dynamic client-based access-control schemes can be devised. This paper proposes a tamper-resistant client-based XML access-right controller supporting flexible and dynamic access-control policies. The access-control engine is embedded in a hardware-secure device and, therefore, must cope with specific hardware resources. This engine benefits from a dedicated index to quickly converge toward the authorized parts of a potentially streaming XML document. Pending situations (i.e., where data delivery is conditioned by predicates, which apply to values encountered afterward in the document stream) are handled gracefully, skipping, whenever possible the pending elements and reassembling relevant parts when the pending situation is solved. Additional security mechanisms guarantee that (1) the input document is protected from any form of tampering and (2) no forbidden information can be gained by replay attacks on different versions of the XML document and of the access-control rules. Performance measurements on synthetic and real datasets demonstrate the effectiveness of the approach. Finally, the paper reports on two experiments conducted with a prototype running on a secured hardware platform.