XML document security based on provisional authorization

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

XML document security based on provisional authorization

Full text

Pdf (457 KB)

Source

Conference on Computer and Communications Security archive
Proceedings of the 7th ACM conference on Computer and communications security table of contents

Athens, Greece

Pages: 87 - 96

Year of Publication: 2000

ISBN:1-58113-203-4

Authors

Michiharu Kudo	IBM Research, Tokyo Research Laboratory, 1623-14 Shimotsuruma Yamato-shi, Kanagawa-ken, 242-8502, Japan
Satoshi Hada	IBM Research, Tokyo Research Laboratory, 1623-14 Shimotsuruma Yamato-shi, Kanagawa-ken, 242-8502, Japan

Sponsors

Greek Com Soc : Greek Computer Society
SIGSAC: ACM Special Interest Group on Security, Audit, and Control
Athens U of Econ & Business : Athens University of Economics and Business

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 11, Downloads (12 Months): 124, Citation Count: 59

Additional Information:

references cited by index terms collaborative colleagues peer to peer

Tools and Actions:	Review this Article Save this Article to a Binder Display Formats: BibTex EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/352600.352613 What is a DOI?

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	T. Bray et al. "Extensible Markup Language (XML) 1.0," World Wide Web Consortium (W3C), http://www.w3.org/TR/REC-xml (February, 1998).
	2	Hiroshi Maruyama , Kent Tamura , Naohiko Uramoto , Kento Tamura, XML and Java: Developing Web Applications, Addison-Wesley Longman Publishing Co., Inc., Boston, MA, 1999
	3	M. Bartel et al. "XML-Signature Syntax and Processing," http://www.w3.org/TR/xmldsig-core, W3C Working Draft (Feb, 2000).
	4	alphaWorks, "XML Security Suite," http://www.alphaWorks.com/tech/xmlsecuritysuite (1999).
	5	Dorothy Elizabeth Rob Denning, Cryptography and Data Security, Addison-Wesley Longman Publishing Co., Inc., Boston, MA, 1982
	6	Silvana Castano , Maria Grazia Fugini , Giancarlo Martella , Pierangela Samarati, Database security, ACM Press/Addison-Wesley Publishing Co., New York, NY, 1995
	7	Thomas Y. C. Woo , Simon S. Lam, A framework for distributed authorization, Proceedings of the 1st ACM conference on Computer and communications security, p.112-118, November 03-05, 1993, Fairfax, Virginia, United States [doi>10.1145/168588.168603]
	8	Sushil Jajodia , Pierangela Samarati , V. S. Subrahmanian, A Logical Language for Expressing Authorizations, Proceedings of the 1997 IEEE Symposium on Security and Privacy, p.31, May 04-07, 1997
	9	Sushil Jajodia , Pierangela Samarati , V. S. Subrahmanian , Eliza Bertino, A unified framework for enforcing multiple access control policies, Proceedings of the 1997 ACM SIGMOD international conference on Management of data, p.474-485, May 11-15, 1997, Tucson, Arizona, United States
	10	Ernesto Damiani , Sabrina De Capitani di Vimercati , Stefano Paraboschi , Pierangela Samarati, Securing XML Documents, Proceedings of the 7th International Conference on Extending Database Technology: Advances in Database Technology, p.121-135, March 27-31, 2000
	11	Matt Blaze , Joan Feigenbaum , Jack Lacy, Decentralized Trust Management, Proceedings of the 1996 IEEE Symposium on Security and Privacy, p.164, May 06-08, 1996
	12	Matt Blaze , Joan Feigenbaum , Angelos D. Keromytis, KeyNote: Trust Management for Public-Key Infrastructures (Position Paper), Proceedings of the 6th International Workshop on Security Protocols, p.59-63, April 15-17, 1998
	13	Object Management Group, "Security Service Specification," In CORBA services: Common Object Services Specification, Chapter 15 (November 1997).
	14	Günter Karjoth, Authorization in CORBA Security, Proceedings of the 5th European Symposium on Research in Computer Security, p.143-158, September 16-18, 1998
	15	SecureWay Policy Director, http://www-4.ibm.com/software/security/policy/
	16	J. G. Stener, B. C. Neuan, and J. I. Schiller, "Kerberos: An Authentication Service for Open Network Systems," Proc. USENIX Conference (Feb. 1998).
	17	Amir Herzberg , Yosi Mass , Joris Michaeli , Yiftach Ravid , Dalit Naor, Access Control Meets Public Key Infrastructure, Or: Assigning Roles to Strangers, Proceedings of the 2000 IEEE Symposium on Security and Privacy, p.2, May 14-17, 2000
	18	ISO/IEC 10181-3, "The Access Control Framework"
	19	Dorothy E. Denning, An intrusion-detection model, IEEE Transactions on Software Engineering, v.13 n.2, p.222-232, Feb. 1987 [doi>10.1109/TSE.1987.232894]
	20	World Wide Web Consortium (W3C), "XML Path Language (XPath) Version 1.0," http://www.w3.org/TR/PR-xpath19991008," (October 1999).
	21	Elisa Bertino , Francesco Buccafurri , Elena Ferrari , Pasquale Rullo, An Authorization Model and Its Formal Semantics, Proceedings of the 5th European Symposium on Research in Computer Security, p.127-142, September 16-18, 1998
	22	J. Clark, "XSL Transformations (XSLT) Version 1.0," W3C Recommendation, http://www.w3.org/TR/xslt (November, 1999).

CITED BY 59

	Shohei Yokoyama , Manabu Ohta , Kaoru Katayama , Hiroshi Ishikawa, An access control method based on the prefix labeling scheme for XML repositories, Proceedings of the sixteenth Australasian database conference, p.105-113, January 01, 2005, Newcastle, Australia
	Alban Gabillon , Emmanuel Bruno, Regulating access to XML documents, Proceedings of the fifteenth annual working conference on Database and application security, p.299-314, July 15-18, 2001, Niagara, Ontario, Canada
	Nabil Adam , Ahmet Kozanoglu , Aabhas Paliwal , Basit Shafiq, Secure Information Sharing in a Virtual Multi-Agency Team Environment, Electronic Notes in Theoretical Computer Science (ENTCS), 179, p.97-109, July, 2007
	Somchai Chatvichienchai , Mizuho Iwaihara , Yahiko Kambayashi, Authorization Translation for XML Document Transformation, World Wide Web, v.7 n.1, p.111-138, March 2004
	Sylvia Osborn , Bhavani Thuraisingham , Pierangela Samarati, Panel on XML and security, Proceedings of the fifteenth annual working conference on Database and application security, p.317-323, July 15-18, 2001, Niagara, Ontario, Canada
	Jason Crampton, Applying hierarchical and role-based access control to XML documents, Proceedings of the 2004 workshop on Secure web service, p.37-46, October 29-29, 2004, Fairfax, Virginia
	Bo Luo , Dongwon Lee , Wang-Chien Lee , Peng Liu, QFilter: fine-grained run-time XML access control via NFA-based query rewriting, Proceedings of the thirteenth ACM international conference on Information and knowledge management, November 08-13, 2004, Washington, D.C., USA
	Mizuho Iwaihara , Somchai Chatvichienchai , Chutiporn Anutariya , Vilas Wuwongse, Relevancy based access control of versioned XML documents, Proceedings of the tenth ACM symposium on Access control models and technologies, June 01-03, 2005, Stockholm, Sweden
	Paul Ashley , Satoshi Hada , Günter Karjoth , Matthias Schunter, E-P3P privacy policies and privacy authorization, Proceedings of the 2002 ACM workshop on Privacy in the Electronic Society, p.103-109, November 21-21, 2002, Washington, DC
	Sabrina De Capitani di Vimercati , Stefania Marrara , Pierangela Samarati, An access control model for querying XML data, Proceedings of the 2005 workshop on Secure web services, November 11-11, 2005, Fairfax, VA, USA
	Claudio Bettini , Sushil Jajodia , X. Sean Wang , Duminda Wijesekera, Provisions and Obligations in Policy Rule Management, Journal of Network and Systems Management, v.11 n.3, p.351-372, September 2003
	Mizuho Iwaihara , Ryotaro Hayashi , Somchai Chatvichienchai , Chutiporn Anutariya , Vilas Wuwongse, Relevancy-based access control and its evaluation on versioned XML documents, ACM Transactions on Information and System Security (TISSEC), v.10 n.1, p.3-es, February 2007
	Li Yang , Raimund K. Ege , Huiqun Yu, Mediation security specification and enforcement for heterogeneous databases, Proceedings of the 2005 ACM symposium on Applied computing, March 13-17, 2005, Santa Fe, New Mexico
	Siddhartha K. Goel , Chris Clifton , Arnon Rosenthal, Derived access control specification for XML, Proceedings of the 2003 ACM workshop on XML security, October 31-31, 2003, Fairfax, Virginia
	Li Qin , Vijayalakshmi Atluri, Concept-level access control for the Semantic Web, Proceedings of the 2003 ACM workshop on XML security, October 31-31, 2003, Fairfax, Virginia
	Huaxin Zhang , Ning Zhang , Kenneth Salem , Donghui Zhuo, Compact access control labeling for efficient secure XML query evaluation, Data & Knowledge Engineering, v.60 n.2, p.326-344, February, 2007
	Jingzhu Wang , Sylvia L. Osborn, A role-based approach to access control for XML databases, Proceedings of the ninth ACM symposium on Access control models and technologies, June 02-04, 2004, Yorktown Heights, New York, USA
	SungRan Cho , Sihem Amer-Yahia , Laks V. S. Lakshmanan , Divesh Srivastava, Optimizing the secure evaluation of twig queries, Proceedings of the 28th international conference on Very Large Data Bases, p.490-501, August 20-23, 2002, Hong Kong, China
	Gleb Naumovich , Paolina Centonze, Static analysis of role-based access control in J2EE applications, ACM SIGSOFT Software Engineering Notes, v.29 n.5, September 2004
	Ernesto Damiani , Sabrina De Capitani di Vimercati , Stefano Paraboschi , Pierangela Samarati, Fine grained access control for SOAP E-services, Proceedings of the 10th international conference on World Wide Web, p.504-513, May 01-05, 2001, Hong Kong, Hong Kong
	Claudio Bettini , Sushil Jajodia , X. Sean Wang , Duminda Wijesekera, Provisions and obligations in policy management and security applications, Proceedings of the 28th international conference on Very Large Data Bases, p.502-513, August 20-23, 2002, Hong Kong, China
	Marco Pistoia , Stephen J. Fink , Robert J. Flynn , Eran Yahav, When Role Models Have Flaws: Static Validation of Enterprise Security Policies, Proceedings of the 29th International Conference on Software Engineering, p.478-488, May 20-26, 2007
	L. Seitz , E. Rissanen , T. Sandholm , B. S. Firozabadi , O. Mulmo, Policy Administration Control and Delegation Using XACML and Delegent, Proceedings of the 6th IEEE/ACM International Workshop on Grid Computing, p.49-54, November 13-14, 2005
	Ernesto Damiani , Sabrina De Capitani di Vimercati , Pierangela Samarati, Towards securing XML Web services, Proceedings of the 2002 ACM workshop on XML security, November 22-22, 2002, Fairfax, VA
	Alban Gabillon, An authorization model for XML databases, Proceedings of the 2004 workshop on Secure web service, p.16-28, October 29-29, 2004, Fairfax, Virginia
	Martín Abadi , Bogdan Warinschi, Security analysis of cryptographically controlled access to XML documents, Proceedings of the twenty-fourth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems, June 13-15, 2005, Baltimore, Maryland
	Liam Peyton , Max Nozin, Tracking privacy compliance in B2B networks, Proceedings of the 6th international conference on Electronic commerce, October 25-27, 2004, Delft, The Netherlands
	Amit Jain , Csilla Farkas, Secure resource description framework: an access control model, Proceedings of the eleventh ACM symposium on Access control models and technologies, June 07-09, 2006, Lake Tahoe, California, USA
	Mingfei Jiang , Ada Wai-Chee Fu, Integration and Efficient Lookup of Compressed XML Accessibility Maps, IEEE Transactions on Knowledge and Data Engineering, v.17 n.7, p.939-953, July 2005
	Sushil Jajodia , Duminda Wijesekera, Recent advances in access control models, Proceedings of the fifteenth annual working conference on Database and application security, p.3-15, July 15-18, 2001, Niagara, Ontario, Canada
	Béatrice Finance , Saïda Medjdoub , Philippe Pucheral, The case for access control on XML relationships, Proceedings of the 14th ACM international conference on Information and knowledge management, October 31-November 05, 2005, Bremen, Germany
	K. Komathy , V. Ramachandran , P. Vivekanandan, Security for XML messaging services: a component-based approach, Journal of Network and Computer Applications, v.26 n.2, p.197-211, April 2003
	Sabrina De Capitani di Vimercati, An authorization model for temporal XML documents, Proceedings of the 2002 ACM symposium on Applied computing, March 11-14, 2002, Madrid, Spain
	Martín Abadi , Bogdan Warinschi, Security analysis of cryptographically controlled access to XML documents, Journal of the ACM (JACM), v.55 n.2, p.1-29, May 2008
	Naren Kodali , Duminda Wijesekera, Regulating access to SMIL formatted pay-per-view movies, Proceedings of the 2002 ACM workshop on XML security, November 22-22, 2002, Fairfax, VA
	Mark Turner , Fujun Zhu , Ioannis Kotsiopoulos , Michelle Russell , David Budgen , Keith Bennett , Pearl Brereton , John Keane , Paul Layzell , Michael Rigby, Using Web Service Technologies to Create an Information Broker: An Experience Report, Proceedings of the 26th International Conference on Software Engineering, p.552-561, May 23-28, 2004
	Chung-Hwan Lim , Seog Park , Sang H. Son, Access control of XML documents considering update operations, Proceedings of the 2003 ACM workshop on XML security, October 31-31, 2003, Fairfax, Virginia
	Andrei Stoica , Csilla Farkas, Ontology guided XML security engine, Journal of Intelligent Information Systems, v.23 n.3, p.209-223, November 2004
	Jaehong Park , Ravi Sandhu, The UCON_ABC usage control model, ACM Transactions on Information and System Security (TISSEC), v.7 n.1, p.128-174, February 2004
	Vijayalakshmi Atluri , Nabil Adam , Ahmed Gomaa , Igg Adiwijaya, Self-manifestation of composite multimedia objects to satisfy security constraints, Proceedings of the 2003 ACM symposium on Applied computing, March 09-12, 2003, Melbourne, Florida
	Duminda Wijesekera , Sushil Jajodia, A propositional policy algebra for access control, ACM Transactions on Information and System Security (TISSEC), v.6 n.2, p.286-325, May 2003
	Keith Irwin , Ting Yu , William H. Winsborough, On the modeling and analysis of obligations, Proceedings of the 13th ACM conference on Computer and communications security, October 30-November 03, 2006, Alexandria, Virginia, USA
	Makoto Murata , Akihiko Tozawa , Michiharu Kudo , Satoshi Hada, XML access control using static analysis, Proceedings of the 10th ACM conference on Computer and communications security, October 27-30, 2003, Washington D.C., USA
	Paolina Centonze , Gleb Naumovich , Stephen J. Fink , Marco Pistoia, Role-Based access control consistency validation, Proceedings of the 2006 international symposium on Software testing and analysis, July 17-20, 2006, Portland, Maine, USA
	André Adelsbach , Markus Rohe , Ahmad-Reza Sadeghi, Towards multilateral secure digital rights distribution infrastructures, Proceedings of the 5th ACM workshop on Digital rights management, November 07-07, 2005, Alexandria, VA, USA
	Ting Yu , Divesh Srivastava , Laks V. S. Lakshmanan , H. V. Jagadish, A compressed accessibility map for XML, ACM Transactions on Database Systems (TODS), v.29 n.2, p.363-402, June 2004
	Luc Bouganim , François Dang Ngoc , Philippe Pucheral, Client-based access control management for XML documents, Proceedings of the Thirtieth international conference on Very large data bases, p.84-95, August 31-September 03, 2004, Toronto, Canada
	Hristo Koshutanski , Fabio Massacci, An access control framework for business processes for web services, Proceedings of the 2003 ACM workshop on XML security, October 31-31, 2003, Fairfax, Virginia
	Naizhen Qi , Michiharu Kudo , Jussi Myllymaki , Hamid Pirahesh, A function-based access control model for XML databases, Proceedings of the 14th ACM international conference on Information and knowledge management, October 31-November 05, 2005, Bremen, Germany
	Tsung-Yi Chen, Knowledge sharing in virtual enterprises via an ontology-based access control approach, Computers in Industry, v.59 n.5, p.502-519, May, 2008
	Vaibhav Gowadia , Csilla Farkas, RDF metadata for XML access control, Proceedings of the 2003 ACM workshop on XML security, October 31-31, 2003, Fairfax, Virginia
	Alapan Arnab , Andrew Hutchison, Persistent access control: a formal model for drm, Proceedings of the 2007 ACM workshop on Digital Rights Management, October 29-29, 2007, Alexandria, Virginia, USA
	Reiner Kraft, Designing a distributed access control processor for network services on the Web, Proceedings of the 2002 ACM workshop on XML security, November 22-22, 2002, Fairfax, VA
	Makoto Murata , Akihiko Tozawa , Michiharu Kudo , Satoshi Hada, XML access control using static analysis, ACM Transactions on Information and System Security (TISSEC), v.9 n.3, p.292-324, August 2006
	Vijayalakshmi Atluri , Soon Ae Chun, An Authorization Model for Geospatial Data, IEEE Transactions on Dependable and Secure Computing, v.1 n.4, p.238-254, October 2004
	Luc Bouganim , Francois Dang Ngoc , Philippe Pucheral, Dynamic access-control policies on XML encrypted data, ACM Transactions on Information and System Security (TISSEC), v.10 n.4, p.1-37, January 2008
	M. Pistoia , S. Chandra , S. J. Fink , E. Yahav, A survey of static analysis methods for identifying security vulnerabilities in software systems, IBM Systems Journal, v.46 n.2, p.265-288, April 2007
	Airi Salminen , Frank Wm. Tompa, Requirements for XML document database systems, Proceedings of the 2001 ACM Symposium on Document engineering, November 09-10, 2001, Atlanta, Georgia, USA
	Csilla Farkas , Sushil Jajodia, The inference problem: a survey, ACM SIGKDD Explorations Newsletter, v.4 n.2, p.6-11, December 2002

INDEX TERMS

Primary Classification:
K. Computing Milieux
K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS

Additional Classification:
D. Software
D.4 OPERATING SYSTEMS
D.4.6 Security and Protection
Subjects: Access controls

I. Computing Methodologies
I.7 DOCUMENT AND TEXT PROCESSING
I.7.2 Document Preparation

Nouns: XML

General Terms:
Design, Documentation, Languages, Performance, Security, Theory, Verification

Keywords:
XML, access control, provisional authorization, security transcoding

Collaborative Colleagues:

Michiharu Kudo: colleagues

Satoshi Hada: colleagues

Peer to Peer - Readers of this Article have also read:

Augmenting shared personal calendars Proceedings of the 15th annual ACM symposium on User interface software and technology
Joe Tullio , Jeremy Goecks , Elizabeth D. Mynatt , David H. Nguyen
Open signaling for ATM, internet and mobile networks (OPENSIG'98) ACM SIGCOMM Computer Communication Review 29, 1
Andrew T. Campbell , Irene Katzela , Kazuho Miki , John Vicente
Active bridging ACM SIGCOMM Computer Communication Review 27, 4
D. Scott Alexander , Marianne Shaw , Scott M. Nettles , Jonathan M. Smith
Active electronic mail Proceedings of the 2002 ACM symposium on Applied computing
S. Karnouskos , A. Vasilakos
Polymer simulation on the hypercube Proceedings of the third conference on Hypercube concurrent computers and applications
H-Q. Ding

Adobe Acrobat

QuickTime

Windows Media Player

Real Player