Elisa Bertino
Elena Ferrari
Abstract
XML (eXtensible Markup Language) has emerged as a prevalent standard for document representation and exchange on the Web. It is often the case that XML documents contain information of different sensitivity degrees that must be selectively shared by (possibly large) user communities. There is thus the need for models and mechanisms enabling the specification and enforcement of access control policies for XML documents. Mechanisms are also required enabling a secure and selective dissemination of documents to users, according to the authorizations that these users have. In this article, we make several contributions to the problem of secure and selective dissemination of XML documents. First, we define a formal model of access control policies for XML documents. Policies that can be defined in our model take into account both user profiles, and document contents and structures. We also propose an approach, based on an extension of the Cryptolope™ approach [Gladney and Lotspiech 1997], which essentially allows one to send the same document to all users, and yet to enforce the stated access control policies. Our approach consists of encrypting different portions of the same document according to different encryption keys, and selectively distributing these keys to the various users according to the access control policies. We show that the number of encryption keys that have to be generated under our approach is minimal and we present an architecture to support document distribution.
- Adam, N., Atluri, V., Bertino, E., and Ferrari, E. 2002. A content-based authorization model for digital libraries. IEEE Trans. Knowl. Data Eng. 14, 2, 296--315.]] Google Scholar
Digital Library
- Bertino, E., Carminati, B., Ferrari, E., Thuraisingam, B., and Gupta, A. 2002. Selective and authentic third-party distribution of XML documents. MIT Sloan Working Paper No. 4343-02.]]Google Scholar
- Bertino, E., Castano, S., and Ferrari, E. 2001a. Author-X: A comprehensive system for securing XML documents. IEEE Internet Comput. 5, 3, 21--31.]] Google ScholarDigital Library
- Bertino, E., Castano, S., and Ferrari, E. 2001b. On specifying security policies for web documents with an XML-based language. In Proceedings of the 1st ACM Symposium on Access Control Models and Technologies (SACMAT'01) (Chantilly, Va.). ACM, New York.]] Google ScholarDigital Library
- Bertino, E., Castano, S., Ferrari, E., and Mesiti, M. 2001c. Specifying and enforcing access control policies for XML document sources. WWW J. 3, 3, 139--151.]] Google ScholarDigital Library
- Bertino, E., and Ferrari, E. 2000. Secure and Selective Dissemination of XML Documents. Technical Report, Department of Computer Science, University of Milano (Extended version of this article.)]]Google Scholar
- Carminati, E. and Ferrari, E. 2002. Access control policy management for XML documents. Tech. Rep. Department of Computer Science, University of Milano, Milano, Italy, submitted for publication.]]Google Scholar
- Damiani, E., de Capitani di Vimercati, S., Paraboschi, S., and Samarati, P. 2000. Securing XML Documents. In Proceedings of the 6th International Conference on Extending Database Technology (Konstanz, Germany), pp. 121--135.]] Google ScholarDigital Library
- Deutsch, A., Fernandez, M., Florescu, D., Levy, A., and Suciu, D. 1999. Securing XML documents. In Proceedings of the International Conference on World Wide Web, available at: http://www.research.att.com/suciu.]]Google Scholar
- Fernandez, E., Gudes, E., and Song, H. 1994. A model for evaluation and administration of security in object-oriented databases. IEEE Trans. Knowl. Data Eng. 6, 275--292.]] Google ScholarDigital Library
- Gladney, H. and Lotspiech, J. 1997. Safeguarding digital library contents and users: Assuring convenient security and data quality. D-lib Mag.]]Google Scholar
- Herzberg, A. and Mass, Y. 2001. Relying party credentials framework. In Proceedings of the RSA Conference (San Francisco, Calif.).]] Google ScholarDigital Library
- Herzberg, A., Mass, Y., and Mihaeli, J. 2000. Access control meets public key infrastructure, or: assigning roles to strangers. In Proceedings of the IEEE Symposium on Security and Privacy (Oakland, Calif.). IEEE Computer Society Press, Los Alamitos, Calif.]] Google ScholarDigital Library
- Milo, T. and Zohar, S. 1998. Using schema matching to simplify heterogeneous data translation. In Proceedings of the 24th International Conference on Very Large Data Bases (VLDB'98). pp. 122--133.]] Google ScholarDigital Library
- OASIS Consortium. http://www.oasis-open.org.]]Google Scholar
- Osborn, S. ed. 2000. Proceedings of the 5th ACM Workshop on Role-Based Access Control (Berlin, Germany). ACM, New York.]] Google ScholarDigital Library
- Rabitti, F., Bertino, E., Kim, W., and Woelk, D. 1991. A model of authorization for next-generation database systems. ACM Trans. Datab. Syst. 16, 1, 88--131.]] Google ScholarDigital Library
- Samarati, P., Bertino, E., and Jajodia, S. 1996. An authorization model for a distributed hypertext system. IEEE Trans. Knowl. Data Eng. 8, 4, 555--562.]] Google ScholarDigital Library
- Sandhu, R., Coyne, E., Feinstein, H., and Youman, C. 1996. Role-based access control models. IEEE Comput. 29, 2, 38--47.]] Google ScholarDigital Library
- Stallings, W. 2000. Network security essentials: Applications and standars. Prentice-Hall, Englewood Cliffs, N.J.]] Google ScholarDigital Library
- Srivastava, D. 2000. Directories: Managing Data for Networked Applications. Tutorial presented at the 16th IEEE International Conference on Database Engineering (ICDE'00) (San Diego, Calif.). IEEE, Computer Society Press, Los Alamitos, Calif.]] Google ScholarDigital Library
- Summers, R. C. 1997. Secure Computing: Threats and Safeguards. McGraw-Hill, New York.]] Google ScholarDigital Library
- Winslett, M., Ching, N., Jones, V., and Slepchin, I. 1997. Using digital credentials on the world wide web. J. Comput. Secu. 7.]] Google ScholarDigital Library
- World Wide Web Consortium 1998. Extensible Markup Language (XML) 1.0. Available at: http://www.w3.org/TR/REC-xml.]]Google Scholar
- World Wide Web Consortium 2000. XML Encryption Syntax and Processing. Available at: http://lists.w3.org/Archives/Public/xml-encryption/2000Aug/att-0001/01-xmlencoverview.html.]]Google Scholar
Index Terms
- Secure and selective dissemination of XML documents
Recommendations
Design of access control system for telemedicine secure XML documents
XML can supply the standard data type in information exchange format on a lot of data generated in running database or applied programs for a company by using the advantage that it can describe meaningful information directly. Accordingly since there ...
Relevancy based access control of versioned XML documents
SACMAT '05: Proceedings of the tenth ACM symposium on Access control models and technologiesIntegration of version and access control of XML documents has the benefit of regulating access to rapidly growing archives of XML documents. Versioned XML documents provide us with valuable informations on dependencies between document nodes, but at ...
Secure distribution and access of XML documents
XML has been widely used for representation and storage of documents and their exchange over the internet. Security mechanisms for the protection of XML document sources and their distribution are essential. In this paper, we present a novel scheme for ...
Comments