Nothing Special   »   [go: up one dir, main page]
Skip to main content
Springer Nature Link
Log in

Towards Secure XML Document with Usage Control

  • Conference paper
Web Technologies Research and Development - APWeb 2005 (APWeb 2005)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 3399))

Included in the following conference series:

Abstract

XML promoted by the World Wide Web Consortium (W3C) is a de facto standard language for document representation and exchange on the Internet. XML documents may contain private information that cannot be shared by all user communities. Several approaches are designed to protect information in a website. However, these approaches typically are used at file system level, rather than for the data in XML documents that have to be protected from unauthorized access. Usage control has been considered as the next generation access control model with distinguishing properties of decision continuity.

In this paper, we present a usage control model to protect information distributed on the web, which allows the access restrictions directly on structures and documents. The model not only supports complex constraints for XML components, such as elements, attributes and datatypes but also provides a mechanism to build rich reuse relationships between models and documents. Finally, comparisons with related works are analysed.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  • Arenas, M., Libkin, L.: A normal form for XML documents. ACM Transaction on Database System 29, 195–232 (2004)

    Article  Google Scholar 

  • Bertino, E., Ferrari, E.: Secure and selective dissemination of XML documents. ACM Transaction on Information System Security 5, 290–331 (2002)

    Article  Google Scholar 

  • Bertino, E., Castano, S., Ferrari, E., Mesiti, M.: Specifying and enforcing access control policies for XML document sources. World Wide Web  3, 139–151 (2000)

    Google Scholar 

  • Bertino, E., Castano, S., Ferrari, E.: Securing XML documents: the author-X project demonstration. In: Proceedings of the 2001 ACM SIGMOD international conference on Management of data, Santa Barbara, California, United States, p. 605 (2001)

    Google Scholar 

  • Bertino, E., Castano, S., Ferrari, E., Mesiti, M.: Controlled access and dissemination of XML documents. In: Proceedings of the second international workshop on Web information and data management, Kansas City, Missouri, United States, pp. 22–27 (1999)

    Google Scholar 

  • Box, D.: Simple Object Access Protocol (SOAP) 1.1. In: World Wide Web Consortium (W3C), Cambridge, MA, USA (2000), http://www.w3.org/TR/soap

  • Bray, T., Paoli, J., Sperberg, M., Maler, E.: Extensible Markup Language (XML) 1.1, 2nd edn., World Wide Web Consortium (W3C), Cambridge, MA, USA (2000), http://www.w3.org/TR/REC-xml

  • Chinnici, R., Gudgin, M., Moreau, J., Weerawarana, S.: Web Services Description Language (WSDL) 1.2. World Wide Web Consortium (W3C), Cambridge, MA, USA (2002), http://www.w3.org/TR/wsdl12

  • Damiani, E., Capitani, S., Samarati, P.: Towards Securing XML Web Services. In: Proc. of the 2002 ACM Workshop on XML Security, Washington, DC, USA (2002)

    Google Scholar 

  • Damiani, E., Sabrina, D., Paraboschi, S., Samarati, P.: Fine grained access control for SOAP E-services. In: Proceedings of the tenth international conference on World Wide Web, Hong Kong, China, pp. 504–513 (2001)

    Google Scholar 

  • Damiani, E., Vimercati, S., Paraboschi, S., Samarati, P.: Securing XML documents. In: Zaniolo, C., Grust, T., Scholl, M.H., Lockemann, P.C. (eds.) EDBT 2000. LNCS, vol. 1777, pp. 121–135. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  • Ford, W., Baum, M.S.: Secure electronic commerce: Building the Infrastructure for Digital Signatures & Encryption Prentice Hall PTR (1997)

    Google Scholar 

  • Freier, A., Karlton, P., Kocher, P.C.: The SSL Protocol - Version 3.0 (1996), http://ftp.nectec.or.th/CIE/Topics/ssldraft/INDEX.HTM

  • Gettys, J., Mogul, J., Frystyk, H., Masinter, L., Leach, P., Berners-Lee, T.: Hypertext Transfer Protocol - HTTP/1.1 (1999)

    Google Scholar 

  • Goldschlag, D., Reed, M., Syverson, P.: Onion routing for anonymous and private Internet connections. Communications of the ACM 24, 39–41 (1999)

    Article  Google Scholar 

  • ISO: Security frameworks for open systems: Access control framework. ISO/IEC 10181-3 (1996)

    Google Scholar 

  • Jajodia, S., Samarati, P., Subrahmanian, V., Bertino, E.: A unified framework for enforcing multiple access control policies. In: Proceedings of the 1997 ACM SIGMOD international conference on Management of data, Tucson, Arizona, United States, pp. 474–485 (1997)

    Google Scholar 

  • Kudo, M., Hada, S.: XML document security based on provisional authorization. In: Proceedings of the 7th ACM conference on Computer and communications security, Athens, Greece, pp. 87–96 (2000)

    Google Scholar 

  • Li, Q., Atluri, V.: Concept-level access control for the SemanticWeb. In: Proceedings of the 2003 ACM workshop on XML security, Fairfax, Virginia, pp. 94–103 (2003)

    Google Scholar 

  • Park, J., Sandhu, R.: Towards usage control models: beyond traditional access control. In: Proceedings of the seventh ACM symposium on Access control models and technologies, Monterey, California, USA, pp. 57–64 (2002)

    Google Scholar 

  • Sabrina, D.: An authorization model for temporal XML documents. In: Proceedings of the 2002 ACM symposium on Applied computing, Madrid, Spain, pp. 1088–1093 (2002)

    Google Scholar 

  • Todd, B.: Auditing Firewalls: A Practical Guide (2004), http://www.itsecurity.com/papers/p5.htm

  • Wang, H., Cao, J., Zhang, Y.: Formal authorization allocation approaches for permission-role assignments using relational algebra operations. In: Proceedings of the 14th Australasian Database Conference, Adelaide, Australia, pp. 125–134 (2003)

    Google Scholar 

  • Wang, H., Zhang, Y., Cao, J., Varadharajan, V.: Achieving secure and flexible Mservices through tickets. In: Benatallah, B., Maamar, Z. (eds.) IEEE Transactions on Systems, Man, and Cybernetics, Part A, Special issue on M-Services, vol. 33, pp. 697–708 (2003)

    Google Scholar 

  • Zhang, X., Park, J., Sandhu, R.: Schema based XML Security: RBAC Approach. In: Proceedings of the IFIP WG (2003)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computer Science & Computer Engineering, La Trobe University, Melbourne, VIC 3086, Australia

    Jinli Cao

  2. Department of Maths & Computing, University of Southern Queensland, Toowoomba, QLD 4350, Australia

    Lili Sun & Hua Wang

Authors
  1. Jinli Cao
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lili Sun
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Hua Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Victoria University, Australia

    Yanchun Zhang

  2. University of Kyoto, Japan

    Katsumi Tanaka

  3. Chinese University of Hong Kong, Hong Kong, China

    Jeffrey Xu Yu

  4. Key Laboratory of Data Engineering and Knowledge Engineering, Renmin University of China, MOE, 100872, Beijing, P.R. China

    Shan Wang

  5. Department of Computer Science and Engineering, Shanghai Jiatong University, 80 Dongcuan Road, 200240, Shanghai, China

    Minglu Li

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Cao, J., Sun, L., Wang, H. (2005). Towards Secure XML Document with Usage Control. In: Zhang, Y., Tanaka, K., Yu, J.X., Wang, S., Li, M. (eds) Web Technologies Research and Development - APWeb 2005. APWeb 2005. Lecture Notes in Computer Science, vol 3399. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-31849-1_30

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-31849-1_30

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-25207-8

  • Online ISBN: 978-3-540-31849-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation