![[x]](../../../icons/eks.png)
Baldonado, M., Bertino, E. and Ferrari, E. Secure and Selective Dissemination of XML Documents. ACM Transactions on Information
and System Security (TISSEC), 5(3):290–331, (2002). doi:10.1145/545186.545190.
Bertino, E., Carminati, B., Ferrari, E., Thuraisingham B. and A. Gupta. Selective and Authentic Third-Party Distribution of
XML Documents. IEEE Transactions on Knowledge and Data Engineering (TKDE), 16(10), 2004, pp. 1263–1278.10.1109/TKDE.2004.63.
Bertino, E., Carminati, B. and Ferrari, E. A temporal key management scheme for secure broadcasting of XML documents. Conference
on Computer and Comm. Security. Proc. of the 9th ACM conference on Computer and communications security (2002): 31–40.
Bertino, E., Carminati, B. and Ferrari, E. Securing XML Documents with Author-X. IEEE Internet Computing Volume 5, Issue 3
(2001): 21 – 31. doi:10.1109/4236.935172.
Crampton, J. Applying hierarchical and role-based access control to XML documents. Proc. of the 2004 workshop on Secure web
service (2004): 37 – 46.
Damiani, E. De Capitani di Vimercati, S.D.C. and Samarati, P. New paradigms for access control in open environments. Signal
Processing and Information Technology, Proc. of the Fifth IEEE International Symposium (2005): 540–545.
Damiani, E., De Capitani di Vimercati, S., Paraboschi, S. and Samarati, P. A Fine-grained Access Control System for XML Documents.
ACM Transactions on Information and System Security,5(2): 169–202,(2002). doi:10.1145/505586.505590.
De Capitani di Vimercati, S., Paraboschi, S. and Samarati, P. Access control: principles and solutions. Software Practice
and Experience, Vol, 33, Issue 5 (April 2003): 397–421. John Wiley and Sons, Inc. doi:10.1002/spe.513.
Devanbu, P., Gertz, M., Kwong, A., Martel, C., Nuckolls, G. and S.G. Stubblebine. Flexible Authentication of XML documents.
In Proc. of the 8th ACM Conference on Computer and Communications Security, ACM Press, (2001).
Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.S. and Chandramouli, R. Proposed NIST Standard for Role-Based Access Control.
ACM Trans. on Information and System Security, 4 (3), (2001), 224–274. doi:10.1145/501978.501980.
Fundulaki, I. and Marx, M. Specifying access control policies for XML documents. Proceedings of the ninth ACM symposium on
Access control models and technologies (2004) 61 – 69.
Goel, S K., Clinton, C. and Rosenthal, A. Derived access control specification for XML. Proc. of the 2003 ACM workshop on
XML security (2003): 1 – 14.
Kudo, M. and Hada S. XML document security based on provisional authorization. Proc. of the 7th ACM conference on Computer
and communications security (2000): 87 –96.
Kuper, G., Massaci, F. and Rassadko, N. Generalized XML security views. Proc. of the tenth ACM symposium on Access control
models and technologies. (2005):77–84.
Miklau, G. and Suciu, D. Controlling Access to Published Data Using Cryptography, In Proc. of the 29th VLDB Conference, Berlin,
Germany, (2003).
Müldner, T., Leighton, G. and Miziolek, J.K. Using Multi-Encryption to Provide Secure and Controlled Access to XML Documents.
Extreme Markup Languages 2006, (2006), Montreal, Canada.
Müldner, T., Leighton, G. and Miziolek, J.K. Succinct Access Control Policies for Published XML Datasets. 10th International
Conference on Enterprise Information Systems. 12 –16, June 2008, Barcelona, Spain.
Ramaswamy C. A Policy Validation Framework for Enterprise Authorization Specification. 19th Annual Computer Security Applications
Conference ACSAC, (2003): 319–329.
Zhang, X., Park, J. and Sandhu, R. Schema based XML Security: RBAC Approach, 17th IFIP 11.3. Working Conference on Data and
Application Security, 2003.
Secure Publishing using Schema-level Role-based Access Control Policies for Fragments of XML Documents
Tomasz Müldner
Professor
Jodrey School of Computer Science, Acadia University
Robin McNeill
Graduate Student
Jodrey School of Computer Science, Acadia University
Jan Krzysztof Miziołek
Director
Computing Services Centre for Studies on the Classical Tradition in Poland and East-Central Europe, University of Warsaw,
Warsaw, Poland
Abstract
Popularity of social networks is growing rapidly and secure publishing is an important implementation tool for these networks.
At the same time, recent implementations of access control policies (ACPs) for sharing fragments of XML documents have moved
from distributing to users numerous sanitized sub-documents to disseminating a single document multi-encrypted with multiple
cryptographic keys, in such a way that the stated ACPs are enforced. Any application that uses this implementation of ACPs
will incur a high cost of generating keys separately for each document. However, most such applications, such as secure publishing,
use similar documents, i.e. documents based on a selected schema. This paper describes RBAC defined at the schema level, (SRBAC),
and generation of the minimum number of keys at the schema level. The main advantage of our approach is that for any application
that uses a fixed number of schemas, keys can be generated (or even pre-generated) only once, and then reused in all documents
valid for the given schema. While in general, key generation at the schema level has to be pessimistic, our approach tries
to minimize the number of generated keys. Incoming XML documents are efficiently encrypted using single-pass SAX parsing in
such a way that the original structure of these documents is completely hidden. We also describe distributing to each user
only keys needed for decrypting accessible nodes, and for applying the minimal number of encryption operations to an XML document
required to satisfy the protection requirements of the policy.
Secure Publishing using Schema-level Role-based Access Control Policies for Fragments of XML Documents
Balisage: The Markup Conference 2008
August 12 - 15, 2008
The materials listed below were provided by the speaker as supplements to a
presentation at Balisage. These materials may include the slides or visuals used in the
presentation; supplementary material, such as code samples or a demonstration application;
and/or the paper underlying the presentation (if it has not been provided in XML). These
materials have been zipped for easy download and are identified by a brief description of
the contents. The materials themselves are untouched
, that is, they
have not been tested or edited by Balisage: The Markup Conference or by Mulberry
Technologies, Inc. As such, they are included on this website AS IS
,
i.e., as provided by the speaker, with no warranties, express or otherwise, made by Balisage
or Mulberry.
Slides and Materials
Author's keywords for this paper: Secure access; Social networks; Encryption; XML Schema
