Balisage Paper: Secure Publishing using Schema-level Role-based Access Control Policies for Fragments of XML Documents
August 12 - 15, 2008
The materials listed below were provided by the speaker as supplements to a
presentation at Balisage. These materials may include the slides or visuals used in
the
presentation; supplementary material, such as code samples or a demonstration application;
and/or the paper accompanying the presentation (if it has not been provided in XML).
These
materials have been zipped for easy download and are identified by a brief description
of
the contents. The materials themselves are untouched
, that is, they
have not been tested or edited by Balisage: The Markup Conference or by Mulberry
Technologies, Inc. As such, they are included on this website AS IS
,
i.e., as provided by the speaker, with no warranties, express or otherwise, made by
Balisage
or Mulberry.
Slides and Materials
- Balisage2008-Muldner01.zip: Presentation slides in Microsoft Office Open XML (ppsx).
Baldonado, M., Bertino, E. and Ferrari, E. Secure and Selective Dissemination of XML Documents. ACM Transactions on Information and System Security (TISSEC), 5(3):290–331, (2002). doi:https://doi.org/10.1145/545186.545190.
Bertino, E., Carminati, B., Ferrari, E., Thuraisingham B. and A. Gupta. Selective and Authentic Third-Party Distribution of XML Documents. IEEE Transactions on Knowledge and Data Engineering (TKDE), 16(10), 2004, pp. 1263–1278.https://doi.org/10.1109/TKDE.2004.63.
Bertino, E., Carminati, B. and Ferrari, E. A temporal key management scheme for secure broadcasting of XML documents. Conference on Computer and Comm. Security. Proc. of the 9th ACM conference on Computer and communications security (2002): 31–40.
Bertino, E., Carminati, B. and Ferrari, E. Securing XML Documents with Author-X. IEEE Internet Computing Volume 5, Issue 3 (2001): 21 – 31. doi:https://doi.org/10.1109/4236.935172.
Crampton, J. Applying hierarchical and role-based access control to XML documents. Proc. of the 2004 workshop on Secure web service (2004): 37 – 46.
Damiani, E. De Capitani di Vimercati, S.D.C. and Samarati, P. New paradigms for access control in open environments. Signal Processing and Information Technology, Proc. of the Fifth IEEE International Symposium (2005): 540–545.
Damiani, E., De Capitani di Vimercati, S., Paraboschi, S. and Samarati, P. A Fine-grained Access Control System for XML Documents. ACM Transactions on Information and System Security,5(2): 169–202,(2002). doi:https://doi.org/10.1145/505586.505590.
De Capitani di Vimercati, S., Paraboschi, S. and Samarati, P. Access control: principles and solutions. Software Practice and Experience, Vol, 33, Issue 5 (April 2003): 397–421. John Wiley and Sons, Inc. doi:https://doi.org/10.1002/spe.513.
Devanbu, P., Gertz, M., Kwong, A., Martel, C., Nuckolls, G. and S.G. Stubblebine. Flexible Authentication of XML documents. In Proc. of the 8th ACM Conference on Computer and Communications Security, ACM Press, (2001).
Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.S. and Chandramouli, R. Proposed NIST Standard for Role-Based Access Control. ACM Trans. on Information and System Security, 4 (3), (2001), 224–274. doi:https://doi.org/10.1145/501978.501980.
Fundulaki, I. and Marx, M. Specifying access control policies for XML documents. Proceedings of the ninth ACM symposium on Access control models and technologies (2004) 61 – 69.
Goel, S K., Clinton, C. and Rosenthal, A. Derived access control specification for XML. Proc. of the 2003 ACM workshop on XML security (2003): 1 – 14.
Kudo, M. and Hada S. XML document security based on provisional authorization. Proc. of the 7th ACM conference on Computer and communications security (2000): 87 –96.
Kuper, G., Massaci, F. and Rassadko, N. Generalized XML security views. Proc. of the tenth ACM symposium on Access control models and technologies. (2005):77–84.
Miklau, G. and Suciu, D. Controlling Access to Published Data Using Cryptography, In Proc. of the 29th VLDB Conference, Berlin, Germany, (2003).
Müldner, T., Leighton, G. and Miziolek, J.K. Using Multi-Encryption to Provide Secure and Controlled Access to XML Documents. Extreme Markup Languages 2006, (2006), Montreal, Canada.
Müldner, T., Leighton, G. and Miziolek, J.K. Succinct Access Control Policies for Published XML Datasets. 10th International Conference on Enterprise Information Systems. 12 –16, June 2008, Barcelona, Spain.
Ramaswamy C. A Policy Validation Framework for Enterprise Authorization Specification. 19th Annual Computer Security Applications Conference ACSAC, (2003): 319–329.
Extensible Markup Language (XML) 1.0 (Fourth Edition) http://www.w3.org/TR/REC-xml/.
XML Path Language. http://www.w3.org/TR/xpath.
XML Schema http://www.w3.org/TR/xmlschema-0/.
Zhang, X., Park, J. and Sandhu, R. Schema based XML Security: RBAC Approach, 17th IFIP 11.3. Working Conference on Data and Application Security, 2003.