ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Formalizing XML access control for update operations
Full text pdf formatPdf (194 KB)
Source
Symposium on Access Control Models and Technologies archive
Proceedings of the 12th ACM symposium on Access control models and technologies table of contents
Sophia Antipolis, France
SESSION: Short papers: access control table of contents
Pages: 169 - 174  
Year of Publication: 2007
ISBN:978-1-59593-745-2
Authors
Irini Fundulaki  University of Edinburgh, UK
Sebastian Maneth  NICTA Ltd. and UNSW, Australia
Sponsors
ACM: Association for Computing Machinery
SIGSAC: ACM Special Interest Group on Security, Audit, and Control
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 15,   Downloads (12 Months): 168,   Citation Count: 0
Additional Information:

abstract   references   index terms   collaborative colleagues  

Tools and Actions: Review this Article  
Save this Article to a Binder    Display Formats: BibTex  EndNote ACM Ref   
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/1266840.1266868
What is a DOI?

ABSTRACT

Several languages have been proposed over the past years which support the specification of access control on XML data. Most of these languages consider read-access restrictions only and do not deal with access rights for updates(such as add, delete, or modify operations). Fine-grain XML update operations are subject to current research. This paper proposes XACU, a language for specifying access control on XML data in the presence of update operations. The update operations used in XACU are based on the W3CX Query Update Facility working draft. A formal access control model is defined which allows to study properties of XACU access policies. One essential property is consistency the policy should not allow the execution of a sequence of updates which has the same total effect as an update forbidden by the policy. Since XACU is a rich language with inherent ambiguities, checking consistency of a set of XACU rules is difficult, and undecidable in general.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

1
Elisa Bertino , Elena Ferrari, Secure and selective dissemination of XML documents, ACM Transactions on Information and System Security (TISSEC), v.5 n.3, p.290-331, August 2002  [doi>10.1145/545186.545190]
 
2
L. Bouganim, F.-D. Ngoc, et al. Client-Based Access Control Management for XML documents. In VLDB. 2004.
 
3
D. Chamberlin, D. Florescu, et al. XQuery Update Facility. http://www.w3.org/TR/xqupdate/, July 2006.
 
4
S. Cho, S. Amer-Yahia, et al. Optimizing the Secure Evaluation of Twig Queries. In VLDB. 2002.
5
Ernesto Damiani , Sabrina De Capitani di Vimercati , Stefano Paraboschi , Pierangela Samarati, A fine-grained access control system for XML documents, ACM Transactions on Information and System Security (TISSEC), v.5 n.2, p.169-202, May 2002  [doi>10.1145/505586.505590]
6
Wenfei Fan , Chee-Yong Chan , Minos Garofalakis, Secure XML querying with security views, Proceedings of the 2004 ACM SIGMOD international conference on Management of data, June 13-18, 2004, Paris, France  [doi>10.1145/1007568.1007634]
7
Irini Fundulaki , Maarten Marx, Specifying access control policies for XML documents with XPath, Proceedings of the ninth ACM symposium on Access control models and technologies, June 02-04, 2004, Yorktown Heights, New York, USA  [doi>10.1145/990036.990046]
8
Alban Gabillon, An authorization model for XML databases, Proceedings of the 2004 workshop on Secure web service, p.16-28, October 29-29, 2004, Fairfax, Virginia  [doi>10.1145/1111348.1111351]
 
9
Alban Gabillon , Emmanuel Bruno, Regulating access to XML documents, Proceedings of the fifteenth annual working conference on Database and application security, p.299-314, July 15-18, 2001, Niagara, Ontario, Canada
 
10
Alban Gabillon , Manuel Munier , Jean-Jacques Bascou , Laurent Gallon , Emmanuel Bruno, An Access Control Model for Tree Data Structures, Proceedings of the 5th International Conference on Information Security, p.117-135, September 30-October 02, 2002
 
11
S. Godik and T. M. (eds). eXtensible Access Control Markup Language (XACML) Version 1.0. OASIS Standard, 2003 February.
12
Vaibhav Gowadia , Csilla Farkas, RDF metadata for XML access control, Proceedings of the 2003 ACM workshop on XML security, October 31-31, 2003, Fairfax, Virginia  [doi>10.1145/968559.968567]
13
Chung-Hwan Lim , Seog Park , Sang H. Son, Access control of XML documents considering update operations, Proceedings of the 2003 ACM workshop on XML security, October 31-31, 2003, Fairfax, Virginia  [doi>10.1145/968559.968568]
14
Bo Luo , Dongwon Lee , Wang-Chien Lee , Peng Liu, QFilter: fine-grained run-time XML access control via NFA-based query rewriting, Proceedings of the thirteenth ACM international conference on Information and knowledge management, November 08-13, 2004, Washington, D.C., USA  [doi>10.1145/1031171.1031273]
 
15
M. Marx. XPath with conditional axis relations. In EDBT. 2004.
16
Makoto Murata , Akihiko Tozawa , Michiharu Kudo , Satoshi Hada, XML access control using static analysis, Proceedings of the 10th ACM conference on Computer and communications security, October 27-30, 2003, Washington D.C., USA  [doi>10.1145/948109.948122]
 
17
M. Oshry, B. Porter, et al. Authorizing Read Access to XML Content Using the access-control Processing Instruction 1.0. http://www.w3.org/TR/access-control, 2006 May. gobble.
18
Fausto Rabitti , Elisa Bertino , Won Kim , Darrell Woelk, A model of authorization for next-generation database systems, ACM Transactions on Database Systems (TODS), v.16 n.1, p.88-131, March 1991  [doi>10.1145/103140.103144]
19
Igor Tatarinov , Zachary G. Ives , Alon Y. Halevy , Daniel S. Weld, Updating XML, Proceedings of the 2001 ACM SIGMOD international conference on Management of data, p.413-424, May 21-24, 2001, Santa Barbara, California, United States
 
20
XML Access Control. http://www.trl.ibm.com/projects/xml/xacl/.
 
21
XUpdate: XML Update Language. http://www.xmldb.org/xupdate, 2000.
 
22
T. Yu, D. Srivastava, et al. Compressed Accessibility Map: Efficient Access Control for XML Documents. In VLDB. 2002.

INDEX TERMS

Primary Classification:
  H. Information Systems
  H.2 DATABASE MANAGEMENT
      H.2.3 Languages

Additional Classification:
  I. Computing Methodologies
  I.7 DOCUMENT AND TEXT PROCESSING
      I.7.2 Document Preparation


General Terms:
Security


Keywords:
XML access control, XML updates

Collaborative Colleagues:
Irini Fundulaki: colleagues
Sebastian Maneth: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2008 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player