We use cookies to improve your experience with our site.

Indexed in:

SCIE, EI, Scopus, INSPEC, DBLP, CSCD, etc.

Submission System
(Author / Reviewer / Editor)
Advanced Search
Volume 22 Issue 1
January  2007
Turn off MathJax
Article Contents
Abstract
References
Dong-Xi Liu. CSchema: A Downgrading Policy Language for XML Access Control[J]. Journal of Computer Science and Technology, 2007, 22(1): 44-53.
Citation: Dong-Xi Liu. CSchema: A Downgrading Policy Language for XML Access Control[J]. Journal of Computer Science and Technology, 2007, 22(1): 44-53.
shu

CSchema: A Downgrading Policy Language for XML Access Control

  • Department of Mathematical Informatics, University of Tokyo, Japan

More Information
  • Received Date: October 14, 2005
  • Revised Date: July 01, 2006
  • Published Date: January 14, 2007
    Abstract
  • The problem of regulating access to XML documents has attracted muchattention from both academic and industry communities. In existingapproaches, the XML elements specified by access policies are eitheraccessible or inaccessible according to their sensitivity. However, in some cases, the original XMLelements are sensitive and inaccessible, but after being processedin some appropriate ways, the results become insensitive and thus accessible. This paper proposes a policy language to accommodate suchcases, which can express the downgrading operations on sensitivedata in XML documents through explicit calculations on them.The proposed policy language is called {\it calculation-embedded schema}(CSchema), which extends the ordinary schema languages with {\itprotection type} for protecting sensitive data and specifyingdowngrading operations. CSchema language has a type system toguarantee the type correctness of the embedded calculation expressionsand moreover this type system also generates a security view aftertype checking a CSchema policy. Access policies specified by CSchema areenforced by a validation procedure, which produces the releaseddocuments containing only the accessible data by validating theprotected documents against CSchema policies. These released documentsare then ready to be accessed by, for instance, XML query engines. Byincorporating this validation procedure, other XML processingtechnologies can use CSchema as the access control module.
    • FullText(HTML)
    • References (25)
  • [1]
    Wenfei Fan, Chee-Yong Chan, Minos Garofalakis. Secure -XML} querying with security views. In -\it Proc. the 2004 ACM Int. Conf. Management of Data}, Paris, France, 2004, pp.587--598.
    [2]
    Damiani E, di Vimercati S, Paraboschi S \it et al. \rm Securing XML documents. In -\it Proc. Int. Conf. Extending Database Technology,} Konstanz, Germany, 2000, -\it LNCS 1777}, pp.121--135.
    [3]
    Damiani E, di Vimercati S, Paraboschi S \it et al. \rm A fine-grained access control system for -XML} documents. -\it ACM Trans. Information and System Security}, 2002, 5(2): 2: 169--202.
    [4]
    Bertino E, Ferrari E. Secure and selective dissemination of -XML} documents. \it ACM Trans. Information and System Security, \rm 2002, 5(3): 290--331.
    [5]
    Gabilon A, Bruno E. Regulating access to -XML} documents. In -\it Working Conf. Database and Application Security}, Ontario, Canada, 2001, pp.299--314.
    [6]
    Makoto Murata, Akihiko Tozawa, Michiharu Kudo, Satoshi Hada. -XML} access control using static analysis. In -\it Proc. 10th ACM Conf. Computer and Communications Security}, Washington DC, USA, 2003, pp.73--84.
    [7]
    Hada S, Kudo M. XML access control language: Provisional authorization for -XML} documents. 2000, http://www.trl.ibm.com/projects/xml/xacl.
    [8]
    Godik S, Moses T. eXtensible access control markup 2 language (XACML) Version 1.0. 2003, http://www.oasis-open.org/specs/index.php.
    [9]
    Irini Fundulaki, Maarten Marx. Specifying access control policies for -XML} documents with -XPath}. In -\it Proc. the 9th ACM Symp. Access Control Models and Technologies}, New York, USA, 2004, pp.61--69.
    [10]
    Stephen Chong, Andrew C Myers. Security policies for downgrading. In -\it Proc. the 11th ACM Conf. Computer and Communications Security}, Washington DC, USA, -2004}, pp.198--209.
    [11]
    Veronique Benzaken, Giuseppe Castagna, Alain Frisch. CDuce: An -XML}-centric general-purpose language. In -\it Proc. the 8th Int. Conf. Functional Programming}, Uppsala, Sweden, 2003, pp.51--63.
    [12]
    Jerome Simeon, Philip Wadler. The essence of -XML}. In -\it Proc. the 30th ACM Symp. Principles of Programming Languages}, New Orleans, Louisiana, USA, 2003, pp.1--13.
    [13]
    Hosoya H, Pierce B C. XDuce: A typed -XML} processing language. -\it ACM Trans. Internet Technology}, 2003, 3(2): 117--148.
    [14]
    Dario Colazzo, Giorgio Ghelli, Paolo Manghi, Carlo Sartiani. Types for path correctness of -XML} queries. In -\it Proc. the 9th ACM Int. Conf. Functional Programming}, Snowbird, USA, 2004, pp.126--137.
    [15]
    Haruo Hosoya, Jerome Vouillon, Benjamin C Pierce. Regular expression types for -XML}. In -\it Proc. the 5th ACM Int. Conf. Functional Programming}, Montreal, Canada, 2000, pp.11--22.
    [16]
    Dongxi Liu, Zhenjiang Hu, Masato Takeichi. An environment for maintaining computation dependency in -XML} documents. In -\it Proc. the 2005 ACM Symp. Document Engineering}, Bristol, UK, 2005, pp.42--51.
    [17]
    W3C Recommendation. XML Query (XQuery). 2005, http://www.w3.org/XML/Query.
    [18]
    Bierman G, Meijer E, Schulte W. The essence of data access in -C}omega. In -\it European Conf. Object-Oriented Programming, LNCS 3586}, Glasgow, UK, 2005, pp.287--311.
    [19]
    The Galax Team. Galax: An Implementation of -XQuery}. http://www.galaxquery.org.
    [20]
    Mary Fernandez, Jerome Simeon. Build your own -XQuery} processor. In -\it EDBT Summer School}, Sardinia, Italy, 2004.
    [21]
    Serge Abiteboul, Omar Benjelloun, Tova Milo. Positive active -XML}. In -\it Proc. the 23rd ACM Symp. Principles of Database Systems}, Paris, France, 2004, pp.35--45.
    [22]
    Schneider F B, Morrisett G, Harperi R. A language-based approach to security. \it Informatics: 10 Years Back, 10 Years Ahead, \rm -\it LNCS 2000}, Springer-Verlag, 2000, pp.86--101.
    [23]
    George C Necula. Proof-carrying code. In -\it Proc. the 24th ACM Symp. Principles of Programming Languages}, Paris, France, 1997, pp.106--119.
    [24]
    Cedric Fournet, Andrew D Gordon. Stack inspection: Theory and variants. In -\it Proc. the 29th ACM Symp. Principles of Programming Languages}, Portland, Oregon, USA, 2002, pp.307--318.
    [25]
    Peng Li, Steve Zdancewic. Downgrading policies and relaxed noninterference. In -\it Proc. ACM Symp. Principles of Programming Languages}, Long Beach, California, 2005, pp.158--170.
    • Relative Articles
  • Supplements (0)

Catalog

    Get Citation
    XML
    Article views (14) PDF downloads (4891) Cited by()
    Related

    Copyright ©2025 JCST, All Rights Reserved     京ICP备05002829号-1

    Institute of Computing Technology, Chinese Academy of Sciences
    P.O. Box 2704, Beijing 100190, P.R. China

    Tel.: 86-10-62610746 E-mail: jcst@ict.ac.cn

    /

    DownLoad:  Full-Size Img  PowerPoint
    Return
    Return