DOI QR코드

DOI QR Code

Efficient Authorization Method for XML Document Security

XML 문서 보안을 위한 효율적인 권한부여 방법

  • Published : 2009.08.28

Abstract

XML can supply the standard data type in information exchange format on a lot of data generated in running database or applied programs for a company by using the advantage that it can describe meaningful information directly. Therefore, as it becomes more and more necessary to manage and protect massive XML data in an efficient way, the development of safe XML access control techniques needs a new method. In this study access authorization policies are defined to design access control systems. The findings demonstrated that algorithm suggested in this study improved system performance which was low due to the complex authorization evaluation process in the existing access control techniques. It is consequently proved that the safe XML access control policy presented in this study is in an improved form as compared with the existing access control methods.

Keywords

Security;Policy;Authorization;XML

References

  1. 조선문, 정경용, "웹 서비스를 위한 데이터 접근제어의 정책 시스템", 한국콘텐츠학회논문지, 제8권, 제11호, pp.25-32, 2008. https://doi.org/10.5392/JKCA.2008.8.11.025
  2. M. Bartel, J. Boyer, B. Fox, B. LaMacchia, and E. Simon, "XML Signature Syntax and Processing," http://www.w3.org/TR/xmldsig-core/, 2002.
  3. T. Imamura, B. Dillaway, and E. Simon, "XML Encryption Syntax and Processing," http://www.w3.org/TR/xmlenc-core/, 2002.
  4. M. Bartel, J. Boyer, B. Fox, B. La Macchia, and E. Simon, "XML Key Management Specification(XKMS 2.0)," http://www.w3.org/TR/xmldsig-core/, 2002.
  5. E. Damiani, S. De Capitani di Vimercati, S. Paraboschi, and P. Samarati, "Securing XML documents," in Proceedings of the 2000 International Conference on Extending Database Technology, Konstanz, Germany, pp.27-31, 2000.
  6. M. Kudo and S. Hada, "XML Document Security based on Provisional Authorization," Athens, Greece, 2000. https://doi.org/10.1145/352600.352613
  7. P. Samarati, E. Bertino, and S. Jajodia, "An authorization model for a distributed hypertext system," IEEE Trans. Knowl. Data Eng. 8, pp.555-562, 1996. https://doi.org/10.1109/69.536249
  8. A. Deutsch, M. Fernandez, D. Florescu, A. Levy, and D. Suciu, "A Query Language for XML," In International Conference on World Wide Web, http://www8.org/, 1999.
  9. Content Guard. "eXtenible Rights Markup Language (XrML) 2.0," Available at http://www.xrml.org, 2001.
  10. A. Gabillon and E. Bruno, "Regulating access to XML documents," In Proceedings of the Fifteenth Annual IFIP WG 11.3 Working Conference on Database Security 2001.
  11. A. R. Schmidt, F. Waas, M. L. Kersten, D. Florescu, I. Manolescu, M. J. Carey, and R. Busse, "The XML Benchmak Project," Thechnical Report INS-R0103, CWI, 2001.
  12. R. S. Sandhu, E. J. Coyne, H. L. Feinstein, and C. E. Youman, "Role-Based Access Control Models," IEEE Computer, Vol.29, No.2, pp.38-47, 1996. https://doi.org/10.1109/2.485845
  13. N. Qi, M. Kudo, J. Myllymaki, and H. Pirahesh. "A Function-Based Access Control Model for Xml Databases," In proc. CIKM, ACM, pp.115-122, 2005.
  14. M. Murata, A. Tozawa, M. Kudo, and S. Hada, "Xml Access Control using Static Analysis," ACM Transactions on Information and System Security, 2006.

Cited by

  1. Design of access control system for telemedicine secure XML documents vol.74, pp.7, 2015, https://doi.org/10.1007/s11042-014-1938-x