Article

On specifying security policies for web documents with an XML-based language

Authors:

Silvana Castano,

Elena FerrariAuthors Info & Claims

SACMAT '01: Proceedings of the sixth ACM symposium on Access control models and technologies

Pages 57 - 65

https://doi.org/10.1145/373256.373264

Published: 01 May 2001 Publication History

Abstract

The rapid growth of the Web and the ease with which data can be accessed facilitate the distribution and sharing of information. Information dissemination often takes the form of documents that are made available at Web servers, or that are actively broadcasted by Web servers to interested clients. In this paper, we present an XML-compliant formalism for specifying security-related information for Web document protection. In particular, we introduceX-Sec, an XML-based language for specifying subject credentials and security policies and for organizing them into subject profiles and policy bases, respectively. The language is complemented by a set of subscription-based schemes for accessing distributed Web documents, which rely on defined XML subject profiles and XML policy bases.

References

[1]

E. Bertino, S. Castano, E. Ferrari and M. Mesiti. Specifying and Enforcing Access Control Policies for XML Document Sources. World Wide Web Journal, Baltzer Science Publishers, 3(3), 2000.

Digital Library

[2]

E. Bertino, S. Castano, and E. Ferrari. Securing XML Documents: the Author-X Project Demonstration. In Proc. of the SIGMOD 2001 Conferece, Santa Barbara (CA), May 2001.

Digital Library

[3]

E. Bertino, S. Castano, and E. Ferrari. Author-X: a Comprehensive System for Securing XML Documents. Techical Report, DSI - University of Milano, submitted for publication.

[4]

M. Blaze, J. Feigenbaum, J. Lacy. Decentralized Trust Management. IEEE Conf. on Security and Privacy, Oakland, CA, May, 1996.

Digital Library

[5]

S. Castano, M.G. Fugini, G. Martella, P. Samarati. Database Security. Addison-Wesley, 1995.

Digital Library

[6]

S. Castano and V. De Antonellis. A Discovery-based Approach to Database Ontology Design. Distributed and Parallel Databases { Special Issue on Ontologies and Databases, 7(1), 1999.

Digital Library

[7]

H. Gladney and J. Lotspiech. Safeguarding Digital Library Contents and Users: Assuring Convenient Security and Data Quality. D-lib Magazine, May 1997.

Digital Library

[8]

A. Herzberg, Y. Mass. Relying Party Credentials Framework. in Proc. of RSA Conference, San Francisco, CA, April 2001.

Digital Library

[9]

A. Herzberg, Y. Mass, J. Mihaeli. Access Control Meets Public Key Infrastructure, Or: Assigning Roles to Strangers. in Proc. of IEEE Symposium on Security and Privacy, Oakland, CA, May, 2000.

Digital Library

[10]

C. Geuer Pollmann. The XML Security Page. http://www.nue.et-inf.uni-siegen.de/~ geuerpollmann/xml security.html

[11]

J. Park, R. Sandhu and G.J. Ahn. Secure Attribute Services on the Web. ACM TISSEC (to appear), 2000.

[12]

W. Stallings. Network Security Essentials: Applications and Standars. Prentice Hall, 2000.

Digital Library

[13]

W. Winsborough, K. Seamons, V. Jones. Automated Trust Negotiation. DARPA Information Survivability Conference and Exposition (DISCEX'2000), January, 2000.

[14]

M. Winslett, N. Ching, V. Jones, I. Slepchin. Using Digital Credentials on the World Wide Web. Journal of Computer Security, 7, 1997.

Digital Library

[15]

Word Wide Web Consortium. XML Path Language (Xpath), 1.0, 1999. W3C Recommendation. Available at http://www.w3.org/TR/xpath.

[16]

Word Wide Web Consortium. Extensible Markup Language (XML) 1.0, 1998. Available at http://www.w3.org/TR/REC-xml

Cited By

Jain TDeters R(2022)Integrating blockchain-based access control model TBAAC for privacy and accountability for water science project2022 IEEE 1st Global Emerging Technology Blockchain Forum: Blockchain & Beyond (iGETblockchain)10.1109/iGETblockchain56591.2022.10087141(1-6)Online publication date: 7-Nov-2022
https://doi.org/10.1109/iGETblockchain56591.2022.10087141
Meng YHuang ZZhou YKe C(2018)Privacy-aware cloud service selection approach based on P-Spec policy models and privacy sensitivitiesFuture Generation Computer Systems10.1016/j.future.2018.03.01386(1-11)Online publication date: Sep-2018
https://doi.org/10.1016/j.future.2018.03.013
Kolar MFernandez-Gago CLopez J(2018)Policy Languages and Their Suitability for Trust NegotiationData and Applications Security and Privacy XXXII10.1007/978-3-319-95729-6_5(69-84)Online publication date: 10-Jul-2018
https://doi.org/10.1007/978-3-319-95729-6_5
Show More Cited By

Index Terms

On specifying security policies for web documents with an XML-based language

Recommendations

Design of access control system for telemedicine secure XML documents

XML can supply the standard data type in information exchange format on a lot of data generated in running database or applied programs for a company by using the advantage that it can describe meaningful information directly. Accordingly since there ...
Filtering XPath expressions for XML access control

XPath is a standard for specifying parts of XML documents and a suitable language for both query processing and access control of XML. In this paper, we use the XPath expression for representing user queries and access control for XML. And we propose an ...
Specifying access control policies for XML documents with XPath
SACMAT '04: Proceedings of the ninth ACM symposium on Access control models and technologies

Access control for XML documents is a non-trivial topic, as can be witnessed from the number of approaches presented in the literature. Trying to compare these, we discovered the need for a simple, clearand unambiguous language to state the declarative ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SACMAT '01: Proceedings of the sixth ACM symposium on Access control models and technologies

May 2001

181 pages

ISBN:1581133502

DOI:10.1145/373256

Chairmen:
Ravi Sandhu
George Mason Univ., Fairfax, VA
,
Trent Jaeger
IBM

Copyright © 2001 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 May 2001

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Conference

SACMAT01

Sponsor:

SIGSAC

SACMAT01: 6th ACM Symposium on Access Control Models and Technologies

Virginia, Chantilly, USA

Acceptance Rates

Overall Acceptance Rate 177 of 597 submissions, 30%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

78
Total Citations
View Citations
1,821
Total Downloads

Downloads (Last 12 months)3
Downloads (Last 6 weeks)0

Reflects downloads up to 14 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Jain TDeters R(2022)Integrating blockchain-based access control model TBAAC for privacy and accountability for water science project2022 IEEE 1st Global Emerging Technology Blockchain Forum: Blockchain & Beyond (iGETblockchain)10.1109/iGETblockchain56591.2022.10087141(1-6)Online publication date: 7-Nov-2022
https://doi.org/10.1109/iGETblockchain56591.2022.10087141
Meng YHuang ZZhou YKe C(2018)Privacy-aware cloud service selection approach based on P-Spec policy models and privacy sensitivitiesFuture Generation Computer Systems10.1016/j.future.2018.03.01386(1-11)Online publication date: Sep-2018
https://doi.org/10.1016/j.future.2018.03.013
Kolar MFernandez-Gago CLopez J(2018)Policy Languages and Their Suitability for Trust NegotiationData and Applications Security and Privacy XXXII10.1007/978-3-319-95729-6_5(69-84)Online publication date: 10-Jul-2018
https://doi.org/10.1007/978-3-319-95729-6_5
Vakali A(2018)Access Control Policy LanguagesEncyclopedia of Database Systems10.1007/978-1-4614-8265-9_5(17-22)Online publication date: 7-Dec-2018
https://doi.org/10.1007/978-1-4614-8265-9_5
Xia DZhang Y(2017)The fuzzy control of trust establishment2017 4th International Conference on Systems and Informatics (ICSAI)10.1109/ICSAI.2017.8248370(655-659)Online publication date: Nov-2017
https://doi.org/10.1109/ICSAI.2017.8248370
Vakali A(2017)Access Control Policy LanguagesEncyclopedia of Database Systems10.1007/978-1-4899-7993-3_5-2(1-6)Online publication date: 5-Jan-2017
https://doi.org/10.1007/978-1-4899-7993-3_5-2
Xia D(2016)Analysis of multi-party negotiation process2016 3rd International Conference on Systems and Informatics (ICSAI)10.1109/ICSAI.2016.7811049(732-737)Online publication date: Nov-2016
https://doi.org/10.1109/ICSAI.2016.7811049
Halboob WMamat AMahmod R(2014)Push-based XML access control policy languages: A review2014 International Symposium on Biometrics and Security Technologies (ISBAST)10.1109/ISBAST.2014.7013118(182-187)Online publication date: Aug-2014
https://doi.org/10.1109/ISBAST.2014.7013118
Aldeen NQuirchmayr G(2013)Enhancing privacy protection in distributed environments through identification and authentication-based secure data-level access controlProceedings of the 2013 international conference on Information and Communication Technology10.1007/978-3-642-36818-9_48(441-446)Online publication date: 25-Mar-2013
https://dl.acm.org/doi/10.1007/978-3-642-36818-9_48
Qin LAtluri V(2010)Semantics-aware security policy specification for the semantic web dataInternational Journal of Information and Computer Security10.1504/IJICS.2010.0318594:1(52-75)Online publication date: 1-Feb-2010
https://dl.acm.org/doi/10.1504/IJICS.2010.031859
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents