EXtensible Markup Language (XML) security has become a relevant research topic due to the widespread use of XML as the language for information interchange and document definition over the Web. In this context, developing an access control mechanism in terms of XML is an important step for Web information security. In this paper, we present the protection and administration facilities of Author-X, a Java-based system for discretionary access control to XML documents. Relevant features of Author-X are both a set-oriented and a document-oriented credential-based document protection, a differentiated protection of document/document type contents through the support of multi-granularity protection objects and positive/negative authorizations, and the support for different access control strategies. In this paper, we focus on the strategies we have developed for enforcing access control. Additionally, we provide a description of the environment we have developed to help the Security Officer in performing administrative activities related to both security policy and subject credential management.
Protection and administration of XML data sources / E. Bertino, S. Castano, E. Ferrari, M. Mesiti. - In: DATA & KNOWLEDGE ENGINEERING. - ISSN 0169-023X. - 43:3(2002 Dec), pp. 237-260. ((Intervento presentato al 14. convegno IFIP Working Conference on Database and Applicaions Security tenutosi a Schoorl nel 2000.
Protection and administration of XML data sources
E. Bertino
;S. CastanoSecondo
;M. MesitiUltimo
2002
Abstract
EXtensible Markup Language (XML) security has become a relevant research topic due to the widespread use of XML as the language for information interchange and document definition over the Web. In this context, developing an access control mechanism in terms of XML is an important step for Web information security. In this paper, we present the protection and administration facilities of Author-X, a Java-based system for discretionary access control to XML documents. Relevant features of Author-X are both a set-oriented and a document-oriented credential-based document protection, a differentiated protection of document/document type contents through the support of multi-granularity protection objects and positive/negative authorizations, and the support for different access control strategies. In this paper, we focus on the strategies we have developed for enforcing access control. Additionally, we provide a description of the environment we have developed to help the Security Officer in performing administrative activities related to both security policy and subject credential management.File | Dimensione | Formato | |
---|---|---|---|
1-s2.0-S0169023X02001271-main.pdf
accesso riservato
Tipologia:
Publisher's version/PDF
Dimensione
1.06 MB
Formato
Adobe PDF
|
1.06 MB | Adobe PDF | Visualizza/Apri Richiedi una copia |
Pubblicazioni consigliate
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.