XML Access Control

Post on 06-Jan-2016

54 views 3 download

Preview:

Click to see full reader
Report this document
SHARE

description

2. 1. Query. Query screening. 2, 5, 8. Reject Query. /MedicalDb/Patient/. -read. MedicalDb. Security violated. Object -. Patient. Patient. SSN. rxacl:accesstype. Association level classification. Security policy. XML Store. rxacl:AsscRoot. *. Name. Name. Patient. - PowerPoint PPT Presentation

Transcript of XML Access Control

XML Access ControlXML Access ControlC. Farkas, V. Gowadia, A. Jain

University of South Carolina, ColumbiaC. Farkas, V. Gowadia, A. Jain

University of South Carolina, Columbia

Research Objectives

• Research and Prototype Access Control Models that– Capture semantics of data– Provide flexible security granularity– Provide flexible conflict resolution– Provide secure document updates preserving document integrity– Provide protection against illegal inferences

• Prove security of access control models developed• Provide complexity analysis of algorithms developed

Example Approach

• RDF-based XML Access Control Language (RXACL)• RXACL Framework defines two types of protection objects:

• Simple security Objects• Association Objects

• Layered Access Control Model• User queries and data returned to user are logged in history file• Tree extension algorithms uses XML-keys to combine information viewed

by user

MedicalDb

Patient*

Allergies

Allergen*

Phone

Birthdate

Name

SSN

Race

DateDiagnosis

Physician

Prescription

*

Comments

Patient

Phone

Name

Patient

Birthdate

Race

DateDiagnosis

Comments

DTD of Patient Health Record

++

-

++

+

Node levelclassification

Object - Association levelclassification

Functional Architecture Layered Access Control

RXACL model allows enforcement of access control on association between personal information and medical information of patients.However, it allows users to access parts of association separately.

RDF-based XML Access Control Language

rxacl:Association-A0

/MedicalDb/Patient/

meddb:Association-A0

rdf:Bag

name

diagnosis

rxacl:AsscRoot

rxacl:includes

rdf:type

rdf:type

rxacl:relpath

rxacl:Rule-R0

-read

meddb:Association-A0

Alice

rxacl:Rule

rdf:type

rxacl:object

rxacl:user

rxacl:accesstype

Example: RDF representation of Rules

Example: Association Object representation

Association objects cannot be expressed at node-level, and represent a new layer (association-level) for defining access control. Note that, nodes contained in explicitly defined associations have two classifications assigned to them.

1. Query

3. Answer

5. Security notviolated

7. Returntrees

10. Return answer

2, 5, 8. Reject Query

Check securityviolations

Securitypolicy XML

Store

Tree Extension

Update History

HistoryFile

9.

6.

4.

Securityviolated

8. Security

not violated

Queryscreening

2.

Top related

XML damage control - Amazon S3 · PDF fileBenchmark 3 Conclusion Silvan Jegen () ... XML vs. JSON XML ... XML damage control 24. September 2016 18 / 22. yxml yxml
 Documents
Compressed Accessibility Map: Efficient Access Control for XML
 Documents
Pragmatic XML Access Control using Off-the-shelf RDBMS
 Documents
PANEL ON XML AND SECURITY · cryption, access control, and authentication. In providing access control for XML documents, one of the major challenges is the level of granularity.
 Documents
Access Control Models for XML - members.loria.fr · 11 XML in the Industry • Most commercial RDBMSs now provide some XML support • Oracle 11g - XML DB • IBM DB2 pureXML •
 Documents
Pragmatic XML Access Control using O -the-shelf RDBMSpike.psu.edu/publications/esorics07.pdf · RDBMS is amount to the problem of converting XML deep set opera-tors into equivalent
 Documents
Secure and Selective Authentication and Access Control of XML Documents Bhavani Thuraisingham April 8, 2009 Lecture #22.
 Documents
Access Control Discretionary Access Control Lecture 4.
 Documents
SXCCP+: Simple XML Concurrency Control Protocol for XML ...matwbn.icm.edu.pl/ksiazki/cc/cc38/cc38112.pdf · SXCCP+: Simple XML concurrency control protocol for XML database systems
 Documents
Part 2 Access Control 1 Access Control Part 2 Access Control 2 Access Control Two parts to access control Authentication: Are you who you say.
 Documents
Access Control 1 Access Control Access Control 2 Access Control Two parts to access control Authentication: Who goes there? o Determine whether access.
 Documents
Pragmatic XML Access Control using Off-the-shelf RDBMSs2.ist.psu.edu/paper/xacar-v5Apr07.pdf · Pragmatic XML Access Control using Off-the-shelf RDBMS Bo Luo, Dongwon Lee, and Peng
 Documents
ADF EMG XML Data Control, OOW Presentation
 Technology
XML for Science Data Access
 Documents
Compressed Accessibility Map: Efficient Access Control for XML Ting Yu : University of Illinois Divesh Srivastava : AT&T Labs Laks V.S. Lakshmanan : University.
 Documents
Access Control in XML PDMS Query Answering - … · Access Control in XML PDMS Query Answering by Shuan Wang ... The peer data management system (PDMS) ... control requirement in
 Documents
XML File Access Guide - MetaSuite · Basics ... Technical Guides • ADABAS File Access Guide ... • IMS DLI File Access Guide • RDBMS File Access Guide • XML File Access Guide
 Documents
Part III Access Control Fundamentals - … Authentication and Access Control 3.2 Discretionary Access Control (DAC) 3.3 Mandatory Access Control (MAC) Part III Access Control Fundamentals
 Documents
SDPL 20077: Querying XML with XQuery1 7 Querying XML n How to access XML data sources? n XQuery, XML Query Lang, W3C Rec, 01/ '07 –joint work by XML Query.
 Documents
INFO CS4302 Lecture8...XML(&(Related(Technologies(overview(Purpose Structured content& DefineDocument& Structure& Access& Document& Items Transform Document& XML& XML&Schema& XPath&
 Documents

Copyright © 2022 FDOCUMENTS