Post on 06-Jan-2016
description
XML Access ControlXML Access ControlC. Farkas, V. Gowadia, A. Jain
University of South Carolina, ColumbiaC. Farkas, V. Gowadia, A. Jain
University of South Carolina, Columbia
Research Objectives
• Research and Prototype Access Control Models that– Capture semantics of data– Provide flexible security granularity– Provide flexible conflict resolution– Provide secure document updates preserving document integrity– Provide protection against illegal inferences
• Prove security of access control models developed• Provide complexity analysis of algorithms developed
Example Approach
• RDF-based XML Access Control Language (RXACL)• RXACL Framework defines two types of protection objects:
• Simple security Objects• Association Objects
• Layered Access Control Model• User queries and data returned to user are logged in history file• Tree extension algorithms uses XML-keys to combine information viewed
by user
MedicalDb
Patient*
Allergies
Allergen*
Phone
Birthdate
Name
SSN
Race
DateDiagnosis
Physician
Prescription
*
Comments
Patient
Phone
Name
Patient
Birthdate
Race
DateDiagnosis
Comments
DTD of Patient Health Record
++
-
++
+
Node levelclassification
Object - Association levelclassification
Functional Architecture Layered Access Control
RXACL model allows enforcement of access control on association between personal information and medical information of patients.However, it allows users to access parts of association separately.
RDF-based XML Access Control Language
rxacl:Association-A0
/MedicalDb/Patient/
meddb:Association-A0
rdf:Bag
name
diagnosis
rxacl:AsscRoot
rxacl:includes
rdf:type
rdf:type
rxacl:relpath
rxacl:Rule-R0
-read
meddb:Association-A0
Alice
rxacl:Rule
rdf:type
rxacl:object
rxacl:user
rxacl:accesstype
Example: RDF representation of Rules
Example: Association Object representation
Association objects cannot be expressed at node-level, and represent a new layer (association-level) for defining access control. Note that, nodes contained in explicitly defined associations have two classifications assigned to them.
1. Query
3. Answer
5. Security notviolated
7. Returntrees
10. Return answer
2, 5, 8. Reject Query
Check securityviolations
Securitypolicy XML
Store
Tree Extension
Update History
HistoryFile
9.
6.
4.
Securityviolated
8. Security
not violated
Queryscreening
2.