XML Access Control

1
XML Access Control C. Farkas, V. Gowadia, A. Jain University of South Carolina, Columbia Research Objectives •Research and Prototype Access Control Models that – Capture semantics of data – Provide flexible security granularity – Provide flexible conflict resolution – Provide secure document updates preserving document integrity – Provide protection against illegal inferences •Prove security of access control models developed •Provide complexity analysis of algorithms developed Example Approach • RDF-based XML Access Control Language (RXACL) • RXACL Framework defines two types of protection objects: • Simple security Objects • Association Objects • Layered Access Control Model • User queries and data returned to user are logged in history file • Tree extension algorithms uses XML-keys to combine information viewed by user MedicalDb Patient * Allergies Allergen * Phone Birthdate Name SSN Race Date Diagnosis Physician Prescription * Comments Patient Phone Name Patient Birthdate Race Date Diagnosis Comments DTD of Patient Health Record + + - + + + Node level classification Object - Association level classification Functional Architecture Layered Access Control RXACL model allows enforcement of access control on association between personal information and medical information of patients. However, it allows users to access parts of association separately. RDF-based XML Access Control Language rxacl:Association-A0 /MedicalDb/Patient/ meddb:Association-A0 rdf:Bag name diagnosis rxacl:AsscRoot rxacl:includes rdf:type rdf:type rxacl:relpath rxacl:Rule-R0 -read meddb:Association-A0 Alice rxacl:Rule rdf:type rxacl:ob ject rxacl:user rxacl:accesstype Example: RDF representation of Rules Example: Association Object representation Association objects cannot be expressed at node- level, and represent a new layer (association-level) for defining access control. Note that, nodes contained in explicitly defined associations have two classifications assigned to them. 1. Query 3. Answer 5. Security not violated 7. Return trees 10. Return answer 2, 5, 8. Reject Query Check security violations Security policy XML Store Tree Extension Update History History File 9. 6. 4. Security violated 8. Security not violated Query screening 2.

description

2. 1. Query. Query screening. 2, 5, 8. Reject Query. /MedicalDb/Patient/. -read. MedicalDb. Security violated. Object -. Patient. Patient. SSN. rxacl:accesstype. Association level classification. Security policy. XML Store. rxacl:AsscRoot. *. Name. Name. Patient. - PowerPoint PPT Presentation

Transcript of XML Access Control

Page 1: XML Access Control

XML Access ControlXML Access ControlC. Farkas, V. Gowadia, A. Jain

University of South Carolina, ColumbiaC. Farkas, V. Gowadia, A. Jain

University of South Carolina, Columbia

Research Objectives

• Research and Prototype Access Control Models that– Capture semantics of data– Provide flexible security granularity– Provide flexible conflict resolution– Provide secure document updates preserving document integrity– Provide protection against illegal inferences

• Prove security of access control models developed• Provide complexity analysis of algorithms developed

Example Approach

• RDF-based XML Access Control Language (RXACL)• RXACL Framework defines two types of protection objects:

• Simple security Objects• Association Objects

• Layered Access Control Model• User queries and data returned to user are logged in history file• Tree extension algorithms uses XML-keys to combine information viewed

by user

MedicalDb

Patient*

Allergies

Allergen*

Phone

Birthdate

Name

SSN

Race

DateDiagnosis

Physician

Prescription

*

Comments

Patient

Phone

Name

Patient

Birthdate

Race

DateDiagnosis

Comments

DTD of Patient Health Record

++

-

++

+

Node levelclassification

Object - Association levelclassification

Functional Architecture Layered Access Control

RXACL model allows enforcement of access control on association between personal information and medical information of patients.However, it allows users to access parts of association separately.

RDF-based XML Access Control Language

rxacl:Association-A0

/MedicalDb/Patient/

meddb:Association-A0

rdf:Bag

name

diagnosis

rxacl:AsscRoot

rxacl:includes

rdf:type

rdf:type

rxacl:relpath

rxacl:Rule-R0

-read

meddb:Association-A0

Alice

rxacl:Rule

rdf:type

rxacl:object

rxacl:user

rxacl:accesstype

Example: RDF representation of Rules

Example: Association Object representation

Association objects cannot be expressed at node-level, and represent a new layer (association-level) for defining access control. Note that, nodes contained in explicitly defined associations have two classifications assigned to them.

1. Query

3. Answer

5. Security notviolated

7. Returntrees

10. Return answer

2, 5, 8. Reject Query

Check securityviolations

Securitypolicy XML

Store

Tree Extension

Update History

HistoryFile

9.

6.

4.

Securityviolated

8. Security

not violated

Queryscreening

2.

SDPL 20077: Querying XML with XQuery1 7 Querying XML n How to access XML data sources? n XQuery, XML Query Lang, W3C Rec, 01/ '07 –joint work by XML Query.

SDPL 20077: Querying XML with XQuery1 7 Querying XML n How to access XML data sources? n XQuery, XML Query Lang, W3C Rec, 01/ '07 –joint work by XML Query.

Access Control Models for XML - members.loria.fr · 11 XML in the Industry • Most commercial RDBMSs now provide some XML support • Oracle 11g - XML DB • IBM DB2 pureXML •

Access Control Models for XML - members.loria.fr · 11 XML in the Industry • Most commercial RDBMSs now provide some XML support • Oracle 11g - XML DB • IBM DB2 pureXML •

JAX- Java APIs for XML by J. Pearce. Some XML Standards Basic –SAX (sequential access parser) –DOM (random access parser) –XSL (XSLT, XPATH) –DTD Schema.

JAX- Java APIs for XML by J. Pearce. Some XML Standards Basic –SAX (sequential access parser) –DOM (random access parser) –XSL (XSLT, XPATH) –DTD Schema.

XML for E-commerce II Helena Ahonen-Myka. XML processing model n XML processor is used to read XML documents and provide access to their content and structure.

XML for E-commerce II Helena Ahonen-Myka. XML processing model n XML processor is used to read XML documents and provide access to their content and structure.

WiX Database XML Schema - · PDF fileComboList [element Control ... WiX Database XML Schema

WiX Database XML Schema - · PDF fileComboList [element Control ... WiX Database XML Schema

FFT Doc 16.004 v1 - · PDF fileLTE Long Term Evolution ... XCAP XML Configuration Access Protocol XDM XML Document Management XML eXtensible Markup Language 1.5. References

FFT Doc 16.004 v1 - · PDF fileLTE Long Term Evolution ... XCAP XML Configuration Access Protocol XDM XML Document Management XML eXtensible Markup Language 1.5. References

Pragmatic XML Access Control using Off-the-shelf RDBMS

Pragmatic XML Access Control using Off-the-shelf RDBMS

XML Data Access via MOODLE Platform - IntechOpen · XML Data Access via MOODLE Platform 25 2. The MOODLE platform IT development, the more and more popular access to the Internet

XML Data Access via MOODLE Platform - IntechOpen · XML Data Access via MOODLE Platform 25 2. The MOODLE platform IT development, the more and more popular access to the Internet

Pragmatic XML Access Control using O -the-shelf RDBMSpike.psu.edu/publications/esorics07.pdf · RDBMS is amount to the problem of converting XML deep set opera-tors into equivalent

Pragmatic XML Access Control using O -the-shelf RDBMSpike.psu.edu/publications/esorics07.pdf · RDBMS is amount to the problem of converting XML deep set opera-tors into equivalent

ADF EMG XML Data Control, OOW Presentation

ADF EMG XML Data Control, OOW Presentation

INFO CS4302 Lecture8...XML(&(Related(Technologies(overview(Purpose Structured content& DefineDocument& Structure& Access& Document& Items Transform Document& XML& XML&Schema& XPath&

INFO CS4302 Lecture8...XML(&(Related(Technologies(overview(Purpose Structured content& DefineDocument& Structure& Access& Document& Items Transform Document& XML& XML&Schema& XPath&

Fine Grained Access Control in XML DataBase Systems Naveen Yajamanam April 27,2006.

Fine Grained Access Control in XML DataBase Systems Naveen Yajamanam April 27,2006.

XML Name Access Control Repository at the Hong Kong University of Science & Technology Library

XML Name Access Control Repository at the Hong Kong University of Science & Technology Library

ACCESS CONTROL ExpansE - Distributed Access Control.

ACCESS CONTROL ExpansE - Distributed Access Control.

A Comparison of Attribute Based Access Control (ABAC ... · access control; access control mechanism; access control model; access control policy; attribute based access control (ABAC);

A Comparison of Attribute Based Access Control (ABAC ... · access control; access control mechanism; access control model; access control policy; attribute based access control (ABAC);

SDPL 20067: Querying XML with XQuery1 7 Querying XML n How to access data sources as XML? n XQuery, W3C XML Query Language –Candidate Rec, November 2005.

SDPL 20067: Querying XML with XQuery1 7 Querying XML n How to access data sources as XML? n XQuery, W3C XML Query Language –Candidate Rec, November 2005.

Access Control Discretionary Access Control Lecture 4.

Access Control Discretionary Access Control Lecture 4.

Semester-Thesis: Access Control Languages for XML …archiv.infsec.ethz.ch/education/projects/archive/AC4XML...Semester Thesis Access Control Markup Languages for XML Documents Jan

Semester-Thesis: Access Control Languages for XML …archiv.infsec.ethz.ch/education/projects/archive/AC4XML...Semester Thesis Access Control Markup Languages for XML Documents Jan

Application description 10/2015 Access XML files from S7 ...

Application description 10/2015 Access XML files from S7 ...

Compressed Accessibility Map: Efficient Access Control for XML

Compressed Accessibility Map: Efficient Access Control for XML