Tao Peng,Jiang Minghua,Hu Ming

2008-01-01

Abstract:Nowaday, the status of XML as a standard for storing and exchanging data in Internet and XML documents is becoming a de facto standard for storing and exchanging information. So, access control of XML documents is a key in network environment. In this paper, we propose an approach that exploits the semantics associated with subject and information in XML documents to facilitate automatic access control policies while resource sharing occurs among coalition members. Our approach relies on identifying the necessary attributes required by users to gain access to specific XML documents information. Specifically, it consists of extracting user attribute sets that semantically mach with the attributes of the information in XML documents. This relies on a closer examination of why a user is assigned a specific role.

Xiyuan Chen,Yang OUYang,Miaoliang Zhu,Yan He

DOI: https://doi.org/10.1109/ICYCS.2008.407

2008-01-01

Abstract:The emerging grid infrastructure presents many challenging security issues that demand new access approach due to its inherent heterogeneity, multidomain characteristic and highly dynamic nature. In order to protect the secure sharing and coordinated use of diverse resources in distributed "virtual organizations", fine-grained access control in grid computing is therefore very necessary and important. In this paper, a semantic-aware access conrtol(SAAC) extending the RBAC with the semantic specification is proposed. Supplying semantic specification by the implementation of semantic inference engine (SIE), the administration for the applicability of users' role memberships to particular permissions is much more easy and precise. The enforcement of the SAAC model for grid application is presented. An experimental evaluation of its overheads is also described.

Xiyuan Chen,Miaoliang Zhu

DOI: https://doi.org/10.4028/www.scientific.net/kem.439-440.178

2010-01-01

Abstract:Semantic; Trust Management; RBAC; User-role Assignment Abstract. The application of RBAC in access management of the enterprise services and resources is very widely. With phenomenal growth of information interaction and cooperation between distributed systems, the number of users can be in the hundreds of thousands or millions. This renders manual user-to-role assignment a formidable task. In this paper, we propose a semantic and trust based framework to automatically assign users to roles based on a finite set of assignment rules defined by authorized people in the enterprise. These rules take into consideration the attributes users own and any constraints set forth by the enterprise including the assignment history and the credit of the requester. We choose OWL to specify the user attributes.

Wei Sun,Da-xin Liu,Tong Wang

DOI: https://doi.org/10.1007/11599517_64

2005-01-01

Abstract:As large corporations and organizations increasingly exploit the Internet as a means of improving business-transaction efficiency and productivity, it is increasingly common to find operational data and other business information in XML format. Access control for XML database is non-trivial subjects. A number of recent research efforts have considered access control models for XML data[1−5]. Our first contribution is a novel model for specifying XML security access control. Given an XML document accompanied by a document DTD, we allow a two-stage access control policies to pledge to security access XML document at file-level and element-level respectively. On the element-level access control, our approach for these access control policies is based on the novel notion of hide-node views. While the hide-node view DTD is exposed to authorized users, neither the internal XPath annotations nor the full document DTD is visible. Authorized users can only operate data over the hide-node view, making use of the exposed view DTD to access data. Our hide-node view mechanism guarantees that unauthorized user cannot access sensitive data and protects the schema information from access by unauthorized users. We think that the schema information also is sensitive data and should be protected from gain through the data accessing.

Hu Luokai,Ying Shi,Jia Xiangyang,Zhao Kai

DOI: https://doi.org/10.6138/jit.2010.11.2.14

2010-01-01

Abstract:With the development of cloud computing, the mutual understandability among distributed Access Control Policies (ACPs) and attribute of entities has become an important issue in the security field of open distributed environment. Semantic Web technology provides the solution to semantic interoperability of heterogeneous applications. In this paper, we analysis existing access control approaches and present a new Semantics Based Cross Domain Access Control Approach with Semantic Access Control Policy Language (SACPL) for describing ACPs. Semantic access control architecture is designed to embed SACPL language and Access Control Oriented Ontology System (ACOOS) into the access control process. Using the approach presented, access control across different domains can be effectively solved through the description and management of semantic attribute. This study enriches the research that the semantic web technology is applied in the field of security, and provides a new way of thinking of access control in cloud computing.

Ws Zhang,Dx Liu

2004-01-01

Abstract:With the growing popularity of Internet, more and more applications use XML(eXtensible Markup Language) as data exchange format for document communications. And there comes a need for collaboration over network. Cooperation between different parties involves operations on shared XML data in XML warehouse. Security is one of the most important aspects of the XML warehouse. It must be well managed under the access control method. Even though there are some traditional access control models, with many different aspects from normal documents, a new method to perform access control to XML warehouse is necessary. In this paper, we proposed TXAC (Two-level XML Access Control) framework, which includes the TRBAC (Temporal Role Based Access Control Component) and the ELAC (Element Level Access Control) Component as a solution of access control on XML warehouse. In particular, TXAC allows (i) setoriented authorization at file-level, by supported with X-Collection component; (ii) collaboration between TRBAC and ELAC component, by enforcing different level granularity and time constrain. Companied with access control checking algorithms, TXAC can deal with outside access request efficiently. Furthermore, the overall architecture of the TXAC and implementation are described in detail.

Tao Peng,Minghua Jiang,Ming Hu

DOI: https://doi.org/10.1109/ISDPE.2007.30

2007-01-01

Abstract:Given the status of XML as a standard for storing and exchanging data in Internet and the Growing interest in XML security, various access control schemes have been proposed recently. In this paper, we propose a novel approach to realize the access control. In this approach, we realize the function of access control by several classes, which construct an object with some parameter when a user accesses a XML document with his (or her) authorization. The class can be inherited just like the programming. We demonstrate the model and show the result of our approach. Keyword: Object oriented, XML, Fine-Granularity, Access Control

FENG Xue-Bin,HONG Fan

DOI: https://doi.org/10.3969/j.issn.1002-137X.2007.10.039

2007-01-01

Computer Science

Abstract:XML database are playing increasingly important role in Web applications.Researchers of XML database se- curity have paid more attention on discretional access control and role-based access control,rather than mandatory ac- cess control which are required by the top security applications.A mandatory access control model for XML database which supports polyinstantiation by using resolving and composing algorithm in syntax level is proposed in paper.The architecture and the security are also discussed in the paper.

Shao-hua TANG

DOI: https://doi.org/10.3969/j.issn.1000-1220.2005.03.025

2005-01-01

Abstract:An authorization and access control model for XML documents is proposed in this paper. The model consists of subject, object, security rules and access control algorithm. The subject is the user or the user group. The object is the protected object. The security rules are used to specify the users privileges to the XML document. The access control algorithm is used to conduct XML document protection according to the security rules. The protection objects of our model can the schema of the XML documents or the instance of the schema. The protection granularity specified by the security rules can be based on document tree structure or based on content. Some concepts, such as authorization conflict, are explained, and the conflict resolution strategy based on the highest priority principle in proposed, which is effective and makes the semantics of authorization rules unique. The access control algorithm is implemented in Java, and SOAP is adopted as communication mechanism, which makes it easier to integrate with other systems. XML is widely used in e-business, so the model in this paper will surely have considerable significant on e-business.

Huanming Zhang,Quanlong Guan,Weiqi Luo

DOI: https://doi.org/10.14257/astl.2015.111.15

2015-01-01

Abstract:XML, the Extensible Markup Language, had become an important tool for both storage and exchange of data. In this paper, we would first made a brief introduction of access control using XML, and some requirements of XML access control would be included. Finally, we analyzed the direction and difficulty in the study of access control using XML, and then illustrate the practical significance of the study.

Xiaoxia Liu

2009-01-01

Abstract:To solve the problem focuments of repetitive labeling process and Document Type Definition(DTD) verification process executed by the eXtensible Markup Language(XML) access control system for update operators,action type is defined. Using these action types,user queries are distinguished semantically and unnecessary queries are filtered out at the early stage,so memory and other system resources used in Document Object Model(DOM) -based DTD verification process and labeling process can be saved. The proposed access control technique shows better performance in an environment where update queries occur frequently after compared with existing one.

Tao Peng,Minghua Jiang,Ming Hu

DOI: https://doi.org/10.4028/www.scientific.net/amr.121-122.558

2010-01-01

Advanced Materials Research

Abstract:A multi-polices access control model is proposed, with the model, access control based on policy regulation and XML based policy description is given. At the same time, We use the XSD(XML Schema Definition) to describe the content and the structure of the xml documents, and check the validity of the xml documents. Based on the description of the access control, an application system is realized we construct the runtime platform and choose some access control polices to test our system. The result is well.

Huanming Zhang,Quanlong Guan,Weiqi Luo

DOI: https://doi.org/10.14257/ijsia.2015.9.7.16

2015-01-01

Abstract:XML, the Extensible Markup Language, had become an important tool for both storage and exchange of data.As the applied areas of XML had been widen gradually, the security problems of XML became a main concern.Hence, the study of access control using XML had been an important topic of security study of XML nowadays.In this paper, we would first made a brief introduction of access control using XML, and some requirements of XML access control would be included.After that, we would give a detail presentation of an access control model using XML, and point out the most significant feature of it.Finally, we analyzed the direction and difficulty in the study of access control using XML, and then illustrate the practical significance of the study.

Wei Sun,Da-xin Liu,Tong Wang

DOI: https://doi.org/10.1007/11610496_109

2006-01-01

Abstract:XML becomes a standard format for data interchanges on Internet, especially in E-commerce. Although XML technology has been widely used, the research and development on XML security is still at the early stage. The control of XML access is important for protecting XML documents from being illegally modified or accessed. Most of available models utilize a single level check point. In this paper, we proposed an access control model with dual level access control: file-level and element-level (or attribute-level). The model allows adopt the XBLP policy with file-level security, while employs Hide-Node View for element-level security. The architecture framework of the access control model and implementation are briefly described.

JZ Luo,XP Wang,AB Song

DOI: https://doi.org/10.1109/cscwd.2005.194196

2005-01-01

Abstract:Grid computing is appropriate for supporting cooperative work Many designers and engineers from different companies or institutions can dynamically form a virtual organization for a given design task. In order to protect each company's sensitive data and services, access control is therefore necessary and important. In this paper, we present a new approach to authorize and administrate access requests, in which the requests are obliged to negotiate with a policy enforcement point in order to gain access to the target grid service. The new access control model will exploit semantic Web technology, and use machine reasoning about the messages and policies at a semantic level.

Yuqing Sun,Peng Pan,Ho-Fung Leung,Bin Shi

DOI: https://doi.org/10.1007/978-3-540-73547-2_34

2007-01-01

Abstract:Semantic interoperation and service sharing have been accepted as efficient means to facilitate collaboration among heterogonous system applications. However, extensibility and complexity are still crucial problems in supporting multi-level automatic collaborations across dynamically changed domains. In this paper, we propose the ontology based hybrid access control model. It introduces the concept of Industry Coalition, which defines the common ontology and servers as the portal of an application domain for public. By mapping local authorizations to the common ontology, an enterprise can efficiently tackle the problems of automatic interoperation across heterogonous systems in the Coalition, as well as of the general requests from dynamically changed exterior collaborators not belonging to the Coalition. Several algorithms are also proposed to generate authorization mappings and maintain security constraints consistent. To illustrate our model, an example of property right exchange is given and experiment results are discussed.

Yun-qing Fu,Chun-xiao Ye

DOI: https://doi.org/10.1049/cp:20070238

2007-01-01

Abstract:Access control is widely used in most information systems. XML or other languages are usually adopted to define access control policy. In this paper, we examine an approach to employ user and role's attribute expression as a part of access control policy. In our approach, a XACML-based policy language named A-XACML is defined and used as a simple, flexible way to express and enforce access control policies in a variety of environments. The language and schema support include data types, functions, and combining logic which allow simple and complex rules to be defined. Finally, we illustrate how to define access control policies of product document management (PDM) system by using XACML.

Luokai Hu,Shi Ying,Xiangyang Jia,Kai Zhao

DOI: https://doi.org/10.1007/978-3-642-10665-1_13

2009-01-01

Abstract:With the development of cloud computing, the mutual understandability among distributed Access Control Policies (ACPs) has become an important issue in the security field of cloud computing. Semantic Web technology provides the solution to semantic interoperability of heterogeneous applications. In this paper, we analysis existing access control methods and present a new Semantic Access Control Policy Language (SACPL) for describing ACPs in cloud computing environment. Access Control Oriented Ontology System (ACOOS) is designed as the semantic basis of SACPL. Ontology-based SACPL language can effectively solve the interoperability issue of distributed ACPs. This study enriches the research that the semantic web technology is applied in the field of security, and provides a new way of thinking of access control in cloud computing.

CHEN Chuan-bo,PENG Chao-yi

DOI: https://doi.org/10.3969/j.issn.1007-130x.2008.01.011

2008-01-01

Abstract:Since XML is widely used nowadays,the need to provide controlled access to such information is imminent.The incredible amount of heterogeneous users on the Web also increases the difficulty of the authorization management.Based on the security feature of XML documents,we presents a credential-based XML access control model and its XML-based policy specification.Finally,we discuss the implementation of the model.

Xueqin Chen,Huizhong Wu,Yaoqin Zhu

DOI: https://doi.org/10.1109/ICSICT.2008.4734715

2008-01-01

Abstract:Recently, distributed computing technologies have developed rapidly, such as web services and other XML-based technologies. Information systems enter into a wide-area distributed computing environment. For web services based information systems, the separation between functions and resources enables reusability. However, it is difficult for traditional Access control models to deal with. The security of system encounters with challenges. This paper proposes a double access control model based on attributes to achieve the access control of system functions and resources. The access control decision of functions depends on subject attributes. The decision of resources relies on three attributes': subject attributes, resources attributes and environments attributes. Consistency of access controls between functions and resources is solved by subject's attributes certificate and shared policy. Certificate proxy is utilized to achieve single sign-on, authenticate and authority in wide-area environment. Furthermore, we depict the process flow of the access control in detail. The proposed model is implemented on XACML.NET package and applied in a web services based information system in NET Environment. At last, the performance of resource access control is analyzed and tested by VSTE-ST 2005. The results of practical application and experiment prove the feasibility and usability of the model.