Yimin Liu,Zhihui Wang,Wei Wang

DOI: https://doi.org/10.1109/itime.2012.6291386

2012-01-01

Abstract:This paper presents the privacy-aware data access control and medical documents sharing mechanism based on purpose for distributed XML medical databases. A privacy access policy for XML is a tree-like model, and a group of distributed XML medical databases corresponding to a group of distributed policy trees, so we should mine the integrated patterns to control private data access in sharing environments. Firstly, we should sequence the policy trees and mine the integrated patterns. Secondly, we calculate the privacy information using entropy to identify the integrated patterns with larger information. At last, we query distributed medical documents using integrated patterns, which shares as many as possible private data on condition of privacy constraints. The experiments show that based on different privacy demands for different applications, entropy calculation can be the basis of the choice for integrated pattern and access data reasonably without privacy disclosure.

Li Jiang,Lingdi Ping,Xuezeng Pan

DOI: https://doi.org/10.1007/978-3-540-76788-6_6

2007-01-01

Abstract:Information flow and in particular noninterference ensure that sensitive information does not affect public information. But noninterference is too restrictive: real computing systems sometimes need to dynamically release certain amount of sensitive information. In this paper, we propose a new security property that requires the decision to perform information release have high integrity, and permits low integrity data which comes from untrusted sources to dynamically affect information release by upgrading (or endorsing) its integrity. To control such integrity upgrading, we introduce an endorsement mechanism that takes the form of a local integrity endorsing policy declaration. So the programmer can express more precise ways of endorsing, by specifying the integrity levels from which information may be endorsed. In addition, we show a new type system to enforce the security property.

Guangyu Chen,Jian Liu,Ming Xian

DOI: https://doi.org/10.1088/1742-6596/1314/1/012190

2019-01-01

Journal of Physics Conference Series

Abstract:With the increase of data volume, the service of data publication and subscription is an efficient method to share massive data. It is impossible to capture and manage data with traditional database tools. Therefore, the cloud platform becomes the most suitable platform for data publication and subscription due to its huge storage, strong computing power and good economical utility. In the process of data publishing and subscription, cloud server as a third party is semi-honest, which will bring serious privacy problems. In this paper, a secure data publishing and subscription scheme based on cloud platform is proposed, which can protect the privacy of data and subscriber interest, and achieve efficient and accurate data publishing and subscription. It can realize that only data subscribers who meet the requirements of access rights can obtain and decrypt the data, and the matching of data subscriber interest and data label can be realized at the same time. In addition, this scheme also supports user cancellation, it can cancel dishonest users in the system.

Xu Baowen,Jiang Jixiang,Lu Jianjiang,Wang Peng,Kang Dazhou

2005-01-01

Abstract:The widely use of eXtensible Markup Language (XML) raises the importance of security and access control for XML documents. Besides access control for XML document on node-level, it is also important to control users for accessing association between the nodes. Inference detection plays a central role in association-level access control. In this paper we propose a logic-based approach for inference detection in querying XML document. At first, Basic information is obtained from user query logs and "information-trees" are used to represent all the information a user gets. Then Logic-based method is used to find overlapping parts between "information-trees". Finally, inference detection is achieved by merging the "information-trees". This approach can be used to detect much common inference channels, and can serve as a basic model for future extension.

Jun Gao,Tengjiao Wang,Dongqing Yang

DOI: https://doi.org/10.1007/11610113_10

2006-01-01

Abstract:The security of the published XML data receives high attention due to the sensitive nature of the data in some areas. This paper proposes an XML view publishing method called XFlat. Compared with other methods, XFlat focuses on the efficiency of query evaluation over the published XML view. XFlat decomposes a XML tree into a set of sub-trees with the same accessibility on each node to all users, encrypts and stores each sub-tree in a flat sequential way. This storage strategy can avoid the nested encryption in view construction and decryption in the query evaluation. In addition, we discuss how to generate the user specific schema and minimize the total space cost of XML view with the consideration of the size of the relationship among the sub-trees. The final experimental results demonstrate the effectiveness and efficiency of our method.

Shao Zhijiang,Wang Yongming

DOI: https://doi.org/10.1109/wcica.2004.1342196

2004-01-01

Abstract:The problem of heterogeneous data integration in industrial supervisory control is presented and analyzed. The demand and difficulties of complex lab data representing, storing and publishing are outlined and analyzed in this paper. It is pointed out that a self-descriptive data structure with clear organization of contents and easy connection to human-machine interface is needed. A solution based on XML (eXtended Mark-up Language) is proposed with combination of different layers of data storage, data logic and presentation, human-machine interface. An XML-based system is developed to meet the demands of laboratory data publishing with complex structure. Construction of user interface from XML schema, conversion of lab data into XML, algorithm of storing XML into RDBMS (relation database manager system), query and reconstruction of XML documents from the RDBMS are touched upon. The data structure is described in details and its unique advantage is presented.

Zongda Wu,Jian Xie,Xinze Lian,Jun Pan

DOI: https://doi.org/10.1108/el-05-2019-0127

2019-10-11

The Electronic Library

Abstract:Purpose The security of archival privacy data in the cloud has become the main obstacle to the application of cloud computing in archives management. To this end, aiming at XML archives, this paper aims to present a privacy protection approach that can ensure the security of privacy data in the untrusted cloud, without compromising the system availability. Design/methodology/approach The basic idea of the approach is as follows. First, the privacy data before being submitted to the cloud should be strictly encrypted on a trusted client to ensure the security. Then, to query the encrypted data efficiently, the approach constructs some key feature data for the encrypted data, so that each XML query defined on the privacy data can be executed correctly in the cloud. Findings Finally, both theoretical analysis and experimental evaluation demonstrate the overall performance of the approach in terms of security, efficiency and accuracy. Originality/value This paper presents a valuable study attempting to protect privacy for the management of XML archives in a cloud environment, so it has a positive significance to promote the application of cloud computing in a digital archive system.

information science & library science

Zhihui Wang,Bing Liu,Wei Wang,Haofeng Zhou,Baile Shi

DOI: https://doi.org/10.1007/11775300_13

2006-01-01

Abstract:Recent efforts have been made to address the problem of privacy preservation in data publishing. However, they mainly focus on preserving data privacy. In this paper, we address another aspect of privacy preservation in data publishing, where some of the knowledge implied by a dataset are regarded as private or sensitive information. In particular, we consider that the data are stored in a transaction database, and the knowledge is represented in the form of patterns. We present a data sanitization algorithm, called SanDB, for effectively protecting a set of sensitive patterns, meanwhile attempting to minimize the impact of data sanitization on the non-sensitive patterns. The experimental results show that SanDB can achieve significant improvement over the best approach presented in the literature.

Zhihui Wang,Yun Zhu,Xinyuan Mi

DOI: https://doi.org/10.1109/icdmw60847.2023.00046

2023-01-01

Abstract:Data privacy preservation has been an important problem worthy of study. With the deepening of research, more targeted solutions for different requirements are proposed. Considering that in the most cases, only some of the data are sensitive, and there is no need to provide privacy preservation for non-sensitive data. This paper mainly addresses the problem of privacy preservation only for the sensitive attributes, and the non-sensitive data can be shared with the original values. A privacy preservation approach is presented in this paper, which synthesizes the values of sensitive data attributes and keeps the values of non-sensitive data attributes untouched during data publishing. The experimental results show that this approach can reduce the loss of information and thus improve the utility of published data.

Baolong Liu,Joan Lu,Jim Yip

DOI: https://doi.org/10.48550/arXiv.0906.3772

2009-06-20

Software Engineering

Abstract:Data integrity is the fundamental for data authentication. A major problem for XML data authentication is that signed XML data can be copied to another document but still keep signature valid. This is caused by XML data integrity protecting. Through investigation, the paper discovered that besides data content integrity, XML data integrity should also protect element location information, and context referential integrity under fine-grained security situation. The aim of this paper is to propose a model for XML data integrity considering XML data features. The paper presents an XML data integrity model named as CSR (content integrity, structure integrity, context referential integrity) based on a concatenated hash function. XML data content integrity is ensured using an iterative hash process, structure integrity is protected by hashing an absolute path string from root node, and context referential integrity is ensured by protecting context-related elements. Presented XML data integrity model can satisfy integrity requirements under situation of fine-grained security, and compatible with XML signature. Through evaluation, the integrity model presented has a higher efficiency on digest value-generation than the Merkle hash tree-based integrity model for XML data.

Zhihui Wang,Yun Zhu,Xuchen Zhou

DOI: https://doi.org/10.1007/978-3-030-18590-9_85

2019-01-01

Abstract:For data openness and sharing, we need to publish data and protect sensitive data at the same time. This paper provides the users with a system to realize privacy-preserving data publishing, which is implemented based on differential privacy. It has the following characteristics: (1) the raw data are first imported into a database and then are used to generate synthetic data for publishing; (2) a user can choose different privacy preservation levels for the synthetic data; (3) a subset of the attributes can been chosen to be synthesized while keeping the others untouched.

Zhe-Ming Lu,Zong-Hui Wang,Yong-Liang Liu

DOI: https://doi.org/10.24507/ijicic.17.04.1257

2021-01-01

Abstract:Nowadays, multimedia documents can be easily recreated or modified and then distributed over the Internet or via smart mobile phones; thus copyright protection, copy protection, content authentication and source tracing have become main issues in the big data era. In the past, many multipurpose information hiding schemes have been proposed to solve these problems. However, existing schemes are mainly designed for digital audiovisual documents, but seldom designed for office files, WEB pages, PDF files or software codes. Furthermore, there are few schemes considering how to embed multilevel fingerprints to trace multiple distribution processes. Based on above backgrounds, this paper presents a multipurpose framework based on multilevel multichannel information hiding to provide a more robust and conflict-prevented scheme with whole life cycle and full protection. This framework is developed for all kinds of multimedia documents to protect and/or authenticate and/or trace a multimedia document in its entire life time. In order to make our framework work better as an organic whole, we define a watermark information structure to discriminate and recognize different watermarks and also provide some required control information for watermark extraction or further embedding. To test the effectiveness of the proposed framework, we develop three simulation interfaces for images web pages and PPT files respectively. Experimental results demonstrate that our framework is effective and our scheme can embed multiple watermarks and can extract all watermarks correctly and independently.

Ling Feng,Willem Jonker

IF: 4.397

2004-01-01

Computer Systems Science and Engineering

Abstract:Metadata management is a key issue in Web-based intelligent environments. it plays an important role in a wide spectrum of areas, ranging from semantic explication, information handling, knowledge management, multimedia processing to personalized service delivery. As a result, security issues around metadata management needs to he addressed in order to build trust and confidence to ambient environments. The aim of this paper is to bring together the worlds of security and XML-formatted metadata management in such a way that, on the one hand the requirement on secure rnetadata management is satisfied, while on the other hand the efficiency on metadata processing can still be guaranteed. To this end, we develop an effective approach to enable, efficient search on encrypted XML metadata. The basic idea is to augment encrypted XML metadata with encodings which characterize the topology and content of every tree-structured XML metadata, and then filter Out candidate data for decryption and query execution by examining query conditions against these encodings. We describe a generic framework consisting of three phases, namely, query preparation, query pre-processing, and query execution, to implement the proposed search strategy.

K Yue,Zc Xu,Zm Guo,Ay Zhou

DOI: https://doi.org/10.1007/3-540-36901-5_5

2003-01-01

Abstract:With the rapid development of Internet, XML becomes the standard for data representation, integration and exchange on the web. In order to fully evolve XML into a universal data representation and sharing format, it is necessary to update XML documents efficiently while preserving constraints. We consider an important class of constraints, XML keys. In this paper, based on XML keys and the constraint-preserving normalized storage of XML over relational databases, we present a novel method for updating XML data. Our method first propagates the update on XML into the relational database. Then taking the updated relational data and the original document as input, the resulting XML document updated can be produced through locating the positions of updates in the original one by annotation technology. Preliminary performance studies have shown that our method is very effective and efficient.

Tao Peng,Jiang Minghua,Hu Ming

2008-01-01

Abstract:Nowaday, the status of XML as a standard for storing and exchanging data in Internet and XML documents is becoming a de facto standard for storing and exchanging information. So, access control of XML documents is a key in network environment. In this paper, we propose an approach that exploits the semantics associated with subject and information in XML documents to facilitate automatic access control policies while resource sharing occurs among coalition members. Our approach relies on identifying the necessary attributes required by users to gain access to specific XML documents information. Specifically, it consists of extracting user attribute sets that semantically mach with the attributes of the information in XML documents. This relies on a closer examination of why a user is assigned a specific role.

Ling Feng,Willem Jonker

DOI: https://doi.org/10.1007/978-3-540-39962-9_72

2003-01-01

Abstract:Metadata management is a key issue in intelligent Web-based environments. It plays an important role in a wide spectrum of areas, ranging from semantic explication, information handling, knowledge management, multimedia processing to personalized service delivery. As a result, security issues around metadata management needs to be addressed in order to build trust and confidence to ambient environments. The aim of this paper is to bring together the worlds of security and XML-formatted metadata management in such a way that, on the one hand the requirement on secure metadata management is satisfied, while on the other other hand the efficiency on metadata processing can still be guaranteed. To this end, we develop an effective approach to enable efficient search on encrypted XML metadata. The basic idea is to augment encrypted XML metadata with encodings which characterize the topology and content of every tree-structured XML metadata, and then filter out candidate data for decryption and query execution by examining query conditions against these encodings. We describe a generic framework consisting of three phases, namely, query preparation, query pre-processing and query execution, to implement the proposed search strategy.

Zhiqiang Gao,Yutao Wang,Yanyu Duan,Yun Wang,Zhensheng Peng

DOI: https://doi.org/10.1504/ijica.2018.092587

2018-01-01

International Journal of Innovative Computing and Applications

Abstract:Policedata is an important source of social media data and can be regarded as a technical assistance to increase government accountability and transparency. Notably, it contains large amounts of personal private information that should be preserved deliberately. However, sharing and publishing policedata through private or public cloud infrastructure are still faced with tremendously potential threats and challenges recently. Unfortunately, existing researches regarding privacy preserving data publishing (PPDP) fail to cope with the aforementioned problems. Our work aims to propose a systematic multi-level privacy preserving data publishing (ML-PPDP) architecture. Moreover, a personalised multi-level privacy preserving (pML-PPDP) mechanism that developed from the combination of k-anonymity, l-diversity, t-closeness and differential privacy is designed for policedata publishing. Our solution authorised users with different privileges to different privacy-preserving levels. Experimental results of pML-PPDP mechanism on datasets collected from policedata website are implemented under our proposed ML-PPDP architecture with satisfactory trade-off between privacy and utility.

Jianhua Feng,Na Ta,Guoliang Li,Yu Liu,Dapeng Lv

DOI: https://doi.org/10.4108/infoscale.2007.975

2007-01-01

Abstract:Secure XML query answering to protect data privacy and semantic cache to speed up XML query answering are two hot spots in current research areas of XML database systems. While both issues are independently explored in depth, these two have not been studied together, that is, the problem of semantic cache for secure XML query answering has not been addressed yet. In this paper, we present an interesting joint of these two aspects and propose an efficient framework of semantic cache for secure XML query answering, which can improve the performance of XML database systems under secure circumstances. Our framework combines access control, user privilege management over XML data and the state-of-the-art semantic XML query cache techniques, to ensure that data are presented only to authorized users in an efficient way. To the best of our knowledge, the approach we propose here is among the first beneficial efforts in a novel perspective of combining caching and security for XML database to improve system performance. The efficiency of our framework is verified by comprehensive experiments.

Dongyang Xu,Zhi Tang,Yinyan Yu

DOI: https://doi.org/10.1109/ccnc.2011.5766636

2011-01-01

Abstract:Hierarchical cryptographic key management of access control can be modeled as a partially ordered set in which a high security class can derive its descendant encryption keys, but not vice versa. In this paper, we propose a practical key management scheme for our segment-based document which is a novel XML-based document format for web publishing, called CEBX. The proposed scheme is not only efficient on key generation and key derivation, but also secure against collusion attack, reverse attack and key modification attack. Excellent dynamics are also supported in our scheme and updates of nodes or edges are locally affected in the hierarchy. Nodes of the hierarchy can define passwords to protect the segments of CEBX document, supporting more flexible business strategies in a digital rights management system.

Liu Yimin,Wang Zhihui,Wang Wei

2013-01-01

Abstract:In this paper,we propose to construct the purpose-based privacy access control policy model for XML data mode,and to solve the problem of query-leakage of privacy data incurred by path transfer.In our approach,the policy is a minimum secure access tree model.And the minimum secure access tree is a group of path expressions expressed by XPath{/,//,} fragments without redundant paths,while the XPath{/,//,} points to a set of privacy nodes path with access permission.Experimental results show that the generation time of minimum secure tree depends on the labelling time of the private nodes in an XML documents and the discriminating time of redundant paths,and the labelling time is pertinent to the position of privacy data distributed in XML documents.The minimum secure access tree model is able to control the query leakage of private data.