Detecting information leakage in updating XML documents of fine-grained access control

Somchai Chatvichienchai; Mizuho Iwaihara

doi:10.1007/11827405_28

Detecting information leakage in updating XML documents of fine-grained access control

Somchai Chatvichienchai^*, Mizuho Iwaihara

^*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

2 Citations (Scopus)

Abstract

To provide fine-grained access control to data in an XML document, XML access control policy is defined based on the contents and structure of the document. In this paper, we discuss confidential information leakage problem caused by unsecure-update that modifies contents or structures of the document referred by the access control policy. In order to solve this problem, we propose an algorithm that computes update constraints of a user on some data in the document under access control policy of the user. We also propose an algorithm that decides whether a given update request of a user against an XML document is an unsecure-update under the user's access control policy.

Original language	English
Title of host publication	Database and Expert Systems Applications - 17th International Conference, DEXA 2006, Proceedings
Publisher	Springer Verlag
Pages	286-296
Number of pages	11
ISBN (Print)	3540378715, 9783540378716
DOIs	https://doi.org/10.1007/11827405_28
Publication status	Published - 2006
Externally published	Yes
Event	17th International Conference on Database and Expert Systems Applications, DEXA 2006 - Krakow, Poland Duration: 2006 Sept 4 → 2006 Sept 8

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	4080 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	17th International Conference on Database and Expert Systems Applications, DEXA 2006
Country/Territory	Poland
City	Krakow
Period	06/9/4 → 06/9/8

ASJC Scopus subject areas

Theoretical Computer Science
Computer Science(all)

Access to Document

10.1007/11827405_28

Cite this

Chatvichienchai, S., & Iwaihara, M. (2006). Detecting information leakage in updating XML documents of fine-grained access control. In Database and Expert Systems Applications - 17th International Conference, DEXA 2006, Proceedings (pp. 286-296). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4080 LNCS). Springer Verlag. https://doi.org/10.1007/11827405_28

Detecting information leakage in updating XML documents of fine-grained access control. / Chatvichienchai, Somchai; Iwaihara, Mizuho.
Database and Expert Systems Applications - 17th International Conference, DEXA 2006, Proceedings. Springer Verlag, 2006. p. 286-296 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4080 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Chatvichienchai, S & Iwaihara, M 2006, Detecting information leakage in updating XML documents of fine-grained access control. in Database and Expert Systems Applications - 17th International Conference, DEXA 2006, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 4080 LNCS, Springer Verlag, pp. 286-296, 17th International Conference on Database and Expert Systems Applications, DEXA 2006, Krakow, Poland, 06/9/4. https://doi.org/10.1007/11827405_28

Chatvichienchai S, Iwaihara M. Detecting information leakage in updating XML documents of fine-grained access control. In Database and Expert Systems Applications - 17th International Conference, DEXA 2006, Proceedings. Springer Verlag. 2006. p. 286-296. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/11827405_28

Chatvichienchai, Somchai ; Iwaihara, Mizuho. / Detecting information leakage in updating XML documents of fine-grained access control. Database and Expert Systems Applications - 17th International Conference, DEXA 2006, Proceedings. Springer Verlag, 2006. pp. 286-296 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{4be8deb652ca48d9b7b49593f5cbe81b,

title = "Detecting information leakage in updating XML documents of fine-grained access control",

abstract = "To provide fine-grained access control to data in an XML document, XML access control policy is defined based on the contents and structure of the document. In this paper, we discuss confidential information leakage problem caused by unsecure-update that modifies contents or structures of the document referred by the access control policy. In order to solve this problem, we propose an algorithm that computes update constraints of a user on some data in the document under access control policy of the user. We also propose an algorithm that decides whether a given update request of a user against an XML document is an unsecure-update under the user's access control policy.",

author = "Somchai Chatvichienchai and Mizuho Iwaihara",

year = "2006",

doi = "10.1007/11827405_28",

language = "English",

isbn = "3540378715",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "286--296",

booktitle = "Database and Expert Systems Applications - 17th International Conference, DEXA 2006, Proceedings",

note = "17th International Conference on Database and Expert Systems Applications, DEXA 2006 ; Conference date: 04-09-2006 Through 08-09-2006",

}

TY - GEN

T1 - Detecting information leakage in updating XML documents of fine-grained access control

AU - Chatvichienchai, Somchai

AU - Iwaihara, Mizuho

PY - 2006

Y1 - 2006

N2 - To provide fine-grained access control to data in an XML document, XML access control policy is defined based on the contents and structure of the document. In this paper, we discuss confidential information leakage problem caused by unsecure-update that modifies contents or structures of the document referred by the access control policy. In order to solve this problem, we propose an algorithm that computes update constraints of a user on some data in the document under access control policy of the user. We also propose an algorithm that decides whether a given update request of a user against an XML document is an unsecure-update under the user's access control policy.

AB - To provide fine-grained access control to data in an XML document, XML access control policy is defined based on the contents and structure of the document. In this paper, we discuss confidential information leakage problem caused by unsecure-update that modifies contents or structures of the document referred by the access control policy. In order to solve this problem, we propose an algorithm that computes update constraints of a user on some data in the document under access control policy of the user. We also propose an algorithm that decides whether a given update request of a user against an XML document is an unsecure-update under the user's access control policy.

UR - http://www.scopus.com/inward/record.url?scp=33749388673&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=33749388673&partnerID=8YFLogxK

U2 - 10.1007/11827405_28

DO - 10.1007/11827405_28

M3 - Conference contribution

AN - SCOPUS:33749388673

SN - 3540378715

SN - 9783540378716

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 286

EP - 296

BT - Database and Expert Systems Applications - 17th International Conference, DEXA 2006, Proceedings

PB - Springer Verlag

T2 - 17th International Conference on Database and Expert Systems Applications, DEXA 2006

Y2 - 4 September 2006 through 8 September 2006

ER -

Detecting information leakage in updating XML documents of fine-grained access control

Abstract

Publication series

Conference

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this