TY - GEN
T1 - Efficient database-driven evaluation of security clearance for federated access control of dynamic XML documents
AU - Leonardi, Erwin
AU - Bhowmick, Sourav S.
AU - Iwaihara, Mizuho
PY - 2010
Y1 - 2010
N2 - Achieving data security over cooperating web services is becoming a reality, but existing XML access control architectures do not consider this federated service computing. In this paper, we consider a federated access control model, in which Data Provider and Policy Enforcers are separated into different organizations; the Data Provider is responsible for evaluating criticality of requested XML documents based on co-occurrence of security objects, and issuing security clearances. The Policy Enforcers enforce access control rules reflecting their organization-specific policies. A user's query is sent to the Data Provider and she needs to obtain a permission from the Policy Enforcer in her organization to read the results of her query. The Data Provider evaluates the query and also evaluate criticality of the query, where evaluation of sensitiveness is carried out by using clearance rules. In this setting, we present a novel approach, called the DIFF approach, to evaluate security clearance by the Data Provider. Our technique is build on top of relational framework and utilizes pre-evaluated clearances by taking the differences (or deltas) between query results.
AB - Achieving data security over cooperating web services is becoming a reality, but existing XML access control architectures do not consider this federated service computing. In this paper, we consider a federated access control model, in which Data Provider and Policy Enforcers are separated into different organizations; the Data Provider is responsible for evaluating criticality of requested XML documents based on co-occurrence of security objects, and issuing security clearances. The Policy Enforcers enforce access control rules reflecting their organization-specific policies. A user's query is sent to the Data Provider and she needs to obtain a permission from the Policy Enforcer in her organization to read the results of her query. The Data Provider evaluates the query and also evaluate criticality of the query, where evaluation of sensitiveness is carried out by using clearance rules. In this setting, we present a novel approach, called the DIFF approach, to evaluate security clearance by the Data Provider. Our technique is build on top of relational framework and utilizes pre-evaluated clearances by taking the differences (or deltas) between query results.
UR - http://www.scopus.com/inward/record.url?scp=78650505980&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=78650505980&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-12026-8_24
DO - 10.1007/978-3-642-12026-8_24
M3 - Conference contribution
AN - SCOPUS:78650505980
SN - 3642120253
SN - 9783642120251
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 299
EP - 306
BT - Database Systems for Advanced Applications - 15th International Conference, DASFAA 2010, Proceedings
T2 - 15th International Conference on Database Systems for Advanced Applications, DASFAA 2010
Y2 - 1 April 2010 through 4 April 2010
ER -