Detecting information leakage in updating XML documents of fine-grained access control

Somchai Chatvichienchai, Mizuho Iwaihara

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)

Abstract

To provide fine-grained access control to data in an XML document, XML access control policy is defined based on the contents and structure of the document. In this paper, we discuss confidential information leakage problem caused by unsecure-update that modifies contents or structures of the document referred by the access control policy. In order to solve this problem, we propose an algorithm that computes update constraints of a user on some data in the document under access control policy of the user. We also propose an algorithm that decides whether a given update request of a user against an XML document is an unsecure-update under the user's access control policy.

Original languageEnglish
Title of host publicationLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Pages286-296
Number of pages11
Volume4080 LNCS
Publication statusPublished - 2006
Externally publishedYes
Event17th International Conference on Database and Expert Systems Applications, DEXA 2006 - Krakow
Duration: 2006 Sep 42006 Sep 8

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume4080 LNCS
ISSN (Print)03029743
ISSN (Electronic)16113349

Other

Other17th International Conference on Database and Expert Systems Applications, DEXA 2006
CityKrakow
Period06/9/406/9/8

Fingerprint

Access Control
Access control
Leakage
XML
Updating
Control Policy
Update
Confidentiality

ASJC Scopus subject areas

  • Computer Science(all)
  • Biochemistry, Genetics and Molecular Biology(all)
  • Theoretical Computer Science

Cite this

Chatvichienchai, S., & Iwaihara, M. (2006). Detecting information leakage in updating XML documents of fine-grained access control. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 4080 LNCS, pp. 286-296). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4080 LNCS).

Detecting information leakage in updating XML documents of fine-grained access control. / Chatvichienchai, Somchai; Iwaihara, Mizuho.

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 4080 LNCS 2006. p. 286-296 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 4080 LNCS).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Chatvichienchai, S & Iwaihara, M 2006, Detecting information leakage in updating XML documents of fine-grained access control. in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). vol. 4080 LNCS, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 4080 LNCS, pp. 286-296, 17th International Conference on Database and Expert Systems Applications, DEXA 2006, Krakow, 06/9/4.
Chatvichienchai S, Iwaihara M. Detecting information leakage in updating XML documents of fine-grained access control. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 4080 LNCS. 2006. p. 286-296. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
Chatvichienchai, Somchai ; Iwaihara, Mizuho. / Detecting information leakage in updating XML documents of fine-grained access control. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 4080 LNCS 2006. pp. 286-296 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{4be8deb652ca48d9b7b49593f5cbe81b,
title = "Detecting information leakage in updating XML documents of fine-grained access control",
abstract = "To provide fine-grained access control to data in an XML document, XML access control policy is defined based on the contents and structure of the document. In this paper, we discuss confidential information leakage problem caused by unsecure-update that modifies contents or structures of the document referred by the access control policy. In order to solve this problem, we propose an algorithm that computes update constraints of a user on some data in the document under access control policy of the user. We also propose an algorithm that decides whether a given update request of a user against an XML document is an unsecure-update under the user's access control policy.",
author = "Somchai Chatvichienchai and Mizuho Iwaihara",
year = "2006",
language = "English",
isbn = "3540378715",
volume = "4080 LNCS",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
pages = "286--296",
booktitle = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

}

TY - GEN

T1 - Detecting information leakage in updating XML documents of fine-grained access control

AU - Chatvichienchai, Somchai

AU - Iwaihara, Mizuho

PY - 2006

Y1 - 2006

N2 - To provide fine-grained access control to data in an XML document, XML access control policy is defined based on the contents and structure of the document. In this paper, we discuss confidential information leakage problem caused by unsecure-update that modifies contents or structures of the document referred by the access control policy. In order to solve this problem, we propose an algorithm that computes update constraints of a user on some data in the document under access control policy of the user. We also propose an algorithm that decides whether a given update request of a user against an XML document is an unsecure-update under the user's access control policy.

AB - To provide fine-grained access control to data in an XML document, XML access control policy is defined based on the contents and structure of the document. In this paper, we discuss confidential information leakage problem caused by unsecure-update that modifies contents or structures of the document referred by the access control policy. In order to solve this problem, we propose an algorithm that computes update constraints of a user on some data in the document under access control policy of the user. We also propose an algorithm that decides whether a given update request of a user against an XML document is an unsecure-update under the user's access control policy.

UR - http://www.scopus.com/inward/record.url?scp=33749388673&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=33749388673&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:33749388673

SN - 3540378715

SN - 9783540378716

VL - 4080 LNCS

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 286

EP - 296

BT - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

ER -