Efficient database-driven evaluation of security clearance for federated access control of dynamic XML documents

Erwin Leonardi, Sourav S. Bhowmick, Mizuho Iwaihara

Research output: Chapter in Book/Report/Conference proceedingConference contribution

4 Citations (Scopus)

Abstract

Achieving data security over cooperating web services is becoming a reality, but existing XML access control architectures do not consider this federated service computing. In this paper, we consider a federated access control model, in which Data Provider and Policy Enforcers are separated into different organizations; the Data Provider is responsible for evaluating criticality of requested XML documents based on co-occurrence of security objects, and issuing security clearances. The Policy Enforcers enforce access control rules reflecting their organization-specific policies. A user's query is sent to the Data Provider and she needs to obtain a permission from the Policy Enforcer in her organization to read the results of her query. The Data Provider evaluates the query and also evaluate criticality of the query, where evaluation of sensitiveness is carried out by using clearance rules. In this setting, we present a novel approach, called the DIFF approach, to evaluate security clearance by the Data Provider. Our technique is build on top of relational framework and utilizes pre-evaluated clearances by taking the differences (or deltas) between query results.

Original languageEnglish
Title of host publicationLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Pages299-306
Number of pages8
Volume5981 LNCS
EditionPART 1
DOIs
Publication statusPublished - 2010
Event15th International Conference on Database Systems for Advanced Applications, DASFAA 2010 - Tsukuba
Duration: 2010 Apr 12010 Apr 4

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
NumberPART 1
Volume5981 LNCS
ISSN (Print)03029743
ISSN (Electronic)16113349

Other

Other15th International Conference on Database Systems for Advanced Applications, DASFAA 2010
CityTsukuba
Period10/4/110/4/4

Fingerprint

Clearance
Access Control
Access control
XML
Query
Evaluation
Criticality
Security of data
Evaluate
Web services
Data Security
Web Services
Policy
Computing

ASJC Scopus subject areas

  • Computer Science(all)
  • Theoretical Computer Science

Cite this

Leonardi, E., Bhowmick, S. S., & Iwaihara, M. (2010). Efficient database-driven evaluation of security clearance for federated access control of dynamic XML documents. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (PART 1 ed., Vol. 5981 LNCS, pp. 299-306). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 5981 LNCS, No. PART 1). https://doi.org/10.1007/978-3-642-12026-8_24

Efficient database-driven evaluation of security clearance for federated access control of dynamic XML documents. / Leonardi, Erwin; Bhowmick, Sourav S.; Iwaihara, Mizuho.

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 5981 LNCS PART 1. ed. 2010. p. 299-306 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 5981 LNCS, No. PART 1).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Leonardi, E, Bhowmick, SS & Iwaihara, M 2010, Efficient database-driven evaluation of security clearance for federated access control of dynamic XML documents. in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). PART 1 edn, vol. 5981 LNCS, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), no. PART 1, vol. 5981 LNCS, pp. 299-306, 15th International Conference on Database Systems for Advanced Applications, DASFAA 2010, Tsukuba, 10/4/1. https://doi.org/10.1007/978-3-642-12026-8_24
Leonardi E, Bhowmick SS, Iwaihara M. Efficient database-driven evaluation of security clearance for federated access control of dynamic XML documents. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). PART 1 ed. Vol. 5981 LNCS. 2010. p. 299-306. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); PART 1). https://doi.org/10.1007/978-3-642-12026-8_24
Leonardi, Erwin ; Bhowmick, Sourav S. ; Iwaihara, Mizuho. / Efficient database-driven evaluation of security clearance for federated access control of dynamic XML documents. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 5981 LNCS PART 1. ed. 2010. pp. 299-306 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); PART 1).
@inproceedings{3a667cefa9244e0bb0f963b47a566f12,
title = "Efficient database-driven evaluation of security clearance for federated access control of dynamic XML documents",
abstract = "Achieving data security over cooperating web services is becoming a reality, but existing XML access control architectures do not consider this federated service computing. In this paper, we consider a federated access control model, in which Data Provider and Policy Enforcers are separated into different organizations; the Data Provider is responsible for evaluating criticality of requested XML documents based on co-occurrence of security objects, and issuing security clearances. The Policy Enforcers enforce access control rules reflecting their organization-specific policies. A user's query is sent to the Data Provider and she needs to obtain a permission from the Policy Enforcer in her organization to read the results of her query. The Data Provider evaluates the query and also evaluate criticality of the query, where evaluation of sensitiveness is carried out by using clearance rules. In this setting, we present a novel approach, called the DIFF approach, to evaluate security clearance by the Data Provider. Our technique is build on top of relational framework and utilizes pre-evaluated clearances by taking the differences (or deltas) between query results.",
author = "Erwin Leonardi and Bhowmick, {Sourav S.} and Mizuho Iwaihara",
year = "2010",
doi = "10.1007/978-3-642-12026-8_24",
language = "English",
isbn = "3642120253",
volume = "5981 LNCS",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
number = "PART 1",
pages = "299--306",
booktitle = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
edition = "PART 1",

}

TY - GEN

T1 - Efficient database-driven evaluation of security clearance for federated access control of dynamic XML documents

AU - Leonardi, Erwin

AU - Bhowmick, Sourav S.

AU - Iwaihara, Mizuho

PY - 2010

Y1 - 2010

N2 - Achieving data security over cooperating web services is becoming a reality, but existing XML access control architectures do not consider this federated service computing. In this paper, we consider a federated access control model, in which Data Provider and Policy Enforcers are separated into different organizations; the Data Provider is responsible for evaluating criticality of requested XML documents based on co-occurrence of security objects, and issuing security clearances. The Policy Enforcers enforce access control rules reflecting their organization-specific policies. A user's query is sent to the Data Provider and she needs to obtain a permission from the Policy Enforcer in her organization to read the results of her query. The Data Provider evaluates the query and also evaluate criticality of the query, where evaluation of sensitiveness is carried out by using clearance rules. In this setting, we present a novel approach, called the DIFF approach, to evaluate security clearance by the Data Provider. Our technique is build on top of relational framework and utilizes pre-evaluated clearances by taking the differences (or deltas) between query results.

AB - Achieving data security over cooperating web services is becoming a reality, but existing XML access control architectures do not consider this federated service computing. In this paper, we consider a federated access control model, in which Data Provider and Policy Enforcers are separated into different organizations; the Data Provider is responsible for evaluating criticality of requested XML documents based on co-occurrence of security objects, and issuing security clearances. The Policy Enforcers enforce access control rules reflecting their organization-specific policies. A user's query is sent to the Data Provider and she needs to obtain a permission from the Policy Enforcer in her organization to read the results of her query. The Data Provider evaluates the query and also evaluate criticality of the query, where evaluation of sensitiveness is carried out by using clearance rules. In this setting, we present a novel approach, called the DIFF approach, to evaluate security clearance by the Data Provider. Our technique is build on top of relational framework and utilizes pre-evaluated clearances by taking the differences (or deltas) between query results.

UR - http://www.scopus.com/inward/record.url?scp=78650505980&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=78650505980&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-12026-8_24

DO - 10.1007/978-3-642-12026-8_24

M3 - Conference contribution

AN - SCOPUS:78650505980

SN - 3642120253

SN - 9783642120251

VL - 5981 LNCS

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 299

EP - 306

BT - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

ER -