Sign In
Register
eISSN:2278-5299

International Journal of Latest Research in Science and Technology

DOI:10.29111/ijlrst   ISRA Impact Factor:3.35

A News Letter Sign UP!
ANALYZING XPATH REFERENCES IN XML ACCESS CONTROL

Research Paper Open Access

International Journal of Latest Research in Science and Technology Vol.4 Issue 6, pp 10-15,Year 2015

ANALYZING XPATH REFERENCES IN XML ACCESS CONTROL

Qassim AlMahmoud, Ayman Nayef Ahmad Alhalaybeh

Correspondence should be addressed to :

Received : 03 November 2015; Accepted : 20 November 2015 ; Published : 31 December 2015

Share
Download 127
View 184
Article No. 10586
Abstract

The trade-off between certain attributes such as efficiency and cost is always present when it comes to developing applications. Different approaches have been proposed that address the problem of protecting XML documents from unauthorized access especially at the granularity level. Some approaches deploy documents into memory to deliver fast runtime results, and some rather to process access requests statically by labeling each node within XML documents to avoid multiple checks when decisions are made. Web services and e-commerce applications are definitely increasing in day by day bases, access control approaches are highly encouraged to consider these high demands when developing any model. We propose an XML access control model that Eliminates the need of accessing XML documents in databases by analyzing references to XML objects. Giving an access control policy, even with the increase of documents size or access requests, we show that our model closely costs the same. Case studies are left for future work to insure the completeness of our reference contexts.

Key Words   
XML, XPath, Security, Policy, Granularity.

Copyright
References
  1. Clark  and  S.  DeRose,  “Xml  path  language   (xpath) version          1.0,”        November                1999.       [Online].  Available: http://www.w3.org/TR/xpath
  2. Steel, R. Nagappan, and R. Lai, Core security patterns best practices and strategies for J2EE, Web services and identity management. Upper Saddle River, NJ, USA: Prentice Hall Professional Technical Reference, 2005.
  3. Irini and M. Sebastian, “Formalizing xml access control for update operations,” SACMAT07, pp. 169–174, 2007.
  4. Damiani,  S.  D.  C.  di  Vimercati,  S.   Paraboschi,   and P. Samarati, “Design and implementation of an access control processor for xml documents,” Computer Networks, vol. 33, no. 1-6, pp. 59–75, 2000.
  5. Rao, D. Lin, E. Bertino, N. Li, and J. Lobo, “An algebra for fine-grained integration of xacml policies,” Purdue University, West Lafayette, IN, USA, Tech. Rep., 2008.
  6. Li and M. V. Tripunitara, “Security analysis in role-based access control,” ACM Trans. Inf. Syst. Secur., vol. 9, no. 4, pp. 391–420, 2006.
  7. Zhang, R. Sandhu, and F. Parisi-Presicce, “Safety analysis of usage control authorization models.” New York, NY, USA: ACM, 2006.
  8. Jha, N. Li, M. Tripunitara, Q. Wang, and W. Winsborough, “Towards formal  verification of  role-based  access  control policies,” Dependable and  Secure Computing, IEEE Trans- actions, vol. 5, no. 4, pp. 242–255, 2008.
  9. Kudo and S. Hada, “Xml document security based on provisional authorization,” in CCS ’00: Proceedings of the 7th ACM conference on Computer and communications security. New York, NY, USA: ACM, 2000, pp. 87–96.
  10. Damiani, S. De Capitani di Vimercati, S. Paraboschi, and P. Samarati, “A fine-grained access control system for xml documents,” ACM Trans. Inf.  Syst. Secur., vol. 5, no. 2, pp.
  11. 169–202, 2002.
  12. Godik and T. Moses, “Oasis extensible access control 2 markup language (xacml),” cs-xacml-specification-1.0, 2008.
  13. Verma,                     “Xml                        security:                   Control                    in- formation           access      with         xacml,”    2004, http://www.ibm.com/developerworks/xml/library/x-xacml/.
  14. Meng and D. Luo, “An extended role based access control method for xml documents,” Wuhan University Journal  of Natural Sciences, vol. 9, no. 5, pp. 740–744, 2004.
  15.            Steele,                      W.                Gardner,                              T.                             S.             Dillon,                     and A.              Erradi,                     “Xml-based                                             declarative               access control,”       vol.             3381,    pp.                           310–319, 2005, http://www.springerlink.com/content/66rq8tuwhkfdgm1q/.
  16. Xiao,  B.  Luo,  and  D.  Lee,  “Access  control  for  xml document,” vol. 5027, pp. 621–630, 2008.
  17. Halboob,  A.  Mamat,  and  R.  Mahmud,  “A  distributed push-based xml access control model for  better scalability,” Distributed Framework and Applications, pp. 20–26, 2008.
  18. Murata, A. Tozawa, M. Kudo, and S. Hada, “Xml access control using static analysis,” ACM Trans. Inf. Syst. Secur., vol. 9, no. 3, pp. 292–324, 2006.
  19. Abiteboul, O. Benjelloun, and T. Milo, “The active xml project: an overview,” vol. 17, no. 5, pp. 1019–1040, 2007.
  20. -K. Ko, M.-J. Kim, and S. Lee, “On the efficiency of secure xml broadcasting,” Information Sciences, vol. 177, pp. 5505–
  21. 5521, 2007.
  22. Xiao,   B.   Luo,   and   D.   Lee,    “Security-conscious xml             indexing,”                vol.          4443,       pp.           949–954, 2007, http://www.springerlink.com/content/372088578m01883u/.
  23. Qi                            and          M.                            Kudo,      “Tree-based             access control          mechanism              for           xml                    databases,”          2005, http://www.ieice.org/d˜ e/DEWS/DEWS2005/procs/papers/5A- o1.pdf.

 

To cite this article

Qassim AlMahmoud, Ayman Nayef Ahmad Alhalaybeh , " Analyzing Xpath References In Xml Access Control ", International Journal of Latest Research in Science and Technology . Vol. 4, Issue 6, pp 10-15 , 2015

Responsive image

MNK Publication was founded in 2012 to upholder revolutionary ideas that would advance the research and practice of business and management. Today, we comply with to advance fresh thinking in latest scientific fields where we think we can make a real difference and growth now also including medical and social care, education,management and engineering.

Responsive image

We offers several opportunities for partnership and tie-up with individual, corporate and organizational level. We are working on the open access platform. Editors, authors, readers, librarians and conference organizer can work together. We are giving open opportunities to all. Our team is always willing to work and collaborate to promote open access publication.

Responsive image

Our Journals provide one of the strongest International open access platform for research communities. Our conference proceeding services provide conference organizers a privileged platform for publishing extended conference papers as journal publications. It is deliberated to disseminate scientific research and to establish long term International collaborations and partnerships with academic communities and conference organizers.