Abstract
Current access-control systems for documents suffer from one or more of the following limitations: they are coarse-grained, limited to XML documents, or unable to maintain control over copies of documents once they are released by the system. We present a formal model of a system that overcomes all of these restrictions. It is very fine-grained, supports a general class of documents, and provides a foundation for usage control.
This work was partially supported by the Zurich Information Security Center. It represents the views of the authors.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Bertino, E., Sandhu, R.: Database security—concepts, approaches, and challenges. IEEE Transactions on Dependable and Secure Computing 2, 2–19 (2005)
Castano, S., Fugini, M., Martella, G., Samarati, P.: Database Security. ACM Press, New York (1995)
Smith, B., Komar, B.: Microsoft Windows Security Resource Kit, 2nd edn. Microsoft Press, Redmond (2005)
W3C (World Wide Web Consortium): Extensible Markup Language (XML) (W3C Recommendation)
International Organization for Standardization: Information technology – Z formal specification notation – Syntax, type system and semantics. 1st edn. (2002)
Hoare, C.: Communicating Sequential Processes. Prentice-Hall, Englewood Cliffs (1985)
Fischer, C.: CSP-OZ: a combination of Object-Z and CSP. In: Proc. 2nd IFIP Workshop on Formal Methods for Open Object-Based Distributed Systems (FMOODS), pp. 423–438 (1997)
Park, J., Sandhu, R.: The UCONABC usage control model. ACM Transactions on Information and System Security 7, 128–174 (2004)
Karjoth, G., Schunter, M., Waidner, M.: Platform for Enterprise Privacy Practices: Privacy-Enabled Management of Customer Data. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 69–84. Springer, Heidelberg (2003)
IBM Zurich Research Laboratory: Enterprise privacy technologies (WWW)
Bettini, C., Jajodia, S., Wang, X.S., Wijesekera, D.: Provisions and obligations in policy rule management. Journal of Network and Systems Management 11, 351–372 (2003)
Bettini, C., Jajodia, S., Wang, X.S., Wijesekera, D.: Reasoning with advanced policy rules and its application to access control. International Journal on Digital Libraries 4, 156–170 (2004)
Hilty, M., Basin, D., Pretschner, A.: On Obligations. In: de Capitani di Vimercati, S., Syverson, P., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 98–117. Springer, Heidelberg (2005)
Sevinç, P.E., Basin, D.: Controlling access to documents: A formal access control model. Technical report, Swiss Federal Institute of Technology Zurich (2006)
OASIS: eXtensible Access Control Markup Language (XACML) (Specification)
W3C (World Wide Web Consortium): Document Object Model (DOM) Level 3 Core Specification (W3C Recommendation)
Damiani, E., De Capitani di Vimercati, S., Paraboschi, S., Samarati, P.: A fine-grained access control system for XML documents. ACM Transactions on Information and System Security 5, 169–202 (2002)
IBM Tokyo Research Laboratory: XML Access Control Language (XACL) (WWW)
Kudo, M., Hada, S.: XML document security based on provisional authorization. In: Proceedings of the 7th ACM conference on Computer and communications security, Athens, pp. 87–96 (2000)
Bertino, E., Castano, S., Ferrari, E.: Securing XML documents with Author-X. IEEE Internet Computing 5, 21–31 (2001)
Bertino, E., Carminati, B., Ferrari, E.: Access control for XML documents and data. Information Security Technical Report 9, 19–34 (2004)
Gabillon, A., Munier, M., Bascou, J.-J., Gallon, L., Bruno, E.: An access control model for tree data structures. In: Chan, A.H., Gligor, V.D. (eds.) ISC 2002. LNCS, vol. 2433, pp. 117–135. Springer, Heidelberg (2002)
Gabillon, A.: An authorization model for XML databases. In: Proceedings of the 11th ACM conference on Computer and communications security (2004)
Niézette, M., Stévenne, J.M.: An efficient symbolic representation of periodic time. In: Finin, T.W., Yesha, Y., Nicholas, C. (eds.) CIKM 1992. LNCS, vol. 752, pp. 161–168. Springer, Heidelberg (1993)
Trusted Computing Group: TCG TPM Specification Version 1.2 (TCG Specification)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Sevinç, P.E., Basin, D., Olderog, ER. (2006). Controlling Access to Documents: A Formal Access Control Model. In: Müller, G. (eds) Emerging Trends in Information and Communication Security. ETRICS 2006. Lecture Notes in Computer Science, vol 3995. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11766155_25
Download citation
DOI: https://doi.org/10.1007/11766155_25
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-34640-1
Online ISBN: 978-3-540-34642-5
eBook Packages: Computer ScienceComputer Science (R0)