Browse > Article
http://dx.doi.org/10.13089/JKIISC.2005.15.6.93

Access Control of XML Object Using Role Hierarchy and Cryptographic Key Assignment Scheme  

Bae Kyoung-Man (Dong-A University)
Kim Jong-Hoon (Dong-A University)
Ban Yong-Ho (Dong-A University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.15, no.6, 2005 , pp. 93-103 More about this Journal
Abstract
As the usage of XML documents increases the requirement of security for XML documents is growing. Especially it is very important to solve the problem of access control to XML object which shares in the environment where various users connect to each others. In this paper, we propose the access control model and mechanism which is combined with role hierarchy in the RBAC and hierarchical key derivation/assign method for the access to XML object. So we implement the access control mechanism by including hierarchical key derivation method. The technique, we proposed, gives not only the benefit in management which RBAC provides in access control to XML objects, but also it ran help derive a lower layer key from the higher layer user's. This feature decrease the number of keys managed in each role hierarchy in comparison with previous methods.
Keywords
access control; RBAC; XML security; hierarchical key derivation;
Citations & Related Records
연도 인용수 순위
  • Reference
1 T.S. Chen, J.Y. Huang, 'A novel Key management scheme for dynamic access control in a user hierarchy,' Applied Mathematics and Computation, Vol.162(1), pp.339-351, 2005   DOI   ScienceOn
2 J.Wang, S. Osborn, 'A Role Based Approach to Access Control for XML Databases,' SACMAT'04, June, 2004
3 최동희, 박석, 접근제어 정책구현을 위한 역할기반 XML 암호화,' pp. 3-15, 정보보호학회논문지, 15(1), 2005
4 http://docs.oasis-open.org/xacml/2.0/
5 E. Damiani, C. Vimercati, S. Paraboshi, P. Samarati, 'Securing XML Documents,' EDBT 2000, Germany, pp. 27-31, June, 2000
6 R, Sandhu, E,J.Coyne, H.L. Feinstein, 'Role-based Access Control Models,' IEEE Computer, Vol.29(2), pp. 33-47, 1996
7 J.M. Jeon, Y.D. Chung, M.H. Kim, Y.J Lee, 'Filtering XPath expressions for XML access control', Computers & Security, Vol.23(7), pp. 591-605, 2004   DOI   ScienceOn
8 www.w3c.org, 'eXtensible Markup Language1.0,' W3C Recommendation, 04 February 2004
9 Chang, C.C, Hwang, R.J, Wu,T.C, 'Cryptographic Key assignment scheme for access control in a hierarchy,' Infromation System, Vol.17(3), pp. 243-247, 1992   DOI   ScienceOn
10 Hao He, Raymond K. Wong, 'A Role-Based Access Control Model for XML Repositories,' 2001
11 Selim G. Akl, Peter D. Taylor, 'Cryptographic solution to a problem of access control in a hierarchy,' ACM Transactions on Computer Systems, Vol.1(3), pp. 239-248, Aug 1983   DOI
12 www.w3c.org,'XML Encryption Syntax and Processing,'W3C Recommendation, 10 December 2002
13 Jason Crampton, 'Applying Hierarchical and Role-Based Access Control to XML Documents,' In Proc. of ACM Workshop on Secure Web Services 2004. pp. 41-50, 2004
14 박영희 외 5인,'Diffie-Hallman 키 교환을 이용한 확장성을 가진 계층적 그룹키 설정 프로토콜,' 정보보호학회논문지, 13(5), pp. 3-15, 2003
15 C. G. Pollmann, 'XML Pool Encryption,' XMLSEC02, USA, pp.1-9, 22, Nov, 2002
16 www.w3c.org, 'XML-Signature Syntax and Processing,' W3C Recommendation, 12 February 2002