Advanced Search
CS Search Google Search
Subscribers, please login

Published Articles >> Table of Contents >> Abstract

Publication Home Page
April 2004 (Vol. 37, No. 4)   pp. 41-49
XML-Based Specification for Web Services Document Security
Rafae Bhatti, Purdue University
Elisa Bertino, Purdue University
Arif Ghafoor, Purdue University
James B.D. Joshi, University of Pittsburgh
Full Article Text: View linked HTML of full textDownload PDF of full textBuy this articleGet full text from IEEE Xplore

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MC.2004.1297300
Send link to a friend

Abstract
Web services provide standard protocols for document exchange among data repositories. At the same time, they expose data and functionality to risks that traditional security models do not address.

An XML-based specification language provides content-based, context-aware document access that models the elements of role-based access-control. The model provides explicit support for conceptual level access control on underlying data repositories as well as dynamic updates of user profiles. The authors have validated the model and implemented a software architecture that disseminates secure documents for a single-enterprise Web services application.
References
[1] E. Bertino et al., "Controlled Access and Dissemination of XML Documents," Proc. Workshop Web Information and Data Management, ACM Press, 1999, pp. 22-27.
[2] E. Damiani et al., "A Fine-Grained Access Control System for XML Documents," ACM Trans. Information and System Security (TISSEC), vol. 5, no. 2, ACM Press, 2002, pp. 169-202.
[3] J.Y. Chung, K.J. Lin, and R.G. Mathieu, "Guest Editor's Introduction—Web Services Computing: Advancing Software Interoperability," Computer, Oct. 2003, pp. 35-37.
[4] J.B.D. Joshi et al., "Security Models for Web-Based Applications," Comm. ACM, Feb. 2001, pp. 38-72.
[5] R.S. Sandhu et al., "Role-Based Access Control Models," Computer, Feb. 1996, pp. 38-47.
[6] S.L. Osborn, R. Sandhu, and Q. Munawer, "Configuring Role-Based Access Control to Enforce Mandatory and Discretionary Access Control Policies," ACM Trans. Information and System Security (TISSEC), vol. 3, no. 2, ACM Press, 2000, pp. 85-106.
[7] S. Hada and M. Kudo, "XML Access Control Language: Provisional Authorization for XML Documents,"16 Oct. 2000, Tokyo Research Laboratory, IBM Research.
[8] R. Bhatti et al., Access Control in Dynamic XML-Based Web Services with X-RBAC, CERIAS tech. report 2003-36.
[9] D.F. Ferraiolo et al., "Proposed NIST Standard for Role-Based Access Control," ACM Trans. Information and System Security (TISSEC), vol. 4, no. 3, ACM Press, 2001, pp. 224-274.
[10] H. Chen, "A Machine Learning Approach to Document Retrieval: An Overview and an Experiment," Proc. 27th Hawaii Int'l Conf. System Sciences, vol. 3, IEEE CS Press, 1994, pp. 631-640.
Additional Information

Citation:  Rafae Bhatti, Elisa Bertino, Arif Ghafoor, James B.D. Joshi, "XML-Based Specification for Web Services Document Security," Computer, vol. 37,  no. 4,  pp. 41-49,  Apr.,  2004

RSS Feed

Similar Articles

Abstract Contents
Abstract
References
Citation

Download Citation
Ascii Text
BibTex
RefWorks
Procite/RefMan/Endnote




Free access to

  • Abstracts
  • Selected PDFs

Electronic subscribers login to:

  • Access HTML/PDFs of full text articles

Subscription information

Get a Web account

Peer Review Notice

Give us Feedback