Abstract | ||
---|---|---|
Reasoning about the access control model for AXML documents is a non-trivial topic because of its own challenging issues: the hierarchical nature of XML with embedded service call and query transformation. In this paper, we present a methodology to specify an access control model (GUPster) for AXML (Active XML) documents by translating a query, schema, and access control policy in CSP language. Then, we show how to verify access control policies of AXML documents, by illustrating the running example, with the FDR model checker. Finally, the examples demonstrate that our automated static verification is efficient to analyze security problems, not only whether the policies give legitimate users enough permissions to read data, but also whether the policies prevent unauthorized users from reading sensitive data. |
Year | DOI | Venue |
---|---|---|
2007 | 10.1007/978-3-540-72524-4_71 | APWeb/WAIM |
Keywords | Field | DocType |
active xml,access control model,sensitive data,axml document,embedded service call,csp language,automated static verification,query transformation,access control policy,fdr model checker,xml document | Query transformation,Data mining,Model checking,Programming language,XML,Computer science,Path expression,Access control,Schema (psychology) | Conference |
Volume | ISSN | Citations |
4505 | 0302-9743 | 1 |
PageRank | References | Authors |
0.43 | 6 | 1 |
Name | Order | Citations | PageRank |
---|---|---|---|
Il-gon Kim | 1 | 24 | 5.91 |