Research On Access Control For XML Documents

XML is a new technology for information exchange, storage and retrieve. Some mechanisms are needed to protect sensitive information stored in XML documents, and access control is one of the mechanisms. Supported by a National 863 project, implementing flexible, security and effective model as objective, research on access control for XML documents is conducted in this paper. Some results obtained in this paper are as follows.XML document model is described by formal method. Some rules are provided to guarantee that the described documents are well-formed. The model is also applicable for XML schema documents.A flexible and practical method to enforce Discretionary Access Control (DAC) policy on XML documents is presented in this paper. The method is based on XML schema technology that is more powerful than DTD. The authorization is extended to include three fields for overriding option, administrative capability and grantor. Administrative capability in authorization on XML documents is described. Privileges on objects are controllable to some extent. The determinability of users' requests is proved, and algorithm for judging users' requests is given.How to enforce Mandatory Access Control (MAC) policy on XML documents is first proposed. The XML document model is extended to include security label, and some rules which security labels in XML documents should obey are given. The validation of XML documents under MAC policy is defined to improve the usability of systems processing valid documents. Operations on XML documents under MAC policy are described in details. The polyinstantiation caused by these operations is also discussed. Some implementing mechanisms for key models are given.Based on methods discussed before, how to enforce an integrated policy with DAC and MAC on XML system is discussed, an access control based on RBAC is presented to implement the integrated policy. After introduce the concepts of multilevel role and internal role, administrators and users don't have to consider the constraints among the labels of users, roles and objects when assigning privileges. Administrative operations in the model are described in details. This model is flexible and able to be configured to meet different security requirements. The model is applicable in many systems with different scales. The complexity of privilege administration will not added heavily when the numbers of objects or security labels increase.