Abstract
Nowadays most of documents are held in digital form and stored in document repositories or databases. The documents can contain delicate information such that not all the actors on the partner side should see and edit. This leads to the necessity to restrict the actions that users could perform with the document content. In this work we research a possibility to integrate existing technologies in order to dynamically define forms and their security permissions. As the solution to the problem we introduce a dynamic way to define security permissions on the XML documents. We propose to use a role-based access control application on the document structure components and introduce a merging strategy to maintain the document’s integrity.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
Basin, D., Doser, J., Lodderstedt, T.: Model driven security: from UML models to access control infrastructure. ACM Trans. Softw. Eng. Methodol. (TOSEM) 15(1), 39–91 (2006)
Brucker, D.A., Petritsch, H.: Extending access control models with break-glass. In: Proceedings of the 14th ACM Symposium on Access Control Models and Technologies, pp. 197–206. ACM (2009)
Bertino, E., Braun, M, Castano, S., Ferrari E., Mesiti, M.: Author-X: a Java-based system for XML data protection. In: IFIP Workshop on Database Security, pp. 15–26, (2000)
Damiani, E., Vimercati, S.C., Paraboschi, S., Samarati, P.: A fine-grained access control system for XML documents. ACM Trans. Inf. Syst. Secur. (TISSEC) 5(2), 169–202 (2002)
Damiani, E., De Capitani di Vimercati, S., Paraboschi, S., Samarati, P.: Securing XML documents. In: Zaniolo, C., Grust, T., Scholl, M.H., Lockemann, P.C. (eds.) EDBT 2000. LNCS, vol. 1777, pp. 121–135. Springer, Heidelberg (2000)
Lakk H.: Model-driven role-based access control for databases. Master thesis, University of Tartu (2012)
Murata, M., Tozawa, A., Kudo, M., Hada, S.: XML access control using static analysis. ACM Trans. Inf. Syst. Secur. 9(3), 292–324 (2006). ACM
Raudjärv, R.: Dynamic schema-based web forms generation in Java. Master thesis, University of Tartu (2010)
Seitz, L., Rissanen, E., Sandholm, T., Firozabadi B. S., Mulmo O.: Policy administration control and delegation using XACML and delegent. In: Proceedings of the 6th IEEE/ACM International Workshop on Grid Computing, pp. 49–54. IEEE (2005)
Zhang, X., Park, J., Sandhu, R.: Schema based XML security: RBAC approach. In: De Capitani di Vimercati, S., Ray, I., Ray, I. (eds.) Data and Applications Security XVII. IFIP, vol. 142, pp. 330–343. Springer, New York (2004)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Tark, K., Matulevičius, R. (2014). Short Paper: Role-Based Access Control for Securing Dynamically Created Documents. In: Lohmann, N., Song, M., Wohed, P. (eds) Business Process Management Workshops. BPM 2013. Lecture Notes in Business Information Processing, vol 171. Springer, Cham. https://doi.org/10.1007/978-3-319-06257-0_41
Download citation
DOI: https://doi.org/10.1007/978-3-319-06257-0_41
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-06256-3
Online ISBN: 978-3-319-06257-0
eBook Packages: Computer ScienceComputer Science (R0)