Project Introduction
XML, standardized in Feb. 1998, is playing a more and more important role in e-Business. As an essential technology for e-Business, XML security technology is researched and developed by us, Distributed Computing Group in Tokyo Research Laboratory. In particular, we focus on research in XML access control to provide a secured access control mechanism for XML databases.
Research Topics
Access control enforcement includes several processes which are access control modeling, system construction, and accessibility check based on users' access requests. The research topics in our group are therefore about access control policy language, access control model, and access control optimization.
Access Control Policy Language
XACML is proposed on the base of its predecessor language XACL (XML Access Control Language) which is designed in the same project. Standardization work on this important language is carried out by OASIS XACML Technical Committee from 2001. And in 2003, XACML is ratified as an open standard by OASIS. XACML is extensible and powerful to address fine-grained control. Furthermore, it has become to be a framework for access control policy specification.
Access Control Model
This project is to design an access control model for rich-featured node-level access control. In particular, we develop the technology to solve the traditional problems such as 1) value-based access control in which the access permission is decided by XML contents, and 2) access control on a specific node at an arbitrary depth. Furthermore, we focus on scale capacity and performance in supporting access control policy in a hundreds thousand magnitude. In addition, we design the access control model to support runtime updates, insertions, and removals of access control on the base of such large-scaled crucial access control platforms.
Access Control Optimization
In this project, we do research on optimization to provide performance efficiency and memory efficiency for runtime accessibility checks. In particular, we optimize the performance on access propagation and access conflicts based on the tree structure of XML documents.
Papers and Publications
International papers
- N. Seki(N.Qi), M. Kudo, J. Myllymaki, H.Pirahesh, "A Function-Based Access Control Model for XML Databases," CIKM 2005, Oct. 2005
- N. Seki(N.Qi) and M. Kudo, "XML Access Control with Policy Matching Tree," ESORICS 2005, Sep. 2005
- N. Seki and M. Kudo, "Access-Condition-Table-based Access Control for XML Databases," ESORICS 2004, Sep. 2004
- M. Murata, A. Tozawa, M. Kudo and S. Hada: "XML Access Control Using Static Analysis," ACM CCS (2003 ) pp.73-84.
- M. Kudo and S. Hada, "Access Control Model with Provisional Actions," IEICE Trans. Fundamentals, Vol. E84-A, No. 1, 2001.
- M. Kudo and S. Hada, "XML Document Security based on Provisional Authorization," 7th ACM Conference on Computer and Communication Security (CCS 2000), Nov. 2000.
- S. Jajodia, M. Kudo, and V. S. Subrahmanian, "Provisional Authorization," Workshop on Security and Privacy in E-Commerce (WSPEC), Nov. 2000, to appear in Recent Advances in Secure and Private E-Commerce, published by Kluwer Academic Publishers in 2001.
|
|
