Computer Engineering and Applications ›› 2008, Vol. 44 ›› Issue (22): 166-168.DOI: 10.3778/j.issn.1002-8331.2008.22.049

• 数据库、信号与信息处理 • Previous Articles     Next Articles

Security policy for REMOVE operation of multilevel XML document

FENG Xue-bin,HONG Fan,LONG Tao,LIU Ming   

  1. College of Computer,Huazhong University of Science and Technology,Wuhan 430074,China
  • Received:2007-10-15 Revised:2008-01-17 Online:2008-07-11 Published:2008-07-11
  • Contact: FENG Xue-bin


冯学斌,洪 帆,龙 涛,刘 铭   

  1. 华中科技大学 计算机学院,武汉 430074
  • 通讯作者: 冯学斌

Abstract: XML’s increasing popularity highlights the security need for XML documents.Researchers have paid more attention on discretional access control,role-based access control and view based technology,rather than mandatory access control.This paper focuses on the REMOVE operation of multilevel XML under the constraint of the hierarchy and the integrity.A novel policy “delayed-removing” is proposed which can avoid convert channel and keep the availability and the secrecy of higher level data element while removing the lower level data element.The integrity constraint and the implement of the policy are also detailed.

Key words: XML, multilevel security, integrity, availability, covert channel

摘要: XML应用的不断扩展带来了XML安全的需求。目前关于XML安全性的研究主要集中于自主访问控制、基于角色的访问控制和视图技术,而对于强制访问控制很少有研究。对多级安全XML文档的元素删除操作进行了研究。由于在结构完整性约束和实体完整性约束下,低安全等级用户的元素删除操作可能导致高安全等级数据失去可用性或者产生信息隐通道,为此提出了一个滞后删除策略,并描述了该策略的完整性性质及实现。

关键词: XML, 多级安全, 完整性, 可用性, 隐通道