面向XML文档的细粒度强制访问控制模型

A Fine-Grained Mandatory Access Control Model for XML Documents

XML文档存放的信息需要受到访问控制策略的保护.现有的一些面向XML文档的访问控制模型都是基于自主访问控制策略或基于角色的访问控制.高安全等级系统需要强制访问控制来保证系统内信息的安全.首先扩展了XML文档模型使其包含标签信息,并给出了扩展后的文档模型需要满足的规则.然后通过讨论XML文档上的4种操作,描述了面向XML文档的细粒度强制访问控制模型的详细内容.该模型基于XML模式技术,它的控制粒度可以达到文档中的元素或者属性.最后讨论了该模型的体系结构和一些实现机制.

Information stored in XML documents should be protected by access control policy. Current access control models for XML documents are all based on DAC (discretionary access control) or RBAC (role-based access control). High security system uses MAC (mandatory access control) to secure information in system. XML document model is extended to include label information in this paper, and some rules that the extended model has to satisfy with are presented. Fine-grained MAC model for XML documents is described in detail by discussing four operations on XML documents. The fine-grained MAC model is based on XML schema, and its finest granularity of access control is element or attribute. The architecture and some mechanisms used to implement the fine-grained MAC model are discussed too.