Abstract
XML can supply the standard data type in information exchange format on a lot of data generated in running database or applied programs for a company by using the advantage that it can describe meaningful information directly. Accordingly since there are increasing needs for the efficient management and telemedicine security of the massive volume of XML data, it is necessary to develop a secure access control mechanism for XML. The existing access control has not taken information structures and semantics into full consideration due to the fundamental limitations of HTML. In addition, access control for XML documents allows read operations only, and there are problems of slowing down the system performance due to the complex authorization evaluation process. To resolve this problem, this paper designs and builds a XACS (XML Access Control System), which is capable of making fined-grained access control. This only provides data corresponding to its users’ authority levels by authorizing them to access only the specific items of XML documents when they are searching XML documents in telemedicine. To accomplish this, XACS eliminates certain parts of the documents that are inaccessible and transmits the parts accessible depending on the users’ authority levels. In addition, it can be expanded to existing web servers because XML documents are used based on the normal web sites. The telemedicine secure and the guidelines are provided to enable quick and precise understanding of the information, and thus the safety enhancement gets improved. Ultimately, this paper suggests an empirical telemedicine application to confirm the adequacy and validity using the proposed method.
Similar content being viewed by others
References
Adler S, Berglund A, Caruso J, Deach S, Graham T, Grosso P, Gutentag E, Milowski A, Parnell S, Richman J, Zilles S (2001) “Extensible stylesheet language (XSL) version 1.0,” World Wide Web Consortium (W3C), Available at http://www.w3.org/TR/xsl
Agostino Ardagna C, Damiani E, De Capitani di Vimercati S, Samarati P (2005) “A Web Service Architecture for Enforcing Access Control Policies,” Elsevier B.V,
Apache Software Foundation (2001) “Xalan-J version,” 2.2.d14. Available at http://xml.apache.org/xalan-j/
Baek SJ, Han JS, Chung KY (2013) Dynamic reconfiguration based on goal-scenario by adaptation strategy. Wirel Pers Commun 73(2):309–318
Bartel M, Boyer J, Fox B, LaMacchia B, Simon E (2002) “XML Signature Syntax and Processing,” http://www.w3.org/TR/xmldsig-core/
Berners-Lee T, Fielding R, Irvine UC, Masinter L (1998) “Uniform resource identifiers (URI): Generic syntax”, Available at http://www.isi.edu/in-notes/rfc2396.txt
Bertino E, Braun M, Castano S, Ferrari E, Mesiti M (2000) “Author-X: a java-based system for XML data protection,” Technical report, Dipartimento di Scienze dell’ Informazione, University of Milano, submitted for publication
Bertino E, Castano S, Ferrari E (2001) Securing XML documents with author-x. IEEE Internet Comput 5(3):21–31
Bertino E, Ferrari E (2002) Secure and selective dissemination of XML documents. J ACM Trans Inf Syst Secur 5(3):290–331
Biron P, Malhotra A (2001) “XML schema part 2: Datatypes”, World Wide Web Consortium (W3C), Available at http://www.w3.org/TR/xmlschema-2
Bray T, Paoli J, Sperbera-Gcqueen C, Maler E (2000) “Extensible markup language (XML) 1.0 (second edition),” World Wide Web Consortium (W3C), Available at http://www.w3.org/TR/REC-xml
Bray T et al (2000) “Extensible Markup Language (XML) 1.0,” World Wide Web Consortium (W3C), http://www.w3c.org/TR/REC-xml, October 2000
Chung KY (2013) Recent trends on convergence and ubiquitous computing. Pers Ubiquit Comput. doi:10.1007/s00779-013-0743-2
Chung KY, Na YJ, Lee JH (2013) Interactive design recommendation using sensor based smart wear and weather WebBot. Wirel Pers Commun 73(2):243–256
Content Guard (2001) “eXtensible Rights Markup Language (XrML) 2.0,” Available at http://www.xrml.org
Damiani E, Vimercati S, Paraboschi S, Samarati P (2000) “Design and implementation of an access control processor for xml documents,” in proceedings of the 9th International WWW conference, Amsterdam, pp 55–75
Derose S, Maler E, Orchard D (2001) “XML linking language (XLink) version 1.0.,” World Wide Web Consortium (W3C), Available at http://www.w3.org/TR/xlink
Deutsch A, Fernandez M, Florescu D, Levy A, Suciu D (1999) “A Query Language for XML,” In International Conference on World Wide Web, http://www8.org/
Deutsch A, Tannen V (2001) “Containment and integrity constraints for xpath,” In Proceedings of the Eighth InternationalWorkshop on Knowledge Representation Meets Databases (Rome), September 2001
Devanbu P, Gertz M, Kwong A, Martel C, Nuckolls G, Tubblebine S (2001) “Flexible authentication of XML documents,” In Proceedings of the Eighth ACM Conference on Computer and Communications Security (Philadelphia), November 2001
Sabrina De Capitani di Vimercati (2002) “An authorization model for temporal XML documents,” Proceedings of the 2002 ACM Symposium on Applied computing (SAC’02), pp 1088–1093, March 2002
Document Object Model (DOM) (2002) Avaiable at http://www.w3.org/DOM/
Gabillon A, Bruno E (2001) “Regulating access to XML documents,” In Proc. of the Fifteenth Annual IFIP WG 11.3 Working Conference on Database Security
Hada S, Kudo M (2002) “XML access control language: provisional authorization for XML documents,” www.trl.ibm.com/projects/, pp 1–28
Han JS, Chung KY, Kim GJ (2013) Policy on literature content based on software as service. Multimedia Tools Appl. doi:10.1007/s11042-013-1664-9
Jo SM, Chung KY (2008) Policy system of data access control for web service. J Korea Contents Assoc 8(11):25–32
Jo SM, Chung KY (2009) Efficient authorization method for XML document security. J Korea Contents Assoc 9(8):113–120
Jo SM, Chung KY (2011) “Access Control Mechanism for XML Document”, In Proc. of the International Conference IT Convergence and Security, LNEE 120, pp 81–90, Springer
Jung H, Chung KY (2013) Mining based associative image filtering using harmonic mean. Clust Comput. doi:10.1007/s10586-013-0318-z
Jung YG, Han MS, Chung KY, Lee SJ (2011) A study of a valid frequency range using correlation analysis of throat signal. Inf Int Interdiscip J 14(11):3791–3799
Jung EY, Kim JH, Chung KY, Park DK (2013) Home health gateway based healthcare services through U-health platform. Wirel Pers Commun 73(2):207–218
Kim JH, Chung KY (2013) Ontology-based healthcare context information model to implement ubiquitous environment. Multimedia Tools Appl. doi:10.1007/s11042-011-0919-6
Kudoh M, Hirayama Y, Hada S, Vollschwitz A (2000) “Access control specification based on policy evaluation and enforcement model and specification language,” In Symposium on Cryptograpy and Information Security, SCIS
Lee KD, Nam MY, Chung KY, Lee YH, Kang UG (2013) Context and profile based cascade classifier for efficient people detection and safety care system. Multimedia Tools Appl 63(1):27–44
Lim HC, Park S, Son HH (2003) “Access Control of XML documents Considering Update Operations,” In Proc. of the 10th ACM Workshop on XML Security, Fairfax USA
Murat M, Tozawa A, Kudo M, Hada S (2006) Xml access control using static analysis. J ACM Trans Inf Syst Secur
OASIS, “OASIS eXtensible Access Control Markup Language (XACML),” Working Draft 14, http://www.oasis-open.org/committees/xacml/docs/, June 2002
Park RC, Jung H, Chung KY (2014) “Picocell based Telemedicine Health Platform for Human UX/UI”, Multimedia Tools and Applications
Samarati P, De Capitani di Vimercati S (2001) “Access control: Policies, models, and mechanisms,” In Foundations of Security Analysis and Design, R. Focardi and R. Gorrieri, Eds., Lecture Notes in Computer Science, vol. 2171. Springer-Verlag, New York
Schmidt A, Waas F, Kersten M, Florescu L, Manolescu D, Carey MJ, Busse R (2001) “The XML Benchmark Project,” Technical Report INS-R0103, CWI, Amsterdam, the Netherlands
Sriram M, Arijit S, Yuqing W (2006) A Framework for access control for XML. J ACM Trans Syst Inf Secur 1–38
Yu T, Srivastava D, Lakshmanan LVS, Jagadish HV (2004) A compressed accessibility map for XML. ACM Trans Database Syst 29(2):363–402
Zhang N, Kacholia V, Ozsu MT (2004) “A succient physical storage scheme for efficient evaluation of path queries in XML,” in proc. 20th int. Conf. on Data Engineering, pp 54–65
Acknowledgments
This research was supported by Basic Science Research Program through the National Research Foundation of Korea (NRF) funded by the Ministry of Education (2013R1A1A2059964).
Author information
Authors and Affiliations
Corresponding author
Additional information
This paper is significantly revised from an earlier version presented at [28].
Rights and permissions
About this article
Cite this article
Jo, SM., Chung, KY. Design of access control system for telemedicine secure XML documents. Multimed Tools Appl 74, 2257–2271 (2015). https://doi.org/10.1007/s11042-014-1938-x
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11042-014-1938-x