Preventing Confidential Data Disclosure in XML Document Modification

Abstract

As XML is rapidly gaining popularity as a mechanism for sharing and delivering information among businesses, organizations, and users on the Internet, the need of protecting confidential date in XML documents is becoming important, To provide fine-grained access control to date in XML document, existing XML access control models use path expressions of XPath for locating sensitive modes in the documents. Hence, access control policy is defined based on the contents and structure of XML documents. However, confidential data disclosure may arise by an unsecured-update that modifies contents or structures of the documents referred by access control policy. In order to solve this problem, we propose an algorithm that decides whether a given update request against an XML document is not unsecured-update request and is permitted under the requestor's access control policy.