Informatica

In this paper, we present a novel fine-grained access control system for applications where the information flow is critical; the confidentiality of the data is essential and there are a huge number of users who access different portions of an XML document as in military applications. We combine MAC and RBACK models for XML for use in the mentioned type of applications. In accordance with the peculiarities of the target applications, the access control model is structured in such a way that the implementation can be done efficiently for large number of users. In the system presented, instead of using access control lists, we use a security labeling approach in defining the grant rules. By combining the advantages of role-based and mandatory access control schemes, the access control system presented provides a fine-grained, flexible and effective access for applications where the confidentiality of data is crucial. The system is implemented and tested for correctness. Performance analysis is also given.