Information security is considered the most serious requirement which must be carefully considered. Traditional security mechanism protects data at physical level such as encryption and access control, but today's organizations need to protect data on both levels physical and logical level. Since the organization's data may be published and shared by many users. Disclosure is a result of weakness of these security mechanisms. In this paper we discuss the problem of protecting XML data at logical level specifically solve the disclosure problem. The objective is to prevent an unauthorized user to infer sensitive information through the data they authorized to access (result of previous queries), integrity constraints, and using inferences. In most existing access control approaches the XML elements specified by access policies are either accessible or inaccessible according to their sensitivity. However, in some cases, the original XML elements are sensitive and inaccessible, but after being processed in some appropriate ways, the results become insensitive and thus accessible [6]. We propose a security mechanism called Disclosure Prevention Algorithm (DPA) that enhances both the security (by preventing disclosure) and availability (by considering suspected users only) of data represented in XML format.
展开▼
