Slide 1Slide 2Slide 3Slide 4Slide 5Slide 6Slide 7Slide 8Slide 9Slide 10Slide 11Slide 12Slide 13Slide 14Slide 15Slide 16Slide 17Slide 18Slide 19Slide 20Slide 21Slide 22Slide 23Slide 24Slide 25Slide 26Slide 27Slide 28Slide 29Slide 30Slide 31Slide 32Slide 33Slide 34Slide 35Slide 36Slide 37Slide 38Slide 39Slide 40Slide 41Slide 42Slide 43Slide 44Slide 45Slide 46Slide 47Slide 48Slide 49Slide 50Slide 51Slide 52Slide 53Slide 54Slide 55Slide 56Slide 57Slide 58Slide 59Slide 60Slide 61Slide 63Slide 64Slide 65Slide 66Slide 67Slide 68Slide 69Slide 70Slide 71Secure outsourcing of XML data Barbara CarminatiUniversity of Insubria at [email protected]://www.dicom.uninsubria.it/~barbara.carminatiSoftware as a ServiceGetWhat you needWhen you need itPay forWhat you useDon’t worry aboutDeployment, installation, maintenance, upgradesHire/train/retain peopleEmerging trend: data outsourcingDatabase as a Service (DBaaS), why?Most organizations need efficient data managementDBMSs are extremely complex to deploy, setup, and maintainRequire skilled DBAs (at very high cost!)Driven by faster, cheaper, and more accessible networksTraditional architectureClientDBMS ServerThird-party architectureData ProviderDataQueriesResultsClient Data ownerOutsourceddb Internet InternetResearch issuesDistributed query managementConsistencySecurity & Privacy:Main requirements: confidentiality, integrity, authenticity, completeness, etc…Security & PrivacyNaÏve solution:Data providers are trusted -- they always operate according to owners security and privacy policiesSecurity & PrivacyTo be satisfied even in the presence of an untrusted provider that:Can modify/delete the dataCan access sensitive/private informationCan send data to non authorized usersCan send a user not all the information he/she is authorized to accessCan be attacked from outsideTo be satisfied by incurring minimal computation and bandwidth overheadMain requirementsConfidentialityAuthenticity/integrityCompletenessConfidentialityConfidentiality:Data are disclosed only to authorized usersUsually, confidentiality requirements are expressed through a set of access control policiesAuthorizationsReference MonitorAccess granted (partially or totally)Access deniedAccess control policiesSAsUsersAccess controlAccess requestConfidentialityWhen data are outsourced, confidentiality has a twofold meaning:Confidentiality wrt users:protect data against unauthorized user’s read accesses Confidentiality wrt providers:protect the Owner’s data from read accesses by untrusted providersIntegrityIt refers to information protection from modifications; it involves several goals:Assuring the integrity of information with respect to the original information– often referred to as authenticity Protecting information from unauthorized modificationsIntegrity/authenticityUsually enforced through signature techniquesWhen data are outsourced:Traditional signature techniques are not enoughA user can be returned only selected portions of the data signed by the ownerCompletenessIt refers to ensure that users receive all information they are entitled to access, according to the owner policiesSecure outsourcing of XML data our proposalScenario Credential basePolicy BaseXML SourceOwnerProviderXMLdocsWe focus on XMLThe Owner is the producer of information. It specifies access control policiesThe Provider is responsible for managing (a portion of) the Owner information and answering user queries according to the access control policies specified by the OwnerWe focus on XML dataThe Owner specifies access control policies according to an access control model supporting:Fine-grained and credential-based access controlXML-based language to express access control policies and credentials (X-Sec)ScenarioExample X-Sec Alice CredentialAccess Control Policy (encoded by X-Sec language) <x_profile> <secretary level='7’> <name>Alice Rossi</name> <department>marketing</type> <type> administrative</type> <email>[email protected]</email> </secretary></x_profile>FRdepartment[@dept='Internet']/employeeorganization.xmlsecretary[@level>='9']FRdepartment[@dept='Marketing']/employee[@level<10]organization.xmlsecretary[@level>='4']PMPathtargetCred expressionAccess control policy authorizes Alice to seedepartment[@dept=‘Marketing’]/employee[@level<10]ExampleAlice submits this Xpath: //organization/department/employee[@level>4]denieddenieddenied<?xml version="1.0" encoding="UTF-8"?><Organization> <department dept=‘Marketing’> <employee><name> Alice Rossi</name> <salary> 80K </salary> <level> 7</level> </employee> <employee><name> Bob Red</name> <salary> 50K </salary> <level> 5 </level> </employee> <employee><name> Tom Black</name> <salary> 170K </salary> <level> 12</level> </employee> </department> <department dept=‘HR’> <employee><name> Kim </name> <salary> 150K </salary> <level> 11 </level> </employee> <employee><name> Ann</name> <salary> 80K </salary> <level> 7</level> </employee> </department></Organization>ProblemCredential basePolicy BaseXML SourceOwnerProvider 1XMLdocsXMLdocsXMLdocsXMLdocsProvider 4 Provider 2Provider 3UntrustedStrategies for ensuring confidentiality, authenticity and completenesseven if the provider is not trustedProposed solution: overall ideaThe owner outsources to providers a Security Enhanced Encryption of the original XML docs, where:Authenticity and integrity are enforced by an alternative digital signature devised for XML docs, i.e., Merkle Signature; Confidentiality is ensured by the properties of Well formed encryption;It contains security information, that makes the providers able to evaluate queries.Moreover, the owner provides users with auxiliary data structures (i.e., Query templates), that make them able to submit queries directly to providers and verify the obtained query resultsSE-ENC documentQuery TemplateWell-formedencryptionMerkleSignatureSecurityInformationRemoval ofencrypted contentPartioning informationAuthenticity informationK1KjKmKp XML document Owner-side processingSystem architectureUserAnswerQueryOWNEROWNER CLIENTCLIENT PROVIDERPROVIDER SE-ENC documentDecryptionkeyscredentialsSystem architectureUserAnswerQueryReply
View Full Document