DOC PREVIEW
UTD CS 4398 - Secure Sharing of Digital Evidence

This preview shows page 1-2-17-18-19-35-36 out of 36 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 36 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 36 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 36 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 36 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 36 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 36 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 36 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 36 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

Secure Sharing of Digital EvidenceMotivationExample XML DocumentPublishing service: how it worksSubject Credentials, Protection Objects and Policy BaseSubject Credential Base ExamplePolicy Base ExampleAccess Control StrategySystem Architecture for Access ControlThird-Party ArchitectureSubject Owner InteractionSlide 12Owner Publisher InteractionPolicy Configuration/Policy ElementPolicy Configuration: examplePublisher Policy evaluation: exampleSlide 17Slide 18Slide 19Slide 20Slide 21Subject Publisher InteractionMerkle Hash PathsSlide 24Applications to Digital ForensicsAPPENDIXReply Document Generation AlgorithmExample Reply DocumentAuthentication: Authenticable ElementAuthentication Subject Verification AlgorithmAuthentication:Authentic ElementPotential Attacks and Performance IssuesChallenge: Integrating Confidentiality and AuthenticationApplication: Secure Web ServicesAuthenticityMerkle SignatureSecure Sharing of Digital EvidenceBhavani ThuraisinghamOctober 17, 2011MotivationDigital Evidence Represented in XML (eXtensivle Markup Language)XML documents have to be securedXML has become the standard document interchange language for the web XML is a critical technology for the semantic webRDF and other specifications are built on XMLXML documents must satisfy security and privacy policiesChallenges: Access Control, Secure publishing, Secure Web Services Applications, Securing RDF, Secure semantic web, Temporal models, Privacy, Handling evolving XML specificationsBased on paper published in IEEE Transactions on Knowledge and Data Engineering, October 2004 (Bertino, Ferrari, Carminati, Thuraisingham)Example XML DocumentNSFPatentsAssetYear: 2003Name: UTDExpensesDeptAuthorShort-descIDAnnual reportAssetsAssetEquipmentBooksPatentOtherTotFundsDate6/1/03TypeAmout1m$DateDeptUTDTech-detailsPatentCashCSFund01/14/19 4UsersPublishing ServiceWEBWEBPush/Pull modesSecurity requirements:ConfidentialityIntegrityAuthenticityCompletenessPublishing service: how it worksA new class of information-centered applications based on Data disseminationPossible scenarios:Information commerce (Digital libraries, Electronic news, etc.)Intra-company information systemsSubject Credentials, Protection Objects and Policy BaseSubjects are given access to XML documents or portions of documents depending on user ID and/or CredentialsCredential specification is based on credentials a subject has Professor is a credential; Secretary is a credentialProtection objects are objects to which access is controlledEntire XML documents or portions of XML documentsPolicy base stores security policies for protecting the XML source contentsSubject Credential Base Example<Professor credID=“9” subID = “16: CIssuer = “2”><name> Alice Brown </name><university> UTD <university/><department> CS </department><research-group> Security </research-group></Professor><Secretary credID=“12” subID = “4: CIssuer = “2”><name> John James </name><university> UTD <university/><department>CS </department><level> Senior </level></Secretary>01/14/19 7Policy Base Example<?xml version="1.0" encoding="UTF-8"?><policy_base>...<policy_spec ID=‘P1' cred_expr="//Professor[department='CS']" target="annual_report.xml" path="//Patent[@Dept='CS']//node()" priv="VIEW"/><policy_spec ID=‘P2' cred_expr="//Professor[department='CS']" target="annual_report.xml" path="//Patent[@Dept='IST']/Short-descr/node() and //Patent[@Dept='IST']/authors" priv="VIEW"/><policy_spec ID=‘P3' cred_expr="//Professor[department='IST'] " target="annual_report.xml" path="//Patent[@Dept='IST']//node()" priv="VIEW"/><policy_spec ID=‘P4' cred_expr="//Professor[department='IST']" target="annual_report.xml" path="//Patent[@Dept='CS']/Short-descr/node() and //Patent[@Dept='CS']/authors" priv="VIEW"/><policy_spec ID=‘P5' cred_expr="//secretary[department='CS' and level='junior']" target="annual_report.xml" path="//Asset[@Dept='CS']/node()" priv="VIEW "/><policy_spec ID=‘P6' cred_expr="//secretary[department='CS' and level='senior']" target="annual_report.xml" path="//Asset[@Dept='IST']/Funds/@Type and //Asset[@Dept='IST']/Funds/@Funding-Date" priv="VIEW "/><policy_spec ID=‘P7' cred_expr="//secretary[department='IST' and level='junior']" target="annual_report.xml" path="//Asset[@Dept='IST']/node()" priv="VIEW "/>...</policy_base>Access Control StrategySubjects request access to XML documents under two modes: Browsing and authoringWith browsing access subject can read/navigate documentsAuthoring access is needed to modify, delete, append documentsAccess control module checks the policy based and applies policy specsViews of the document are created based on credentials and policy specsIn case of conflict, least access privilege rule is enforcedWorks for Push/Pull modesSystem Architecture for Access ControlUserPull/QueryPush/resultXML DocumentsX-Access X-AdminAdmin ToolsPolicybaseCredentialbase01/14/19 10Third-Party ArchitectureCredential basepolicy baseXML SourceUser/SubjectOwnerPublisherQueryReply documentSE-XMLcredentialsThe Owner is the producer of information It specifies access control policiesThe Publisher is responsible for managing (a portion of) the Owner information and answering subject queriesGoal: Untrusted Publisher with respect to Authenticity and Completeness checkingSubject Owner InteractionSubjects register with Owner during subscription phase; during this phase subject is assigned by owner credentials stored at the owner siteOwner returns to the subject the Subject Policy Configuration (policy identifiers) that apply to the subject signed with the private key of the owner Example: If polices P1 and P2 apply to John (e.g. CS prof) and policy P6 applies to Jane (IST secretary), owner Joe sends John P1 and P2 and to Jane P6 signed with Joe’s private key01/14/19 12<?xml version="1.0" encoding="UTF-8" ?> <SubjectPolicyConfiguration ID=“ProfessorCS" created="08-05-2002"> <owner> <name>owner1</name> <organization>CS</organization> <state>Texas</state> <uri>www.owner1.com</uri> <owner> <policy>VtaUBIxliHS1hzrqkKhYVTtYrafVSmCoJPkUVKYXCA7yVdc7a/ne5sgIg0tGGRe3 /D2Xg6Fbwp3SAKK/Ref1teZCpD0nlkx89GOIIcw8o9R3Mb2YY/slk5+Fu0xxWXlB YuWKWWNsXENKTkgiXL4mB1SUt4bmF6YG4lTxfxduVAw=</policy> </SubjectPolicyConfiguration>Subject Policy Configuration P1, P2Owner Publisher InteractionFor each document the owner sends the publisher the


View Full Document

UTD CS 4398 - Secure Sharing of Digital Evidence

Documents in this Course
Botnets

Botnets

33 pages

Botnets

Botnets

33 pages

Load more
Download Secure Sharing of Digital Evidence
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Secure Sharing of Digital Evidence and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Secure Sharing of Digital Evidence 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?