Secure Sharing of Digital EvidenceMotivationExample XML DocumentPublishing service: how it worksSubject Credentials, Protection Objects and Policy BaseSubject Credential Base ExamplePolicy Base ExampleAccess Control StrategySystem Architecture for Access ControlThird-Party ArchitectureSubject Owner InteractionSlide 12Owner Publisher InteractionPolicy Configuration/Policy ElementPolicy Configuration: examplePublisher Policy evaluation: exampleSlide 17Slide 18Slide 19Slide 20Slide 21Subject Publisher InteractionMerkle Hash PathsSlide 24Applications to Digital ForensicsAPPENDIXReply Document Generation AlgorithmExample Reply DocumentAuthentication: Authenticable ElementAuthentication Subject Verification AlgorithmAuthentication:Authentic ElementPotential Attacks and Performance IssuesChallenge: Integrating Confidentiality and AuthenticationApplication: Secure Web ServicesAuthenticityMerkle SignatureSecure Sharing of Digital EvidenceBhavani ThuraisinghamOctober 17, 2011MotivationDigital Evidence Represented in XML (eXtensivle Markup Language)XML documents have to be securedXML has become the standard document interchange language for the web XML is a critical technology for the semantic webRDF and other specifications are built on XMLXML documents must satisfy security and privacy policiesChallenges: Access Control, Secure publishing, Secure Web Services Applications, Securing RDF, Secure semantic web, Temporal models, Privacy, Handling evolving XML specificationsBased on paper published in IEEE Transactions on Knowledge and Data Engineering, October 2004 (Bertino, Ferrari, Carminati, Thuraisingham)Example XML DocumentNSFPatentsAssetYear: 2003Name: UTDExpensesDeptAuthorShort-descIDAnnual reportAssetsAssetEquipmentBooksPatentOtherTotFundsDate6/1/03TypeAmout1m$DateDeptUTDTech-detailsPatentCashCSFund01/14/19 4UsersPublishing ServiceWEBWEBPush/Pull modesSecurity requirements:ConfidentialityIntegrityAuthenticityCompletenessPublishing service: how it worksA new class of information-centered applications based on Data disseminationPossible scenarios:Information commerce (Digital libraries, Electronic news, etc.)Intra-company information systemsSubject Credentials, Protection Objects and Policy BaseSubjects are given access to XML documents or portions of documents depending on user ID and/or CredentialsCredential specification is based on credentials a subject has Professor is a credential; Secretary is a credentialProtection objects are objects to which access is controlledEntire XML documents or portions of XML documentsPolicy base stores security policies for protecting the XML source contentsSubject Credential Base Example<Professor credID=“9” subID = “16: CIssuer = “2”><name> Alice Brown </name><university> UTD <university/><department> CS </department><research-group> Security </research-group></Professor><Secretary credID=“12” subID = “4: CIssuer = “2”><name> John James </name><university> UTD <university/><department>CS </department><level> Senior </level></Secretary>01/14/19 7Policy Base Example<?xml version="1.0" encoding="UTF-8"?><policy_base>...<policy_spec ID=‘P1' cred_expr="//Professor[department='CS']" target="annual_report.xml" path="//Patent[@Dept='CS']//node()" priv="VIEW"/><policy_spec ID=‘P2' cred_expr="//Professor[department='CS']" target="annual_report.xml" path="//Patent[@Dept='IST']/Short-descr/node() and //Patent[@Dept='IST']/authors" priv="VIEW"/><policy_spec ID=‘P3' cred_expr="//Professor[department='IST'] " target="annual_report.xml" path="//Patent[@Dept='IST']//node()" priv="VIEW"/><policy_spec ID=‘P4' cred_expr="//Professor[department='IST']" target="annual_report.xml" path="//Patent[@Dept='CS']/Short-descr/node() and //Patent[@Dept='CS']/authors" priv="VIEW"/><policy_spec ID=‘P5' cred_expr="//secretary[department='CS' and level='junior']" target="annual_report.xml" path="//Asset[@Dept='CS']/node()" priv="VIEW "/><policy_spec ID=‘P6' cred_expr="//secretary[department='CS' and level='senior']" target="annual_report.xml" path="//Asset[@Dept='IST']/Funds/@Type and //Asset[@Dept='IST']/Funds/@Funding-Date" priv="VIEW "/><policy_spec ID=‘P7' cred_expr="//secretary[department='IST' and level='junior']" target="annual_report.xml" path="//Asset[@Dept='IST']/node()" priv="VIEW "/>...</policy_base>Access Control StrategySubjects request access to XML documents under two modes: Browsing and authoringWith browsing access subject can read/navigate documentsAuthoring access is needed to modify, delete, append documentsAccess control module checks the policy based and applies policy specsViews of the document are created based on credentials and policy specsIn case of conflict, least access privilege rule is enforcedWorks for Push/Pull modesSystem Architecture for Access ControlUserPull/QueryPush/resultXML DocumentsX-Access X-AdminAdmin ToolsPolicybaseCredentialbase01/14/19 10Third-Party ArchitectureCredential basepolicy baseXML SourceUser/SubjectOwnerPublisherQueryReply documentSE-XMLcredentialsThe Owner is the producer of information It specifies access control policiesThe Publisher is responsible for managing (a portion of) the Owner information and answering subject queriesGoal: Untrusted Publisher with respect to Authenticity and Completeness checkingSubject Owner InteractionSubjects register with Owner during subscription phase; during this phase subject is assigned by owner credentials stored at the owner siteOwner returns to the subject the Subject Policy Configuration (policy identifiers) that apply to the subject signed with the private key of the owner Example: If polices P1 and P2 apply to John (e.g. CS prof) and policy P6 applies to Jane (IST secretary), owner Joe sends John P1 and P2 and to Jane P6 signed with Joe’s private key01/14/19 12<?xml version="1.0" encoding="UTF-8" ?> <SubjectPolicyConfiguration ID=“ProfessorCS" created="08-05-2002"> <owner> <name>owner1</name> <organization>CS</organization> <state>Texas</state> <uri>www.owner1.com</uri> <owner> <policy>VtaUBIxliHS1hzrqkKhYVTtYrafVSmCoJPkUVKYXCA7yVdc7a/ne5sgIg0tGGRe3 /D2Xg6Fbwp3SAKK/Ref1teZCpD0nlkx89GOIIcw8o9R3Mb2YY/slk5+Fu0xxWXlB YuWKWWNsXENKTkgiXL4mB1SUt4bmF6YG4lTxfxduVAw=</policy> </SubjectPolicyConfiguration>Subject Policy Configuration P1, P2Owner Publisher InteractionFor each document the owner sends the publisher the
View Full Document