Selective and Authentic Third-Party distribution of XML DocumentsContentsTerminologySecurity propertiesXML revisited…(1)XML revisited…(2)XML revisited…(3)XML revisited…(4)Merkle Hash functionMerkle Hash Function (Mh)MhXd…KeypointsAccess Control Model for XML Documents(1)Access Control Model(2)Access Control Model(3)System Architecture (1)Architecture (2)Architecture (3)Architecture (4)Subject – Owner Interaction(1)Subject – Owner Interactions(2)Owner – Publisher Interaction (1)Owner – Publisher Interaction(2)Subject – Publisher Interaction(1)Subject – Publisher Interaction(2)Subject – Publisher Interaction(3)Reply Document Generation(3)Reply Document Generation(2)Subject VerificationAuthenticable ElementAuthentic ElementCompleteness VerificationAttack AnalysisPerformance IssuesSlide 35Slide 36Related WorkConclusionsReferencesSlide 40Slide 41Selective and Authentic Selective and Authentic Third-Party distribution of Third-Party distribution of XML DocumentsXML Documents- Yashaswini Harsha Kumar - Netaji Mandava(Oct 16th 2006)ContentsContentsTerminologyTerminologySecurity PropertiesSecurity PropertiesXML OverviewXML OverviewMerkle Hash functionMerkle Hash functionAccess Control ModelAccess Control ModelArchitectureArchitectureActor InteractionsActor InteractionsReferencesReferencesTerminologyTerminologyOwnerOwner : : Producer of informationProducer of informationPublisherPublisher : : Manages the ownerManages the owner information and answers subject information and answers subject queries.queries.SubjectSubject : : A person who produces queries for documents.A person who produces queries for documents.Merkle Hash TreesMerkle Hash Trees : : A Merkle hash tree is a tree of hashes in A Merkle hash tree is a tree of hashes in which the leaves are hashes of data blocks in, for instance, a file which the leaves are hashes of data blocks in, for instance, a file or set of files. Nodes further up in the tree are the hashes of their or set of files. Nodes further up in the tree are the hashes of their respective children. For example, in the picture to the right respective children. For example, in the picture to the right hash 0hash 0 is the result of hashing is the result of hashing hash 0-0hash 0-0 and then and then hash 0-1hash 0-1. That is, . That is, hash 0 hash 0 = hash( hash 0-0 | hash 0-1 )= hash( hash 0-0 | hash 0-1 )..Security propertiesSecurity propertiesDocument Source AuthenticityDocument Source Authenticity : : The subject receiving a document is assured that the contents of the document originated at the claimed source.Document Contents AuthenticityDocument Contents Authenticity: : The integrity of the document received by a subject with respect to the original document is respected.Completeness of Response : A subject must be able to verify that he or she has received all the document(s) (or portion(s) of document(s)) that is entitled to access, according to the stated access control policies.XML revisited…(1)XML revisited…(1)Nested and tagged XML elements.Nested and tagged XML elements.Attributes.Attributes.Label :Label : Set of element tags and attribute Set of element tags and attribute names.names.Value : Value : A set of attribute/element values.A set of attribute/element values.XML revisited…(2)XML revisited…(2)Is an XML document a tuple?Is an XML document a tuple?XML revisited…(3)XML revisited…(3)XML revisited…(4)XML revisited…(4)Edges: element – attribute, element – sub elementLink Edges: Links between elements (IDREF).Merkle Hash functionMerkle Hash functionEnsures Authenticity of the document as well as Ensures Authenticity of the document as well as the schema.the schema.Associate a hash value with each node in the Associate a hash value with each node in the graph representation of the XML document.graph representation of the XML document.The hash value of a node is obtained by applying The hash value of a node is obtained by applying a hash function over the concatenation of its a hash function over the concatenation of its children.children.The hash values are computed using the Merkle The hash values are computed using the Merkle Hash Function.Hash Function.Merkle Hash Function (Merkle Hash Function (MhMh))MhXd…MhXd…Collision Resistant Hash function (CRHF):Collision Resistant Hash function (CRHF): hash() is a CRHF if it is hard hash() is a CRHF if it is hard to find two different messages to find two different messages mm1 and 1 and mm2 such that 2 such that hash(hash(mm1)9=9hash(1)9=9hash(mm2). 2). Codomain of MhXd:Codomain of MhXd: the codomain of a function the codomain of a function ff9: 9: XX → → YY is the set is the set YY. . Hash is a mapping from a domain (usually called keys) into a Hash is a mapping from a domain (usually called keys) into a codomain (usually called values) codomain (usually called values)KeypointsKeypointsIf a subject knows the correct Merkle hash value of a node, the Publisher cannot forge the value of the descendant children.The Publisher returns the Merkle Hash value of the of the root of an XML document d, along with the query result. The Publisher receives the hash value of the root from the Owner.The Merkle hash value of the root of the document is critical; therefore, it is signed by the Owner (known as as Merkle Signature) and is verified by the subject.(Please refer to the paper for details on generating the Merkle Signature.)Access Control Model for XML Access Control Model for XML Documents(1)Documents(1)Subjects are qualified by means of Subjects are qualified by means of credentialscredentials..A credential is a set of properties concerning a subject that are relevant for security purposes (for example, age, position within an organization).Credentials are encoded using an XML-based language, called X-Sec.Access control policies specify conditions on the credentials and properties of the credentials, using an XPath-compliant language.Access Control Model(2)Access Control Model(2) The access control model provides varying access granularity levels and can express policies that apply to:1) all the instances of a DTD/XML Schema 2) collections of documents not necessarily instances of the same DTD/XMLSchema 3) selected portions within a document(s), or a link (or a set of links).Access Control Model(3)Access Control Model(3)Access control policies are
View Full Document
Unlocking...