Secure and Selective Authentication and Access Control of XML Documents Bhavani Thuraisingham August 2006 Lecture 3 Guest Lecture 01 13 19 Outline 01 13 19 Motivation for Research on XML Security Technical Details of the Research on XML Security Related work and Future Directions Based on paper published in IEEE Transactions on Knowledge and Data Engineering October 2004 Bertino Ferrari Carminati Thuraisingham Motivation for Research on XML Security XML extensible Markup Language Security XML has become the standard document interchange language for the web XML is a critical technology for the semantic web RDF and other specifications are built on XML XML documents must satisfy security and privacy policies Challenges Access Control Secure publishing Secure Web Services Applications Securing RDF Secure semantic web Temporal models Privacy Handling evolving XML specifications Outline of XML Security Presentation Access Control Example XML document Policy Specification Access Control Strategy and Architecture Third Party Publication of XML Documents Architecture Interactions between Owner Publisher and Subject Checking for Authenticity and Completeness Potential Attacks and Performance Issues Integrating Confidentiality with Authenticity and Completeness Application Secure Web Services 01 13 19 Example XML Document Year 2003 Annual report Assets Asset Patents Asset Dept Name UTD Other Equipment Patent Patent Expenses Author CS ID Tot Date Tech details Funds Fund Date Dept Amout UTD Type 6 1 03 1m 01 13 19 NSF Short desc Cash Books Publishing service how it works A new class of information centered applications based on Data dissemination Possible scenarios Information commerce Digital libraries Electronic news etc Intra company information systems Publishi ng Service WEB WEB Push Pull modes Security requirements 01 13 19 User s Confidentiality Integrity Authenticity Completeness 5 Subject Credentials Protection Objects and Policy Base Subjects are given access to XML documents or portions of documents depending on user ID and or Credentials Credential specification is based on credentials a subject has Professor is a credential Secretary is a credential Protection objects are objects to which access is controlled Entire XML documents or portions of XML documents Policy base stores security policies for protecting the XML source contents 01 13 19 Subject Credential Base Example Professor credID 9 subID 16 CIssuer 2 name Alice Brown name university UTD university department CS department research group Security research group Professor Secretary credID 12 subID 4 CIssuer 2 name John James name university UTD university department CS department level Senior level Secretary 01 13 19 Policy Base Example xml version 1 0 encoding UTF 8 policy base policy spec ID P1 cred expr Professor department CS target annual report xml path Patent Dept CS node priv VIEW policy spec ID P2 cred expr Professor department CS target annual report xml path Patent Dept IST Short descr node and Patent Dept IST authors priv VIEW policy spec ID P3 cred expr Professor department IST target annual report xml path Patent Dept IST node priv VIEW policy spec ID P4 cred expr Professor department IST target annual report xml path Patent Dept CS Short descr node and Patent Dept CS authors priv VIEW policy spec ID P5 cred expr secretary department CS and level junior target annual report xml path Asset Dept CS node priv VIEW policy spec ID P6 cred expr secretary department CS and level senior target annual report xml path Asset Dept IST Funds Type and Asset Dept IST Funds Funding Date priv VIEW policy spec ID P7 cred expr secretary department IST and level junior target annual report xml path Asset Dept IST node priv VIEW policy base 01 13 19 8 Access Control Strategy Subjects request access to XML documents under two modes Browsing and authoring With browsing access subject can read navigate documents Authoring access is needed to modify delete append documents Access control module checks the policy based and applies policy specs Views of the document are created based on credentials and policy specs In case of conflict least access privilege rule is enforced Works for Push Pull modes 01 13 19 System Architecture for Access Control Pull Query User X Access Push result X Admin Admin Tools Policy base Credential base XML Documents 01 13 19 Third Party Architecture XML Source Credential policy base base SE XML The Owner is the producer of information It specifies access control policies The Publisher is responsible for managing a portion of the Owner information and answering subject queries Goal Untrusted Publisher with respect to Authenticity and Completeness checking 01 13 19 Own er Publishe Reply documenr credential t s Query User Subject 11 Subject Owner Interaction Subjects register with Owner during subscription phase during this phase subject is assigned by owner credentials stored at the owner site Owner returns to the subject the Subject Policy Configuration policy identifiers that apply to the subject signed with the private key of the owner Example If polices P1 and P2 apply to John e g CS prof and policy P6 applies to Jane IST secretary owner Joe sends John P1 and P2 and to Jane P6 signed with Joe s private key 01 13 19 Subject Policy Configuration xml version 1 0 encoding UTF 8 SubjectPolicyConfiguration ID ProfessorCS created 08 05 2002 owner name owner1 name organization CS organization state Texas state uri www owner1 com uri owner policy VtaUBIxliHS1hzrqkKhYVTtYrafVSmCoJPkUVKYXCA7yVdc7a ne5sgIg0tGGRe3 D2Xg6Fbwp3SAKK Ref1teZCpD0nlkx89GOIIcw8o9R3Mb2YY slk5 Fu0xxWXlB YuWKWWNsXENKTkgiXL4mB1SUt4bmF6YG4lTxfxduVAw policy SubjectPolicyConfiguration P1 P2 01 13 19 13 Owner Publisher Interaction For each document the owner sends the publisher the following information Information on which subjects can access which portions of the document according to the policy base I e access control policies Policy element which describes the policies for the document is also inserted Also for each element e based on the policies applied to e the owner inserts policy configuration binary string converted to hexadecimal representation Merkle Signature of each document The document together with the security information is called Security Enhanced Document SE XML and will enable the subject to verify the authenticity of the document Additional information encoded in the document called Secure Structure is used by the subject