Secure and Selective Authentication and Access Control of XML Documents or Secure Sharing of Digital EvidenceOutlineMotivation for Research on XML SecurityExample XML DocumentPublishing service: how it worksSubject Credentials, Protection Objects and Policy BaseSubject Credential Base ExamplePolicy Base ExampleAccess Control StrategySystem Architecture for Access ControlThird-Party ArchitectureSubject Owner InteractionSlide 13Owner Publisher InteractionPolicy Configuration/Policy ElementPolicy Configuration: examplePublisher Policy evaluation: exampleSlide 18Slide 19Slide 20Slide 21Slide 22Subject Publisher InteractionMerkle Hash PathsSlide 25Applications to Digital ForensicsRelated Work and Directions on XML SecurityAPPENDIXReply Document Generation AlgorithmExample Reply DocumentAuthentication: Authenticable ElementAuthentication Subject Verification AlgorithmAuthentication:Authentic ElementPotential Attacks and Performance IssuesChallenge: Integrating Confidentiality and AuthenticationApplication: Secure Web ServicesAuthenticityMerkle SignatureSecure and Selective Authentication and Access Control of XML DocumentsorSecure Sharing of Digital EvidenceBhavani ThuraisinghamFebruary 2010OutlineMotivation for Research on XML SecurityTechnical Details of the Research on XML SecurityApplying approach to Digital ForensicsRelated work and Future DirectionsAppendixBased on paper published in IEEE Transactions on Knowledge and Data Engineering, October 2004 (Bertino, Ferrari, Carminati, Thuraisingham)Elisa Bertino, Barbara Carminati, Elena Ferrari, Bhavani M. Thuraisingham, Amar Gupta: Selective and Authentic Third-Party Distribution of XML Documents. IEEE Trans. Knowl. Data Eng. 16(10): 1263-1278 (2004)Motivation for Research on XML Security XML (extensible Markup Language) SecurityXML has become the standard document interchange language for the web XML is a critical technology for the semantic webRDF and other specifications are built on XMLXML documents must satisfy security and privacy policiesChallenges: Access Control, Secure publishing, Secure Web Services Applications, Securing RDF, Secure semantic web, Temporal models, Privacy, Handling evolving XML specificationsOutline of XML Security PresentationAccess ControlExample XML document, Policy Specification, Access Control Strategy and ArchitectureThird Party Publication of XML DocumentsArchitectureInteractions between Owner, Publisher and SubjectChecking for Authenticity and CompletenessPotential Attacks and Performance IssuesIntegrating Confidentiality with Authenticity and CompletenessApplication: Secure Web ServicesExample XML DocumentNSFPatentsAssetYear: 2003Name: UTDExpensesDeptAuthorShort-descIDAnnual reportAssetsAssetEquipmentBooksPatentOtherTotFundsDate6/1/03TypeAmout1m$DateDeptUTDTech-detailsPatentCashCSFund01/14/19 5UsersPublishing ServiceWEBWEBPush/Pull modesSecurity requirements:ConfidentialityIntegrityAuthenticityCompletenessPublishing service: how it worksA new class of information-centered applications based on Data disseminationPossible scenarios:Information commerce (Digital libraries, Electronic news, etc.)Intra-company information systemsSubject Credentials, Protection Objects and Policy BaseSubjects are given access to XML documents or portions of documents depending on user ID and/or CredentialsCredential specification is based on credentials a subject has Professor is a credential; Secretary is a credentialProtection objects are objects to which access is controlledEntire XML documents or portions of XML documentsPolicy base stores security policies for protecting the XML source contentsSubject Credential Base Example<Professor credID=“9” subID = “16: CIssuer = “2”><name> Alice Brown </name><university> UTD <university/><department> CS </department><research-group> Security </research-group></Professor><Secretary credID=“12” subID = “4: CIssuer = “2”><name> John James </name><university> UTD <university/><department>CS </department><level> Senior </level></Secretary>01/14/19 8Policy Base Example<?xml version="1.0" encoding="UTF-8"?><policy_base>...<policy_spec ID=‘P1' cred_expr="//Professor[department='CS']" target="annual_report.xml" path="//Patent[@Dept='CS']//node()" priv="VIEW"/><policy_spec ID=‘P2' cred_expr="//Professor[department='CS']" target="annual_report.xml" path="//Patent[@Dept='IST']/Short-descr/node() and //Patent[@Dept='IST']/authors" priv="VIEW"/><policy_spec ID=‘P3' cred_expr="//Professor[department='IST'] " target="annual_report.xml" path="//Patent[@Dept='IST']//node()" priv="VIEW"/><policy_spec ID=‘P4' cred_expr="//Professor[department='IST']" target="annual_report.xml" path="//Patent[@Dept='CS']/Short-descr/node() and //Patent[@Dept='CS']/authors" priv="VIEW"/><policy_spec ID=‘P5' cred_expr="//secretary[department='CS' and level='junior']" target="annual_report.xml" path="//Asset[@Dept='CS']/node()" priv="VIEW "/><policy_spec ID=‘P6' cred_expr="//secretary[department='CS' and level='senior']" target="annual_report.xml" path="//Asset[@Dept='IST']/Funds/@Type and //Asset[@Dept='IST']/Funds/@Funding-Date" priv="VIEW "/><policy_spec ID=‘P7' cred_expr="//secretary[department='IST' and level='junior']" target="annual_report.xml" path="//Asset[@Dept='IST']/node()" priv="VIEW "/>...</policy_base>Access Control StrategySubjects request access to XML documents under two modes: Browsing and authoringWith browsing access subject can read/navigate documentsAuthoring access is needed to modify, delete, append documentsAccess control module checks the policy based and applies policy specsViews of the document are created based on credentials and policy specsIn case of conflict, least access privilege rule is enforcedWorks for Push/Pull modesSystem Architecture for Access ControlUserPull/QueryPush/resultXML DocumentsX-Access X-AdminAdmin ToolsPolicybaseCredentialbase01/14/19 11Third-Party ArchitectureCredential basepolicy baseXML SourceUser/SubjectOwnerPublisherQueryReply documentSE-XMLcredentialsThe Owner is the producer of information It specifies access control policiesThe Publisher is responsible for managing (a portion of) the Owner information and answering subject queriesGoal: Untrusted Publisher with respect to Authenticity and Completeness checkingSubject Owner InteractionSubjects register with Owner during subscription