Secure and Selective Authentication and Access Control of XML Documents or Secure Sharing of Digital EvidenceOutlineMotivation for Research on XML SecurityExample XML DocumentPublishing service: how it worksSubject Credentials, Protection Objects and Policy BaseSubject Credential Base ExamplePolicy Base ExampleAccess Control StrategySystem Architecture for Access ControlThird-Party ArchitectureSubject Owner InteractionSlide 13Owner Publisher InteractionPolicy Configuration/Policy ElementPolicy Configuration: examplePublisher Policy evaluation: exampleSlide 18Slide 19Slide 20Slide 21Slide 22Subject Publisher InteractionMerkle Hash PathsSlide 25Applications to Digital ForensicsRelated Work and Directions on XML SecurityAPPENDIXReply Document Generation AlgorithmExample Reply DocumentAuthentication: Authenticable ElementAuthentication Subject Verification AlgorithmAuthentication:Authentic ElementPotential Attacks and Performance IssuesChallenge: Integrating Confidentiality and AuthenticationApplication: Secure Web ServicesAuthenticityMerkle SignatureSecure and Selective Authentication and Access Control of XML DocumentsorSecure Sharing of Digital EvidenceBhavani ThuraisinghamFebruary 2010OutlineMotivation for Research on XML SecurityTechnical Details of the Research on XML SecurityApplying approach to Digital ForensicsRelated work and Future DirectionsAppendixBased on paper published in IEEE Transactions on Knowledge and Data Engineering, October 2004 (Bertino, Ferrari, Carminati, Thuraisingham)Elisa Bertino, Barbara Carminati, Elena Ferrari, Bhavani M. Thuraisingham, Amar Gupta: Selective and Authentic Third-Party Distribution of XML Documents. IEEE Trans. Knowl. Data Eng. 16(10): 1263-1278 (2004)Motivation for Research on XML Security XML (extensible Markup Language) SecurityXML has become the standard document interchange language for the web XML is a critical technology for the semantic webRDF and other specifications are built on XMLXML documents must satisfy security and privacy policiesChallenges: Access Control, Secure publishing, Secure Web Services Applications, Securing RDF, Secure semantic web, Temporal models, Privacy, Handling evolving XML specificationsOutline of XML Security PresentationAccess ControlExample XML document, Policy Specification, Access Control Strategy and ArchitectureThird Party Publication of XML DocumentsArchitectureInteractions between Owner, Publisher and SubjectChecking for Authenticity and CompletenessPotential Attacks and Performance IssuesIntegrating Confidentiality with Authenticity and CompletenessApplication: Secure Web ServicesExample XML DocumentNSFPatentsAssetYear: 2003Name: UTDExpensesDeptAuthorShort-descIDAnnual reportAssetsAssetEquipmentBooksPatentOtherTotFundsDate6/1/03TypeAmout1m$DateDeptUTDTech-detailsPatentCashCSFund01/14/19 5UsersPublishing ServiceWEBWEBPush/Pull modesSecurity requirements:ConfidentialityIntegrityAuthenticityCompletenessPublishing service: how it worksA new class of information-centered applications based on Data disseminationPossible scenarios:Information commerce (Digital libraries, Electronic news, etc.)Intra-company information systemsSubject Credentials, Protection Objects and Policy BaseSubjects are given access to XML documents or portions of documents depending on user ID and/or CredentialsCredential specification is based on credentials a subject has Professor is a credential; Secretary is a credentialProtection objects are objects to which access is controlledEntire XML documents or portions of XML documentsPolicy base stores security policies for protecting the XML source contentsSubject Credential Base Example<Professor credID=“9” subID = “16: CIssuer = “2”><name> Alice Brown </name><university> UTD <university/><department> CS </department><research-group> Security </research-group></Professor><Secretary credID=“12” subID = “4: CIssuer = “2”><name> John James </name><university> UTD <university/><department>CS </department><level> Senior </level></Secretary>01/14/19 8Policy Base Example<?xml version="1.0" encoding="UTF-8"?><policy_base>...<policy_spec ID=‘P1' cred_expr="//Professor[department='CS']" target="annual_report.xml" path="//Patent[@Dept='CS']//node()" priv="VIEW"/><policy_spec ID=‘P2' cred_expr="//Professor[department='CS']" target="annual_report.xml" path="//Patent[@Dept='IST']/Short-descr/node() and //Patent[@Dept='IST']/authors" priv="VIEW"/><policy_spec ID=‘P3' cred_expr="//Professor[department='IST'] " target="annual_report.xml" path="//Patent[@Dept='IST']//node()" priv="VIEW"/><policy_spec ID=‘P4' cred_expr="//Professor[department='IST']" target="annual_report.xml" path="//Patent[@Dept='CS']/Short-descr/node() and //Patent[@Dept='CS']/authors" priv="VIEW"/><policy_spec ID=‘P5' cred_expr="//secretary[department='CS' and level='junior']" target="annual_report.xml" path="//Asset[@Dept='CS']/node()" priv="VIEW "/><policy_spec ID=‘P6' cred_expr="//secretary[department='CS' and level='senior']" target="annual_report.xml" path="//Asset[@Dept='IST']/Funds/@Type and //Asset[@Dept='IST']/Funds/@Funding-Date" priv="VIEW "/><policy_spec ID=‘P7' cred_expr="//secretary[department='IST' and level='junior']" target="annual_report.xml" path="//Asset[@Dept='IST']/node()" priv="VIEW "/>...</policy_base>Access Control StrategySubjects request access to XML documents under two modes: Browsing and authoringWith browsing access subject can read/navigate documentsAuthoring access is needed to modify, delete, append documentsAccess control module checks the policy based and applies policy specsViews of the document are created based on credentials and policy specsIn case of conflict, least access privilege rule is enforcedWorks for Push/Pull modesSystem Architecture for Access ControlUserPull/QueryPush/resultXML DocumentsX-Access X-AdminAdmin ToolsPolicybaseCredentialbase01/14/19 11Third-Party ArchitectureCredential basepolicy baseXML SourceUser/SubjectOwnerPublisherQueryReply documentSE-XMLcredentialsThe Owner is the producer of information It specifies access control policiesThe Publisher is responsible for managing (a portion of) the Owner information and answering subject queriesGoal: Untrusted Publisher with respect to Authenticity and Completeness checkingSubject Owner InteractionSubjects register with Owner during subscription
View Full Document