Secure and Selective Authentication and Access Control of XML DocumentsOutlineMotivation for Research on XML SecurityExample XML DocumentPublishing service: how it worksSubject Credentials, Protection Objects and Policy BaseSubject Credential Base ExamplePolicy Base ExampleAccess Control StrategySystem Architecture for Access ControlThird-Party ArchitectureSubject Owner InteractionSlide 13Owner Publisher InteractionPolicy Configuration/Policy ElementPolicy Configuration: examplePublisher Policy evaluation: exampleSlide 18Slide 19Slide 20Slide 21Slide 22Subject Publisher InteractionMerkle Hash PathsSlide 25Reply Document Generation AlgorithmExample Reply DocumentAuthentication: Authenticable ElementAuthentication Subject Verification AlgorithmAuthentication:Authentic ElementPotential Attacks and Performance IssuesChallenge: Integrating Confidentiality and AuthenticationApplication: Secure Web ServicesAuthenticityMerkle SignatureRelated Work and Directions on XML SecuritySecure and Selective Authentication and Access Control of XML DocumentsBhavani ThuraisinghamApril 8, 2009Lecture #22OutlineMotivation for Research on XML SecurityTechnical Details of the Research on XML SecurityRelated work and Future DirectionsBased on paper published in IEEE Transactions on Knowledge and Data Engineering, October 2004 (Bertino, Ferrari, Carminati, Thuraisingham)Motivation for Research on XML Security XML (extensible Markup Language) SecurityXML has become the standard document interchange language for the web XML is a critical technology for the semantic webRDF and other specifications are built on XMLXML documents must satisfy security and privacy policiesChallenges: Access Control, Secure publishing, Secure Web Services Applications, Securing RDF, Secure semantic web, Temporal models, Privacy, Handling evolving XML specificationsOutline of XML Security PresentationAccess ControlExample XML document, Policy Specification, Access Control Strategy and ArchitectureThird Party Publication of XML DocumentsArchitectureInteractions between Owner, Publisher and SubjectChecking for Authenticity and CompletenessPotential Attacks and Performance IssuesIntegrating Confidentiality with Authenticity and CompletenessApplication: Secure Web ServicesExample XML DocumentNSFPatentsAssetYear: 2003Name: UTDExpensesDeptAuthorShort-descIDAnnual reportAssetsAssetEquipmentBooksPatentOtherTotFundsDate6/1/03TypeAmout1m$DateDeptUTDTech-detailsPatentCashCSFund01/14/19 5UsersPublishing ServiceWEBWEBPush/Pull modesSecurity requirements:ConfidentialityIntegrityAuthenticityCompletenessPublishing service: how it worksA new class of information-centered applications based on Data disseminationPossible scenarios:Information commerce (Digital libraries, Electronic news, etc.)Intra-company information systemsSubject Credentials, Protection Objects and Policy BaseSubjects are given access to XML documents or portions of documents depending on user ID and/or CredentialsCredential specification is based on credentials a subject has Professor is a credential; Secretary is a credentialProtection objects are objects to which access is controlledEntire XML documents or portions of XML documentsPolicy base stores security policies for protecting the XML source contentsSubject Credential Base Example<Professor credID=“9” subID = “16: CIssuer = “2”><name> Alice Brown </name><university> UTD <university/><department> CS </department><research-group> Security </research-group></Professor><Secretary credID=“12” subID = “4: CIssuer = “2”><name> John James </name><university> UTD <university/><department>CS </department><level> Senior </level></Secretary>01/14/19 8Policy Base Example<?xml version="1.0" encoding="UTF-8"?><policy_base>...<policy_spec ID=‘P1' cred_expr="//Professor[department='CS']" target="annual_report.xml" path="//Patent[@Dept='CS']//node()" priv="VIEW"/><policy_spec ID=‘P2' cred_expr="//Professor[department='CS']" target="annual_report.xml" path="//Patent[@Dept='IST']/Short-descr/node() and //Patent[@Dept='IST']/authors" priv="VIEW"/><policy_spec ID=‘P3' cred_expr="//Professor[department='IST'] " target="annual_report.xml" path="//Patent[@Dept='IST']//node()" priv="VIEW"/><policy_spec ID=‘P4' cred_expr="//Professor[department='IST']" target="annual_report.xml" path="//Patent[@Dept='CS']/Short-descr/node() and //Patent[@Dept='CS']/authors" priv="VIEW"/><policy_spec ID=‘P5' cred_expr="//secretary[department='CS' and level='junior']" target="annual_report.xml" path="//Asset[@Dept='CS']/node()" priv="VIEW "/><policy_spec ID=‘P6' cred_expr="//secretary[department='CS' and level='senior']" target="annual_report.xml" path="//Asset[@Dept='IST']/Funds/@Type and //Asset[@Dept='IST']/Funds/@Funding-Date" priv="VIEW "/><policy_spec ID=‘P7' cred_expr="//secretary[department='IST' and level='junior']" target="annual_report.xml" path="//Asset[@Dept='IST']/node()" priv="VIEW "/>...</policy_base>Access Control StrategySubjects request access to XML documents under two modes: Browsing and authoringWith browsing access subject can read/navigate documentsAuthoring access is needed to modify, delete, append documentsAccess control module checks the policy based and applies policy specsViews of the document are created based on credentials and policy specsIn case of conflict, least access privilege rule is enforcedWorks for Push/Pull modesSystem Architecture for Access ControlUserPull/QueryPush/resultXML DocumentsX-Access X-AdminAdmin ToolsPolicybaseCredentialbase01/14/19 11Third-Party ArchitectureCredential basepolicy baseXML SourceUser/SubjectOwnerPublisherQueryReply documentSE-XMLcredentialsThe Owner is the producer of information It specifies access control policiesThe Publisher is responsible for managing (a portion of) the Owner information and answering subject queriesGoal: Untrusted Publisher with respect to Authenticity and Completeness checkingSubject Owner InteractionSubjects register with Owner during subscription phase; during this phase subject is assigned by owner credentials stored at the owner siteOwner returns to the subject the Subject Policy Configuration (policy identifiers) that apply to the subject signed with the private key of the owner Example: If polices P1 and P2 apply to John (e.g. CS prof) and policy P6 applies to Jane (IST
View Full Document