22,966 research outputs found
Secure XML-based Network Management in a Multi-source Context
Rapport interne.This paper presents a secure architecture for network management in an XML environment. It introduces a distributed access control mechanism based on RBAC directly integrated into XML network configuration documents. It also provides confidentiality and authentication to the protocol both being deeply bound to the role concept of the RBAC model. It also uses an efficient key distribution mechanism based on multicast key management. A prototype implementing this security architecture is under development
Supporting XML Security Models Using Relational Databases: A Vision
As the secure distribution and sharing of information over the World Wide Web becomes increasingly important, the needs for flexible and e#cient support of access control systems naturally arise. Since the eXtensible Markup Language (XML) is emerging as the format of the Internet era for storing and exchanging information, there have been, recently, many proposals to extend the XML model to incorporate security aspects. To the lesser or greater extent, however, such proposals neglect the fact that the data for XML documents will most likely reside in relational databases, and consequently do not utilize various security models proposed for and implemented in relational databases
Recommended from our members
A practical mandatory access control model for XML databases
A practical mandatory access control (MAC) model for XML databases is presented in this paper. The
label type and label access policy can be defined according to the requirements of different applications. In order to
preserve the integrity of data in XML databases, a constraint between a read-access rule and a write-access rule in
label access policy is introduced. Rules for label assignment and propagation are presented to alleviate the workload
of label assignments. Furthermore, a solution for resolving conflicts in label assignments is proposed. Rules for
update-related operations, rules for exceptional privileges of ordinary users and the administrator are also proposed
to preserve the security of operations in XML databases. The MAC model, we proposed in this study, has been
implemented in an XML database. Test results demonstrated that our approach provides rational and scalable
performance
Secure Querying of Recursive XML Views: A Standard XPath-based Technique
Most state-of-the art approaches for securing XML documents allow users to
access data only through authorized views defined by annotating an XML grammar
(e.g. DTD) with a collection of XPath expressions. To prevent improper
disclosure of confidential information, user queries posed on these views need
to be rewritten into equivalent queries on the underlying documents. This
rewriting enables us to avoid the overhead of view materialization and
maintenance. A major concern here is that query rewriting for recursive XML
views is still an open problem. To overcome this problem, some works have been
proposed to translate XPath queries into non-standard ones, called Regular
XPath queries. However, query rewriting under Regular XPath can be of
exponential size as it relies on automaton model. Most importantly, Regular
XPath remains a theoretical achievement. Indeed, it is not commonly used in
practice as translation and evaluation tools are not available. In this paper,
we show that query rewriting is always possible for recursive XML views using
only the expressive power of the standard XPath. We investigate the extension
of the downward class of XPath, composed only by child and descendant axes,
with some axes and operators and we propose a general approach to rewrite
queries under recursive XML views. Unlike Regular XPath-based works, we provide
a rewriting algorithm which processes the query only over the annotated DTD
grammar and which can run in linear time in the size of the query. An
experimental evaluation demonstrates that our algorithm is efficient and scales
well.Comment: (2011
Developing a Framework to Implement Public Key Infrastructure Enabled Security in XML Documents
This paper concentrates on proposing a framework to implement the PKI enables security in XML documents, by defining a common framework and processing rules that can be shared across applications using common tools, avoiding the need for extensive customization of applications to add security. The Framework reuses the concepts, algorithms and core technologies of legacy security systems while introducing changes necessary to support extensible integration with XML. This allows interoperability with a wide range of existing infrastructures and across deployments. Currently no strict security models and mechanisms are available that can provide specification and enforcement of security policies for XML documents. Such models are crucial in order to facilitate a secure dissemination of XML documents, containing information of different sensitivity levels, among (possibly large) user communities
A General Approach for Securely Querying and Updating XML Data
Over the past years several works have proposed access control models for XML
data where only read-access rights over non-recursive DTDs are considered. A
few amount of works have studied the access rights for updates. In this paper,
we present a general model for specifying access control on XML data in the
presence of update operations of W3C XQuery Update Facility. Our approach for
enforcing such updates specifications is based on the notion of query rewriting
where each update operation defined over arbitrary DTD (recursive or not) is
rewritten to a safe one in order to be evaluated only over XML data which can
be updated by the user. We investigate in the second part of this report the
secure of XML updating in the presence of read-access rights specified by a
security views. For an XML document, a security view represents for each class
of users all and only the parts of the document these users are able to see. We
show that an update operation defined over a security view can cause disclosure
of sensitive data hidden by this view if it is not thoroughly rewritten with
respect to both read and update access rights. Finally, we propose a security
view based approach for securely updating XML in order to preserve the
confidentiality and integrity of XML data.Comment: No. RR-7870 (2012
DTD level authorization in XML documents with usage control
[Summary]: In recent years an increasing amount of semi-structured data has become important to humans and programs. XML promoted by the World Wide Web Consortium (W3C) is rapidly emerging as the new standard language for semi-structured data representation and exchange on the Internet. XML documents may contain private information that cannot be shared by all user communities. So securing XML data is becoming increasingly important and several approaches have been designed to protect information in a website. However, these approaches typically are used at file system level, rather than for the data in XML documents. Usage control has been considered as the next generation access control model with distinguishing properties of decision continuity. Usage control enables finer-grained control
over usage of digital objects than that of traditional access control policies and models.
In this paper, we present a usage control model to protect
information distributed on the web, which allows the access
restrictions directly at DTD-level and XML document-level.
Finally, comparisons with related works are analysed
A flexible mandatory access control policy for XML databases
A flexible mandatory access control policy (MAC) for XML
databases is presented in this paper. The label type and label
access policy can be defined according to the requirements of
applications. In order to preserve the integrity of data in XML
databases, a constraint between a read access rule and a write
access rule in label access policy is introduced. Rules for label
assignment and propagation are proposed to alleviate the
workload of label assignment. Also, a solution for resolving
conflicts of label assignments is proposed. At last, operations for
implementation of the MAC policy in a XML database are
illustrated
XML Security in Certificate Management - XML Certificator
The trend of rapid growing use of XML format in data/document management system reveals that security measures should be urgently considered into next generation's data/document systems. This paper presents a new certificate management system developed on the basis of XML security mechanisms. The system is supported by the theories of XML security as well as Object oriented technology and database. Finally it has been successfully implemented in using C&#, SQL, XML signature and XML encryption. An implementation metrics is evidently presented
- …