59,661 research outputs found
A General Approach for Securely Querying and Updating XML Data
Over the past years several works have proposed access control models for XML
data where only read-access rights over non-recursive DTDs are considered. A
few amount of works have studied the access rights for updates. In this paper,
we present a general model for specifying access control on XML data in the
presence of update operations of W3C XQuery Update Facility. Our approach for
enforcing such updates specifications is based on the notion of query rewriting
where each update operation defined over arbitrary DTD (recursive or not) is
rewritten to a safe one in order to be evaluated only over XML data which can
be updated by the user. We investigate in the second part of this report the
secure of XML updating in the presence of read-access rights specified by a
security views. For an XML document, a security view represents for each class
of users all and only the parts of the document these users are able to see. We
show that an update operation defined over a security view can cause disclosure
of sensitive data hidden by this view if it is not thoroughly rewritten with
respect to both read and update access rights. Finally, we propose a security
view based approach for securely updating XML in order to preserve the
confidentiality and integrity of XML data.Comment: No. RR-7870 (2012
DTD level authorization in XML documents with usage control
[Summary]: In recent years an increasing amount of semi-structured data has become important to humans and programs. XML promoted by the World Wide Web Consortium (W3C) is rapidly emerging as the new standard language for semi-structured data representation and exchange on the Internet. XML documents may contain private information that cannot be shared by all user communities. So securing XML data is becoming increasingly important and several approaches have been designed to protect information in a website. However, these approaches typically are used at file system level, rather than for the data in XML documents. Usage control has been considered as the next generation access control model with distinguishing properties of decision continuity. Usage control enables finer-grained control
over usage of digital objects than that of traditional access control policies and models.
In this paper, we present a usage control model to protect
information distributed on the web, which allows the access
restrictions directly at DTD-level and XML document-level.
Finally, comparisons with related works are analysed
Delegatable access control for fine-grained XML
The access control mechanisms are critical to ensure security in XML (eXtensible Markup Language). Several such mechanisms have been used or proposed; however, the notion of delegation in XML has not been studied in the literature. In this paper, we propose an access control model encapsuling delegation authorization rules for XML documents that allow flexible data granularity and limited inference protection. Our access control policy specification is basically DTD-based. It can also be considered to be document-based
Confidentiality of XML documents by pool encryption
The eXtensible Markup Language (XML) is a widely adopted format for documents
containing structured information. Structured information contains
both the content (words, images etc.) and the âmarkupâ which indicates the
role of the content, e.g. âsectionâ or âpriceâ.
XML is the foundation for a huge variety of existing and emerging applications,
including user applications like vector imaging formats, web pages,
enterprise application integration, database interfaces or network protocols.
Parallel to the increasing use of XML, the level of security provisions for these
XML based systems rises. The World Wide Web Consortium (W3C) addressed
these issues by creating the âXML Signature Syntax and Processingâ and âXML
Encryption Syntax and Processingâ recommendations. These standards define
authentication, integrity and confidentiality mechanisms for XML documents.
The XML Signature recommendation defines a method for digitally signing
arbitrary portions (nodes) of an XML document. XML Signature can sign both
tree structures and arbitrary sets of nodes of an XML document.
The XML Encryption recommendation specifies a method for encrypting tree
structures in an XML document. The XML Encryption recommendation is constrained
to protect full tree structures, i.e. there is no mechanism to protect
the confidentiality of a single node in a document without affecting the
descendants of that node.
The access control community transformed access control models originating
in database systems to be available for XML based databases. These access
control systems offer fine-grained access control enforcement on the node
level, similar to the node level integrity protection of XML Signature. For
example, XML Access Control systems can restrict the read access to a particular
node in an XML tree while allowing access to its child nodes.
This thesis is focused on the development of a cryptography based system
which can protect the confidentiality of arbitrary nodes in an XML tree. This
goal is reached by combining a tree addressing scheme of databases with
cryptographic mechanisms. This system is called âXML Pool Encryptionâ.
To verify the results of this thesis, XML Pool Encryption has been implemented
using the Java programming language.Die eXtensible Markup Language (XML) ist ein weit verbreitetes Format fĂŒr
Dokumente, die strukturierte Information enthalten. Strukturierte Information
umfasst sowohl den eigentlichen Inhalt (z.B. Wörter, Bilder, etc.) sowie
Auszeichnungsinformation, um die Rolle der Inhalte zu umschreiben, z.B.
âĂberschriftâ oder âPreisâ.
XML bildet die Grundlage fĂŒr eine groĂe Anzahl existierender und im Entstehen
begriffener Anwendungen, wie z.B. Vektorgrafik-Formate, Web Seiten,
Enterprise Application Integration Systeme, Datenbank Schnittstellen oder
Netzwerkprotokolle.
Parallel zur steigenden Verbreitung von XML werden immer mehr Vorkehrungen
zum Schutz der auf XML basierenden Systeme notwendig. Das World
Wide Web Consortium (W3C) hat sich dieser Notwendigkeit angenommen,
indem die âXML Signature Syntax and Processingâ und die âXML Encryption
Syntax and Processingâ Empfehlungen verabschiedet wurden. Diese Standards
definieren Mechanismen fĂŒr Authentisierung, IntegritĂ€t und Vertraulichkeit
von XML Dokumenten.
Die XML Signature Recommendation definiert einen Mechanismus, um beliebige
Teile eines XML Dokumentes (Nodes) digital zu signieren. XML Signature
kann sowohl Baumstrukturen als auch beliebig geformte Knotenmengen eines
XML Baumes schĂŒtzen.
Die XML Encryption Recommendation definiert einen Mechanismus fĂŒr das
VerschlĂŒsseln von Baumstrukturen innerhalb eines XML Dokumentes. W3C
XML Encryption ist hierbei auf die VerschlĂŒsselung kompletter Baumstrukturen
beschrĂ€nkt, d.h. es existiert keine Möglichkeit, die Vertraulichkeit fĂŒr einzelne
Knoten im Dokument zu gewÀhrleisten, ohne dass die Kinder dieser
Knoten ebenfalls geschĂŒtzt werden.
FĂŒr die Zugriffskontrolle von XML basierten Daten wurden Zugriffsschutzmodelle
aus dem Datenbankbereich ĂŒberarbeitet. Diese Systeme bieten die
Durchsetzung fein granularer Zugriffskontrolle auf Knotenebene, Àhnlich dem
IntegritÀtsschutz beliebiger Knoten bei XML Signature. So ist es beispielsweise
möglich, den Lesezugriff auf einen Knoten zu verweigern, wÀhrend die Kinder
dieses Knotens weiterhin lesbar bleiben.
Im Mittelpunkt dieser Arbeit steht die Entwicklung eines auf kryptografischen
Verfahren basierenden Systems, welches die Vertraulichkeit fĂŒr beliebige Knoten
eines XML Baumes gewÀhrleistet. Dieses Ziel wurde durch die Kombination
eines Schemas fĂŒr die Adressierung von Baumstrukturen mit
kryptografischen Verfahren erreicht. Dieses System wird âXML Pool Encryptionâ
genannt.
Zur ĂberprĂŒfung der Resultate dieser Arbeit wurde XML Pool Encryption in
Java implementiert
Rewrite based Verification of XML Updates
We consider problems of access control for update of XML documents. In the
context of XML programming, types can be viewed as hedge automata, and static
type checking amounts to verify that a program always converts valid source
documents into also valid output documents. Given a set of update operations we
are particularly interested by checking safety properties such as preservation
of document types along any sequence of updates. We are also interested by the
related policy consistency problem, that is detecting whether a sequence of
authorized operations can simulate a forbidden one. We reduce these questions
to type checking problems, solved by computing variants of hedge automata
characterizing the set of ancestors and descendants of the initial document
type for the closure of parameterized rewrite rules
SMOQE: A System for Providing Secure Access to XML
XML views have been widely used to enforce access control, support data integration, and speed up query answering. In many applications, e.g., XML security enforcement, it is prohibitively expensive to materialize and maintain a large number of views. Therefore, views are necessarily virtual. An immediate question then is how to answer queries on XML virtual views. A common approach is to rewrite a query on the view to an equivalent one on the underlying document, and evaluate the rewritten query. This is the approach used in the Secure MOdular Query Engine (SMOQE). The demo presents SMOQE, the first system to provide efficient support for answering queries over virtual and possibly recursively defined XML views. We demonstrate a set of novel techniques for the specification of views, the rewriting, evaluation and optimization of XML queries. Moreover, we provide insights into the internals of the engine by a set of visual tools. 1
Analysis of PKI as a Means of Securing ODF Documents
Public Key Infrastructure (PKI) has for the last two decades been a means of securing systems and communication. With the adoption of Open Document Format (ODF) as an ISO standard, the question remains if the unpopular, expensive, complex and unmaintainable PKI can prove to be a viable means of securing ODF documents. This paper analyses the drawbacks of PKI and evaluates the useji.tlness of PKl in provisioning robust, cheap and maintainable XML security to XML based ODF. This paper also evaluates the existing research on XML security, more specifically fine grained access control
A general approach to securely querying XML
XML access control requires the enforcement of highly expressive access control policies to support schema-, document and object-specific protection requirements. Access control models for XML data can be classified in two major categories: node filtering and query rewriting systems. The first category includes approaches that use access policies to compute secure user views on XML data sets. User queries are then evaluated on those views. In the second category of approaches, authorization rules are used to transform user queries to be evaluated against the original XML data set. The pros and cons for these approaches have been widely discussed in the framework of XML access control standardization activities. The aim of this paper is to describe a model combining the advantages of these approaches and overcoming their limitations, suitable as the basis of a standard technique for XML access control enforcement. The model specification is given using a Finite State Automata, ensuring generality w.r.t. specific implementation techniques
Enhanced Version Control for Unconventional Applications
The Extensible Markup Language (XML) is widely used to store, retrieve, and share digital documents. Recently, a form of Version Control System has been applied to the language, resulting in Version-Aware XML allowing for enhanced portability and scalability. While Version Control Systems are able to keep track of changes made to documents, we think that there is untapped potential in the technology. In this dissertation, we present novel ways of using Version Control System to enhance the security and performance of existing applications. We present a framework to maintain integrity in offline XML documents and provide non-repudiation security features that are independent of central certificate repositories. In addition, we use Version Control information to enhance the performance of Automated Policy Enforcement eXchange framework (APEX), an existing document security framework developed by Hewlett-Packard (HP) Labs.
Finally, we present an interactive and scalable visualization framework to represent Version-Aware-related data that helps users visualize and understand version control data, delete specific revisions of a document, and access a comprehensive overview of the entire versioning history
- âŠ