2,245 research outputs found
Confidentiality of XML documents by pool encryption
The eXtensible Markup Language (XML) is a widely adopted format for documents
containing structured information. Structured information contains
both the content (words, images etc.) and the âmarkupâ which indicates the
role of the content, e.g. âsectionâ or âpriceâ.
XML is the foundation for a huge variety of existing and emerging applications,
including user applications like vector imaging formats, web pages,
enterprise application integration, database interfaces or network protocols.
Parallel to the increasing use of XML, the level of security provisions for these
XML based systems rises. The World Wide Web Consortium (W3C) addressed
these issues by creating the âXML Signature Syntax and Processingâ and âXML
Encryption Syntax and Processingâ recommendations. These standards define
authentication, integrity and confidentiality mechanisms for XML documents.
The XML Signature recommendation defines a method for digitally signing
arbitrary portions (nodes) of an XML document. XML Signature can sign both
tree structures and arbitrary sets of nodes of an XML document.
The XML Encryption recommendation specifies a method for encrypting tree
structures in an XML document. The XML Encryption recommendation is constrained
to protect full tree structures, i.e. there is no mechanism to protect
the confidentiality of a single node in a document without affecting the
descendants of that node.
The access control community transformed access control models originating
in database systems to be available for XML based databases. These access
control systems offer fine-grained access control enforcement on the node
level, similar to the node level integrity protection of XML Signature. For
example, XML Access Control systems can restrict the read access to a particular
node in an XML tree while allowing access to its child nodes.
This thesis is focused on the development of a cryptography based system
which can protect the confidentiality of arbitrary nodes in an XML tree. This
goal is reached by combining a tree addressing scheme of databases with
cryptographic mechanisms. This system is called âXML Pool Encryptionâ.
To verify the results of this thesis, XML Pool Encryption has been implemented
using the Java programming language.Die eXtensible Markup Language (XML) ist ein weit verbreitetes Format fĂŒr
Dokumente, die strukturierte Information enthalten. Strukturierte Information
umfasst sowohl den eigentlichen Inhalt (z.B. Wörter, Bilder, etc.) sowie
Auszeichnungsinformation, um die Rolle der Inhalte zu umschreiben, z.B.
âĂberschriftâ oder âPreisâ.
XML bildet die Grundlage fĂŒr eine groĂe Anzahl existierender und im Entstehen
begriffener Anwendungen, wie z.B. Vektorgrafik-Formate, Web Seiten,
Enterprise Application Integration Systeme, Datenbank Schnittstellen oder
Netzwerkprotokolle.
Parallel zur steigenden Verbreitung von XML werden immer mehr Vorkehrungen
zum Schutz der auf XML basierenden Systeme notwendig. Das World
Wide Web Consortium (W3C) hat sich dieser Notwendigkeit angenommen,
indem die âXML Signature Syntax and Processingâ und die âXML Encryption
Syntax and Processingâ Empfehlungen verabschiedet wurden. Diese Standards
definieren Mechanismen fĂŒr Authentisierung, IntegritĂ€t und Vertraulichkeit
von XML Dokumenten.
Die XML Signature Recommendation definiert einen Mechanismus, um beliebige
Teile eines XML Dokumentes (Nodes) digital zu signieren. XML Signature
kann sowohl Baumstrukturen als auch beliebig geformte Knotenmengen eines
XML Baumes schĂŒtzen.
Die XML Encryption Recommendation definiert einen Mechanismus fĂŒr das
VerschlĂŒsseln von Baumstrukturen innerhalb eines XML Dokumentes. W3C
XML Encryption ist hierbei auf die VerschlĂŒsselung kompletter Baumstrukturen
beschrĂ€nkt, d.h. es existiert keine Möglichkeit, die Vertraulichkeit fĂŒr einzelne
Knoten im Dokument zu gewÀhrleisten, ohne dass die Kinder dieser
Knoten ebenfalls geschĂŒtzt werden.
FĂŒr die Zugriffskontrolle von XML basierten Daten wurden Zugriffsschutzmodelle
aus dem Datenbankbereich ĂŒberarbeitet. Diese Systeme bieten die
Durchsetzung fein granularer Zugriffskontrolle auf Knotenebene, Àhnlich dem
IntegritÀtsschutz beliebiger Knoten bei XML Signature. So ist es beispielsweise
möglich, den Lesezugriff auf einen Knoten zu verweigern, wÀhrend die Kinder
dieses Knotens weiterhin lesbar bleiben.
Im Mittelpunkt dieser Arbeit steht die Entwicklung eines auf kryptografischen
Verfahren basierenden Systems, welches die Vertraulichkeit fĂŒr beliebige Knoten
eines XML Baumes gewÀhrleistet. Dieses Ziel wurde durch die Kombination
eines Schemas fĂŒr die Adressierung von Baumstrukturen mit
kryptografischen Verfahren erreicht. Dieses System wird âXML Pool Encryptionâ
genannt.
Zur ĂberprĂŒfung der Resultate dieser Arbeit wurde XML Pool Encryption in
Java implementiert
The OMII Software â Demonstrations and Comparisons between two different deployments for Client-Server Distributed Systems
This paper describes the key elements of the OMII software and the scenarios which OMII software can be deployed to achieve distributed computing in the UK e-Science Community, where two different deployments for Client-Server distributed systems are demonstrated. Scenarios and experiments for each deployment have been described, with its advantages and disadvantages compared and analyzed. We conclude that our first deployment is more relevant for system administrators or developers, and the second deployment is more suitable for usersâ perspective which they can send and check job status for hundred job submissions
Comparison of advanced authorisation infrastructures for grid computing
The widespread use of grid technology and distributed compute power, with all its inherent benefits, will only be established if the use of that technology can be guaranteed efficient and secure. The predominant method for currently enforcing security is through the use of public key infrastructures (PKI) to support authentication and the use of access control lists (ACL) to support authorisation. These systems alone do not provide enough fine-grained control over the restriction of user rights, necessary in a dynamic grid environment. This paper compares the implementation and experiences of using the current standard for grid authorisation with Globus - the grid security infrastructure (GSI) - with the role-based access control (RBAC) authorisation infrastructure PERMIS. The suitability of these security infrastructures for integration with regard to existing grid technology is presented based upon experiences within the JISC-funded DyVOSE project
Sharing large data collections between mobile peers
New directions in the provision of end-user computing experiences mean that we need to determine the best way to share data between small mobile computing devices. Partitioning large structures so that they can be shared efficiently provides a basis for data-intensive applications on such platforms. In conjunction with such an approach, dictionary-based compression techniques provide additional benefits and help to prolong battery life
- âŠ