Presentation is loading. Please wait.

Presentation is loading. Please wait.

XML Security.

Published byIsaias Jolls Modified over 10 years ago

Similar presentations

Presentation on theme: "XML Security."— Presentation transcript:

1 XML Security

2 Outline Security requirements for web data. Basic concepts of XML
Security policies for XML data protection and release Access control mechanisms for XML data XML-based specification of security informaiton XML security: future trends

3 Web Data: Protection Requirements
The web is becoming the main information dissemination means for many organizations Strong need for models and mechanisms enabling the specification and enforcement of security policies for web data protection and release

4 Web Data In the web environment, information distribution often takes the form of documents that are made available at Web servers, or that are actively broadcasted by Web servers to interested clients Documents may also be exchanged among the various servers

5 Web Docs: Protection Requirements
Web documents may have a nested or hierarchical, inter-linked structure Different portions of the same document may have different protection requirements We need a wide spectrum of protection granularity levels

6 Web Docs: Protection Requirements
Web documents may have an associated description of their structure: DTDs and XML Schemas for XML documents Data models for describing the logical organization of data into web pages Policies specified both at the schema and at the instance level

7 Web Docs: Protection Requirements
Documents with the same type and structure may have contents of different sensitivity degree: Policies that take the document content into account (content-based policies)

8 Web Docs: Protection Requirements
Supporting fine-grained policies could lead to the specification of a, possibly high, number of access control policies: Need of mechanisms for exception management and authorization propagation

9 Web Docs: Protection Requirements
Heterogeneity of subjects: Subjects accessing a web source may be characterized by different skills and needs and may dynamically change Conventional identity-based access control schemes are not enough Credentials based on subject characteristics and qualifications

10 Web Docs: Protection Requirements
In a web environment the traditional on user-demand mode of performing access control is not enough: Security policies enforcing both the pull and push dissemination modes

11 Dissemination Policies
Request Web Data Source PULL View Web Data Source PUSH

12 Outline Security requirements for web data Basic concepts of XML
Security policies for XML data protection and release Access control mechanisms for XML data XML-based specification of security information XML security: future trends

13 Why XML? Because XML is becoming a standard for data representation over the web XML compatibility is thus an important requirement for security policies, models and mechanisms for Web data sources

14 XML Building blocks of XML are tagged elements that can be nested at any depth in the document structure Each tagged element has zero or more subelements and zero or more attributes Elements can be linked by means of IDREF(S) attributes Optional presence of a DTD/XMLSchema for describing the structure of documents (well-formed vs valid documents)

15 An XML Document <WorldLawBulletin Date=“8/8/1999”>
<Law Country=“USA” RelatedLaws = “LK75”/> <Topic>Taxation</Topic> <Summary>...</Summary> </Law> <Law Id=“LK75” Country=“Italy”/> <Topic>Import-Export</Topic> <Summary>...</Summary> <BluePageReport> <Section GeoArea=“Europe”> <Law Country=“Germany”/> <Topic>Guns</Topic> <Summary>...</Summary> ... </Section> <Section GeoArea=“NorthAmerica”> <Law Country=“USA”/> <Topic>Transportation</Topic> <Summary>...</Summary> </BluePageReport> </WorldLawBulletin>

16 Graph Representation ... &1 &2 &7 &3 &4 &5 &6 &8 &9 &10 &13 &11 &12
WordLawBulletin &1 {(Date,”08/08/1999”)} Law BluePageReport Law {(Country,”USA”)} {(Country,”Italy”)} RelatedLaws &2 LK75 &7 Summary Section Section Topic Summary Topic {(GeoArea,E.)} &3 &4 &5 &6 &8 &9 {(GeoArea,”NorthA.”)} Law Law Import-Export ... Taxation {(Country,”Germany”)} &10 &13 {(Country,”USA”)} Summary Topic Summary Topic &11 &12 &14 &15 Guns Transportation

17 An XML DTD <!DOCTYPE WorldLawBulletin[
<!ELEMENT WorldLawBulletin (Law*,BluePageReport?)> <!ELEMENT Law (Topic,Summary)> <!ELEMENT Topic (#PCDATA)> <!ELEMENT Summary ANY> <!ELEMENT BluePageReport (Section+)> <!ELEMENT Section (Law+)> <!ATTLIST WorldLawBulletin Date CDATA #REQUIRED> <!ATTLIST Law Id ID #REQUIRED Country CDATA #REQUIRED RelatedLaws IDREFS #IMPLIED> <!ATTLIST Section GeoArea CDATA #REQUIRED> ]>

18 XML & Security Two main issues:
Development of access control models, techniques, mechanisms, and systems for protecting XML documents Use of XML to specify security relevant information, (organizational policies, subject credentials, authentication information, encrypted contents)

19 The Author-X Project Buona sera mi chiamo Cristina Ronchi
Le mie relatrici sono le professoresse Bertino Ferrari e Castano La mia tesi ha studiato e sviluppato uno strumento per il controllo degli accessi a documenti XML

20 Author-X Java-based system for XML data sources protection
Security policy design and administration Credential-based access control to XML document sources Secure document dissemination and update

21 Author-X ACPs Set-oriented and document-oriented policies
Positive and negative policies at different granularity levels, to enforce differentiated protection of XML documents and DTDs Controlled propagation of access rights ACPs reflect user profiles through credential-based qualifications As I said before X-access provides access control to documents in the XML source. The access control model provided by X-author is a very flexible and expressive discretionary access control model whose distinguished features are first that it provides both set-oriented and document oriented protection in that it supports the specification of authorizations both at the document and at the DTD level. This is a useful feature because sometimes a whole set of documents has the same protection requirements but sometimes we need to apply different access control policies to the same document because it contains information with different sensitivity degreased. Then, it provides a differentiated protection of XML documents and DTD contents since it supports both positive and negative authorizations and multi-granularity protection objects, which are specified on the basis of the graph structure of XML docs and DTDs. Finally, it provides a controlled propagation of authorizations among protection objects at different granularity levels, by enforcing a variety of propagation options

22 Enforcing access control
Subject specification Protection object specification Privilege Propagation option

23 Subject Specification
User Identifiers OR Subject credential: credential expression Ex: X.age > 21 Programmer(X) and X.country=“Italy”

24 Protection Object Specification
Identify the portions of a document(s) to which the authorization applies. We want to allow users to specify authorizations ranging from sets of documents to single elements/attributes within documents specification on DTD or documents [{doc|*}|{DTD|#}].[pathOfElem|ElemIds].[Attrs|links]

25 Privileges read browsing navigate write authoring append delete

26 Propagation option NO PROPAGATION

27 Propagation option FIRST LEVEL

28 Propagation option CASCADE

29 Examples of authorization rules
P1 = ((LLoC Employee or European Division Employee), WorldLawBulletin.Law, browse_all, *) this authorization rule authorizes the LLoC and European Division Employees to view all laws (not contained in the BluePageReport element) in all instances of WorldLawBulletin relations among laws, that is, RelatedLaws attributes, are also displayed

30 Examples of authorization rules
P4 = (European Division Employee, (WorldLawBulletin.BluePageReport.Section, GeoArea = Europe), browse_all, *) this authorization rule authorizes the European Division Employees to view the section pertaining to Europe of the BluePageReport in all instances of WorldLawBulletin

31 XML Source user SA access request view administrative operations
Author-X X-Access X-Admin DOM / XQL Let us now start to see the architecture of our system. Author-X is building on top Excelon. Excelon is an XML data server for building web applications. Excelon manages and XML stores where XML data can be indexed and manipulated and queried using the XQL language. We have enhanced the Excelon document server with Author_X for providing access control to the data in the xmlstore. The main components of our architecture are: -- the XMLstore which is organized in two components, the XML source, storing XML documents to be protected and associated DTDs, and the X-Authorization Base which stores authorization rules -- the second building block of our architecture is the author-x core which is composed of two server extensions written in Java. X-access implements access control on the XML source, on the basis of the authorizations stored into X-authorization base, whereas the X-admin components provide supports for administrative operations (protection of new documente entering the source and thinks like that). Users and SA interact with Author-x-core by means of specific user applications, or through the web using eXcelon explorer or a web server extension. So now I’ll describe the main components of author-x, that is, X-access and X-admin starting from X-access Encrypted doc.base X-Bases Policy base Credential base XML Source

32 X-Access The access control component of Author-X enabling:
The enforcement of access control policies on top of an XML source Pull and push dissemination modes Client-Server architecture Excelon XML server

33 Information Pull - Architecture
Internet Browser CLIENT DTD query XML VIEW Internet Web Server Excelon Server Server Extension (X-Access) XML Parser XQL X-Path Excelon File System XML source SERVER

34 Access Control Pruning Query XML document user Pruned XML document
Policy base Credential base Pruning Query XML document user Pruned XML document In base a questo autorizzazioni il documento originale viene potato degli elementi a cui l’utente non ha accesso. Sul documento così filtrato viene eseguita la query. In base alla query all’utente viene restituita una vista risultante. Resulting view XML source

35 Access request Target Document User Password query

36 Query result Query result

37 Push Dissemination Mode
Since: Different subjects -> different views Wide range of protection granularities High number of subjects Number of views can be too large There is thus the need to integrate in the XML Publisher mechanisms enabling both pull and push distribution of XML documents. The Ph.D. activity has focused mainly on the support for the push distribution mode. The main problem in supporting information push is that, since different subjects may have privilege to see different, selected portions of the same document, it may entail generating different physical views of the same document and sending them to the proper subjects. Moreover, due the possible high number of subjects accessing an XML Publisher service and the wide range of protection granularities, the number of such views may become rather large and thus such an approach cannot be practically applied. Due to these reasons in the Ph.D. activity we have investigate the use of the encryption techniques to efficiently support information push. Solution-> Encryption Techniques

38 Push Dissemination Mode
The approach is based on encrypting different portions of the same document with different keys The same (encrypted) copy is then broadcasted to all subjects Each subject only receives the key(s) for the portions he/she is enabled to see

39 Information Push - Main Issues
How to encrypt the documents in a source Which and how many keys should be distributed to which subjects How to securely and efficiently distribute keys to subjects in such a way that keys are received only by the entitled subjects

40 How to Encrypt Documents
Document encryption is driven by the specified access control policies: all the document portions to which the same access control policies apply are encrypted with the same key Thus, to determine which keys should be sent to a particular subject it is only necessary to verify which are the access control policies that apply to that subject and then sending the keys associated with these policies

41 P2 P1,P3 P3 Well-Formed Encryption &1 &13 &9 &7 &6 &4 &3 &2 &8 &10 &12
&5 &10 &12 &11 &14 &15 &16 P1,P3 P2 P3

42 P2 Node encrypted with key K1 P1,P3 P1,P3 P3 P1,P3 P1,P3 P1,P3 P1,P3
Well-Formed Encryption P2 &1 Node encrypted with key K1 &2 P1,P3 &5 P1,P3 &8 &3 &4 &6 &7 P3 &9 &13 P1,P3 P1,P3 P1,P3 P1,P3 P3 &10 &14 &11 &12 &15 &16

43 P2 P1,P3 P1,P3 P3 P1,P3 P1,P3 P1,P3 P1,P3 P3 Nodes encrypted
Well-Formed Encryption P2 &1 &2 P1,P3 &5 P1,P3 &8 &3 &4 &6 &7 P3 &9 &13 P1,P3 P1,P3 P1,P3 P1,P3 P3 &10 &14 Nodes encrypted with key K2 &11 &12 &15 &16

44 P2 P1,P3 P1,P3 P3 P1,P3 P1,P3 P1,P3 P1,P3 P3 Nodes encrypted
Well-Formed Encryption P2 &1 &2 P1,P3 &5 P1,P3 &8 &3 &4 &6 &7 P3 &9 &13 P1,P3 P1,P3 P1,P3 P1,P3 P3 &10 &14 Nodes encrypted with key K3 &11 &12 &15 &16

45 P2 P1,P3 P1,P3 P3 P1,P3 P1,P3 P1,P3 P1,P3 P3 Nodes encrypted
Well-Formed Encryption P2 &1 &2 P1,P3 &5 P1,P3 &8 &3 &4 &6 &7 P3 &9 &13 P1,P3 P1,P3 P1,P3 P1,P3 P3 &10 &14 Nodes encrypted with key Kd &11 &12 &15 &16

46 P2 P1,P3 P1,P3 P3 P1,P3 P1,P3 P1,P3 P1,P3 P3 P1 K2 P2 K1 P3 K2, K3
Well-Formed Encryption P2 &1 &2 P1,P3 &5 P1,P3 &8 &3 &4 &6 &7 P3 &9 &13 P1,P3 P1,P3 P1,P3 P1,P3 P3 &10 &14 P1 K2 P2 K1 &11 &12 &15 &16 P3 K2, K3

47 Key Management Key assignment scheme such that: Benefits:
From the key associated with a policy P1 it is possible to derive the keys associated with all the policy configurations containing P1 Benefits: The system should manage in the worst case a number of keys equal to the size of the Policy Base Each subject receives a key for each policy he/she satisfies

48 Key Distribution Two modes:
Online: the XML source delivers both the keys and the encrypted document to subjects Offline: subjects retrieve the keys through further interactions with the XML source (LDAP directory)

49 Outline Security requirements for web data Basic concepts of XML
Security policies for XML data protection and release Access control mechanisms for XML data XML-based specification of security information XML security: future trends

50 Why? It allows a uniform protection of XML documents and their security-related information It facilitates the export and exchange of security information

51 Goals Definition of an XML-based language for specifying security-related information for web documents: Subject credentials Access control policies for web documents satisfying the previously stated requirements An example: X-Sec the XML-based language developed in the framework of Author-X

52 X-Sec Credentials Credentials with similar structure are grouped into credential types A credential is a set of simple and composite properties Credential types DTDs Credentials XML documents

53 X-Sec credential type <!DOCTYPE carrier_employee[
<!ELEMENT carrier_employee (name,address,phone_number*, ?, company)> <!ELEMENT name (fname,lname)> <!ELEMENT address (#PCDATA)> <!ELEMENT phone_number (#PCDATA)> <!ELEMENT (#PCDATA)> <!ELEMENT company (#PCDATA)> <!ATTLIST carrier_employee credID ID #REQUIRED cIssuer CDATA #REQUIRED> ]>

54 X-Sec credential <carrier_employee credID=“154”,CIssuer=“CA16”>
<name> <fname> Bob </fname> <lname> Watson </lname> </name> <address> 24 Baker Street </address> <phone_number> </phone_number> < > </ > <company> UPS </company> </carrier_employee>

55 X-Profiles To simplify credential evaluation all the credentials a subject possesses are collected into an X-profile

56 X-profile <X-profile sbjID=“bw585”,PIssuer=“CA16”>
<carrier_employee credID=“154”,CIssuer=“CA16”> <name> <fname> Bob </fname> <lname> Watson </lname> </name> <address> 24 Baker Street </address> <phone_number> </phone_number> < > </ > <company> UPS </company> </carrier_employee> <stockholder credID=“254”,CIssuer=“CA16”> <name> … </name> <company> <name> Paragon </name> <stocknumber> 400 </stocknumber> <stockvalue> $1000 </stockvalue> </company> </stockholder> </X-profile>

57 X-Sec Policy Specification
XML template for specifying credential-based access control policies The template is as general as possible to be able to model access control policies for a variety of web documents (e.g., HTML, XML)

58 X-Sec Policy Base Template
<!DOCTYPE policyBase[ <!ELEMENT policyBase (policySpec)*> <!ELEMENT policySpec (subject, object, priv, type, prop)> <!ELEMENT subject (userID*|credential)> <!ELEMENT object EMPTY> <!ELEMENT priv EMPTY> <!ELEMENT type EMPTY> <!ELEMENT prop EMPTY> <!ELEMENT userID EMPTY> <!ELEMENT credential EMPTY> <!ATTLIST userID id CDATA #REQUIRED> <!ATTLIST credential targetCredType CDATA #REQUIRED credExpr CDATA IMPLIED> <!ATTLIST object target CDATA #REQUIRED path CDATA #REQUIRED> <!ATTLIST priv value CDATA #REQUIRED> <!ATTLIST type value CDATA #REQUIRED> <!ATTLIST prop value CDATA #REQUIRED> ]>

59 Instantiation for XML Sources
<policyBase> <policySpec> <subject><credential targetCredType="ACMmember"/></subject> <object>< target="SigmodRecord.xml" path="/issues"/></object> <priv value="READ"/> <type value="grant"/> <prop value="cascade"/> </policySpec> <subject><credential targetCredType="noACMmember"/></subject> <object>< target="SigmodRecord.xml" path ="/issues/issuesTuple/articles/ articlesTuple/abstract"/></object> <priv value="READ"/> <type value="deny"/> <prop value="no_prop"/> </policyBase>

60 Outline Security requirements for web data Basic concepts of XML
Security policies for XML data protection and release Access control mechanisms for XML data XML-based specification of security information XML security: future trends

61 Research Trends Secure publishing of XML documents:
A new class of information-centered applications based on Data dissemination Possible scenarios: Information commerce: digital libraries, electronic news Intra-company information systems Security requirements: Confidentiality Integrity Authenticity Completeness

62 Traditional Architecture
Secure Publishing Subject Information Owner Traditional Architecture The Owner is the producer of information It specifies access control policies It answers to subject queries

63 Third-Party Architecture
Publisher Docs Query View Subject Owner Subscription The Publisher is responsible for managing (a portion of) the Owner information and for answering subject queries Benefits: Scalability No Bottleneck

64 Main References B. Dournee, XML Security, RSA Press, 2002.
E. Bertino, B. Carminati, E. Ferrari, and B. Thuraisingham, XML Security, Addison-Wesley, in preparation.

65 Main References E. Bertino and E. Ferrari. Secure and Selective Dissemination of XML Documents, ACM Trans. on Information System and Security, to appear E. Bertino, S. Castano, e E. Ferrari. Author- X: a Comprehensive System for Securing XML Documents, IEEE Internet Computing, May 2001 E. Bertino, S. Castano, e E. Ferrari. Securing XML Documents: the Author-X Project Demonstration, Proc. of the ACM SIGMOD Conference 2001 E. Bertino, S. Castano, E. Ferrari, M. Mesiti. Specifying and Enforcing Access Control Policies for XML Document Sources. World Wide Web Journal, 3(3), 2000

66 Main References Web sites:
The XML Security Page: xml/security.html OASIS Consortium: World Wide Web Consortium:

Download ppt "XML Security."

Similar presentations

How to Set Up a System for Teaching Files, Conferences, and Clinical Trials Medical Imaging Resource Center.

How to Set Up a System for Teaching Files, Conferences, and Clinical Trials Medical Imaging Resource Center.
SafetyFirsts Customer-Only Web Site Resources A Green Light to Safety Research, Articles, Specialty Reports & Training Presentations.

SafetyFirsts Customer-Only Web Site Resources A Green Light to Safety Research, Articles, Specialty Reports & Training Presentations.
XML: Extensible Markup Language

XML: Extensible Markup Language
UDDI v3.0 (Universal Description, Discovery and Integration)

UDDI v3.0 (Universal Description, Discovery and Integration)
RDF Tutorial.

RDF Tutorial.
Web Services Nasrullah. Motivation about web service There are number of programms over the internet that need to communicate with other programms over.

Web Services Nasrullah. Motivation about web service There are number of programms over the internet that need to communicate with other programms over.
Demonstrators: Mudasir Nazir(08-CS-41).  I am highly addicted to this field.  Working with W3C in research program(building CSS for creating web site.

Demonstrators: Mudasir Nazir(08-CS-41).  I am highly addicted to this field.  Working with W3C in research program(building CSS for creating web site.
Database Systems: Design, Implementation, and Management Tenth Edition

Database Systems: Design, Implementation, and Management Tenth Edition
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 22 World Wide Web and HTTP.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 22 World Wide Web and HTTP.
Project 1 Introduction to HTML.

Project 1 Introduction to HTML.
XACML 2.0 and Earlier Hal Lockhart, Oracle. What is XACML? n XML language for access control n Coarse or fine-grained n Extremely powerful evaluation.

XACML 2.0 and Earlier Hal Lockhart, Oracle. What is XACML? n XML language for access control n Coarse or fine-grained n Extremely powerful evaluation.
OCT1 Principles From Chapter One of “Distributed Systems Concepts and Design”

OCT1 Principles From Chapter One of “Distributed Systems Concepts and Design”
1 COS 425: Database and Information Management Systems XML and information exchange.

1 COS 425: Database and Information Management Systems XML and information exchange.
Elisa Bertino Dept. of Computer Science University of Milano Page 1 Author-X Secure and selective access and flexible distribution mechanisms for XML documents.

Elisa Bertino Dept. of Computer Science University of Milano Page 1 Author-X Secure and selective access and flexible distribution mechanisms for XML documents.
System Analysis and Design

System Analysis and Design
Chapter 14 Database Connectivity and Web Technologies

Chapter 14 Database Connectivity and Web Technologies
2° cycle degree programme (lm) in Telecommunications Engineering Principles Models and Applications for Distributed Systems Prof. Maurelio Boari

2° cycle degree programme (lm) in Telecommunications Engineering Principles Models and Applications for Distributed Systems Prof. Maurelio Boari
1st Project Introduction to HTML.

1st Project Introduction to HTML.
Understanding Active Directory

Understanding Active Directory
4/20/2017.

4/20/2017.

Similar presentations

Ads by Google