Presentation is loading. Please wait.

Presentation is loading. Please wait.

Pag. 1 XML Security. Pag. 2 Outline Security requirements for web data. Basic concepts of XML Security policies for XML data protection and release Access.

Similar presentations


Presentation on theme: "Pag. 1 XML Security. Pag. 2 Outline Security requirements for web data. Basic concepts of XML Security policies for XML data protection and release Access."— Presentation transcript:

1 Pag. 1 XML Security

2 Pag. 2 Outline Security requirements for web data. Basic concepts of XML Security policies for XML data protection and release Access control mechanisms for XML data XML-based specification of security informaiton XML security: future trends

3 Pag. 3 Web Data: Protection Requirements The web is becoming the main information dissemination means for many organizations Strong need for models and mechanisms enabling the specification and enforcement of security policies for web data protection and release

4 Pag. 4 Web Data In the web environment, information distribution often takes the form of documents that are made available at Web servers, or that are actively broadcasted by Web servers to interested clients Documents may also be exchanged among the various servers

5 Pag. 5 Web Docs: Protection Requirements Web documents may have a nested or hierarchical, inter-linked structure Different portions of the same document may have different protection requirements We need a wide spectrum of protection granularity levels

6 Pag. 6 Web Docs: Protection Requirements Web documents may have an associated description of their structure: –DTDs and XML Schemas for XML documents –Data models for describing the logical organization of data into web pages Policies specified both at the schema and at the instance level

7 Pag. 7 Web Docs: Protection Requirements Documents with the same type and structure may have contents of different sensitivity degree: Policies that take the document content into account (content-based policies)

8 Pag. 8 Web Docs: Protection Requirements Supporting fine-grained policies could lead to the specification of a, possibly high, number of access control policies: Need of mechanisms for exception management and authorization propagation

9 Pag. 9 Web Docs: Protection Requirements Heterogeneity of subjects: –Subjects accessing a web source may be characterized by different skills and needs and may dynamically change –Conventional identity-based access control schemes are not enough Credentials based on subject characteristics and qualifications

10 Pag. 10 Web Docs: Protection Requirements In a web environment the traditional on user-demand mode of performing access control is not enough: Security policies enforcing both the pull and push dissemination modes

11 Pag. 11 Web Data Source PULL PUSH Request Web Data Source View Dissemination Policies

12 Pag. 12 Outline Security requirements for web data Basic concepts of XML Security policies for XML data protection and release Access control mechanisms for XML data XML-based specification of security information XML security: future trends

13 Pag. 13 Why XML? Because XML is becoming a standard for data representation over the web XML compatibility is thus an important requirement for security policies, models and mechanisms for Web data sources

14 Pag. 14 XML Building blocks of XML are tagged elements that can be nested at any depth in the document structure Each tagged element has zero or more subelements and zero or more attributes Elements can be linked by means of IDREF(S) attributes Optional presence of a DTD/XMLSchema for describing the structure of documents (well- formed vs valid documents)

15 Taxation... Import-Export... Guns Transportation An XML Document

16 Pag. 16 Graph Representation &1 &9&8&6&5&4&3 &2&7 LK75 &10 &12&11 &13 &14&15 WordLawBulletin Law Summary Section Topic BluePageReport Law Topic Summary Section {(Country,”USA”)}... {(Country,”Germany”)}{(Country,”USA”)} {(GeoArea,”NorthA.”)} {(GeoArea,E.)} {(Country,”Italy”)} Taxation GunsTransportation Import-Export {(Date,”08/08/1999”)} RelatedLaws

17 An XML DTD ]>

18 Pag. 18 XML & Security Two main issues: 1.Development of access control models, techniques, mechanisms, and systems for protecting XML documents 2.Use of XML to specify security relevant information, (organizational policies, subject credentials, authentication information, encrypted contents)

19 Pag. 19 The Author-X Project

20 Pag. 20 Author-X Java-based system for XML data sources protection Security policy design and administration Credential-based access control to XML document sources Secure document dissemination and update

21 Pag. 21 Author-X ACPs Set-oriented and document-oriented policies Positive and negative policies at different granularity levels, to enforce differentiated protection of XML documents and DTDs Controlled propagation of access rights ACPs reflect user profiles through credential- based qualifications

22 Pag. 22 Enforcing access control Subject specification Protection object specification Privilege Propagation option

23 Pag. 23 Subject Specification User Identifiers OR Subject credential: credential expression Ex: X.age > 21 Programmer(X) and X.country=“Italy”

24 Pag. 24 Protection Object Specification Identify the portions of a document(s) to which the authorization applies. We want to allow users to specify authorizations ranging from –sets of documents –to single elements/attributes within documents specification on DTD or documents [{doc|*}|{DTD|#}].[pathOfElem|ElemIds].[Attrs|links]

25 Pag. 25 Privileges read browsing navigate write authoringappend delete

26 Pag. 26 Propagation option NO PROPAGATION

27 Pag. 27 Propagation option FIRST LEVEL

28 Pag. 28 Propagation option CASCADE

29 Pag. 29 Examples of authorization rules P1 = ((LLoC Employee or European Division Employee), WorldLawBulletin.Law, browse_all, *) this authorization rule authorizes the LLoC and European Division Employees to view all laws (not contained in the BluePageReport element) in all instances of WorldLawBulletin relations among laws, that is, RelatedLaws attributes, are also displayed

30 Pag. 30 Examples of authorization rules P4 = (European Division Employee, (WorldLawBulletin.BluePageReport.Section, GeoArea = Europe), browse_all, *) this authorization rule authorizes the European Division Employees to view the section pertaining to Europe of the BluePageReport in all instances of WorldLawBulletin

31 Pag. 31 access request view administrative operations user SA Author-X DOM/XQL X-Bases XML Source Credential base Policy base Encrypted doc.base X-Access X-Admin

32 Pag. 32 The access control component of Author-X enabling: –The enforcement of access control policies on top of an XML source –Pull and push dissemination modes Client-Server architecture Excelon XML server X-Access

33 Pag. 33 Excelon File System XML source Information Pull - Architecture XML ParserXQLX-Path Server Extension (X-Access) Excelon Server Web Server XML VIEW DTD Internet Browser CLIENT SERVER query query Internet

34 Pag. 34 Access Control userQuery Resulting view XML document XML source Pruned XML document Pruning Policy base Credential base

35 Pag. 35 Access requestUser Password Target Document query

36 Pag. 36 Query result

37 Pag. 37 Push Dissemination Mode Since: –Different subjects -> different views –Wide range of protection granularities –High number of subjects Number of views can be too large Solution-> Encryption Techniques

38 Pag. 38 Push Dissemination Mode The approach is based on encrypting different portions of the same document with different keys The same (encrypted) copy is then broadcasted to all subjects Each subject only receives the key(s) for the portions he/she is enabled to see

39 Pag. 39 Information Push - Main Issues How to encrypt the documents in a source Which and how many keys should be distributed to which subjects How to securely and efficiently distribute keys to subjects in such a way that keys are received only by the entitled subjects

40 Pag. 40 How to Encrypt Documents Document encryption is driven by the specified access control policies: all the document portions to which the same access control policies apply are encrypted with the same key Thus, to determine which keys should be sent to a particular subject it is only necessary to verify which are the access control policies that apply to that subject and then sending the keys associated with these policies

41 Pag. 41 &1 &13&9&7&6&4&3 &2&8 &5 &10 &12&11 &14 &15&16 P1,P3 P2 P1,P3 P3 P1,P3 Well-Formed Encryption

42 Pag. 42 Node encrypted with key K1 &1 &13&9&7&6&4&3 &2&8 &5 &10 &12&11 &14 &15&16 P1,P3 P2 P1,P3 P3 P1,P3 Well-Formed Encryption

43 Pag. 43 Nodes encrypted with key K2 &1 &13&9&7&6&4&3 &2&8 &5 &10 &12&11 &14 &15&16 P1,P3 P2 P1,P3 P3 P1,P3 Well-Formed Encryption

44 Pag. 44 Nodes encrypted with key K3 &13&7&6&4&3 &2&8 &5 &12&11 &14 &15&16 P1,P3 P2 P1,P3 P3 P1,P3 &1 &9 &10 Well-Formed Encryption

45 Pag. 45 Nodes encrypted with key Kd &13 &8 &12&11 &14 &15&16 P1,P3 P2 P1,P3 P3 P1,P3 &9&7&6&4&3 &2 &5 &10 &1 Well-Formed Encryption

46 Pag. 46 &13 &8 &12&11 &14 &15&16 P1,P3 P2 P1,P3 P3 P1,P3 P1K2 P2K1 P3K2, K3 &9&7&6&4&3 &2 &5 &10 &1 Well-Formed Encryption

47 Pag. 47 Key Management Key assignment scheme such that: –From the key associated with a policy P1 it is possible to derive the keys associated with all the policy configurations containing P1 Benefits: –The system should manage in the worst case a number of keys equal to the size of the Policy Base –Each subject receives a key for each policy he/she satisfies

48 Pag. 48 Key Distribution Two modes: –Online: the XML source delivers both the keys and the encrypted document to subjects –Offline: subjects retrieve the keys through further interactions with the XML source (LDAP directory)

49 Pag. 49 Outline Security requirements for web data Basic concepts of XML Security policies for XML data protection and release Access control mechanisms for XML data XML-based specification of security information XML security: future trends

50 Pag. 50 Why? It allows a uniform protection of XML documents and their security-related information It facilitates the export and exchange of security information

51 Pag. 51 Goals Definition of an XML-based language for specifying security-related information for web documents: –Subject credentials –Access control policies for web documents satisfying the previously stated requirements An example: X-Sec the XML-based language developed in the framework of Author-X

52 Pag. 52 X-Sec Credentials Credentials with similar structure are grouped into credential types A credential is a set of simple and composite properties Credential types DTDs Credentials XML documents

53 X-Sec credential type ]>

54 Bob Watson 24 Baker Street UPS X-Sec credential

55 Pag. 55 X-Profiles To simplify credential evaluation all the credentials a subject possesses are collected into an X-profile

56 Bob Watson 24 Baker Street UPS … Paragon 400 $1000 … X-profile

57 Pag. 57 X-Sec Policy Specification XML template for specifying credential- based access control policies The template is as general as possible to be able to model access control policies for a variety of web documents (e.g., HTML, XML)

58 Pag. 58 X-Sec Policy Base Template

59 Pag. 59 Instantiation for XML Sources < target="SigmodRecord.xml" path ="/issues/issuesTuple/articles/ articlesTuple/abstract"/>

60 Pag. 60 Outline Security requirements for web data Basic concepts of XML Security policies for XML data protection and release Access control mechanisms for XML data XML-based specification of security information XML security: future trends

61 Pag. 61 Research Trends Secure publishing of XML documents: –A new class of information-centered applications based on Data dissemination –Possible scenarios: Information commerce: digital libraries, electronic news Intra-company information systems Security requirements: –Confidentiality –Integrity –Authenticity –Completeness

62 Pag. 62 Secure Publishing The Owner is the producer of information It specifies access control policies It answers to subject queries

63 Pag. 63 Third-Party Architecture The Publisher is responsible for managing (a portion of) the Owner information and for answering subject queries Benefits: Scalability No Bottleneck Publisher Docs Query View Subject Owner Subscription

64 Pag. 64 Main References B. Dournee, XML Security, RSA Press, E. Bertino, B. Carminati, E. Ferrari, and B. Thuraisingham, XML Security, Addison-Wesley, in preparation.

65 Pag. 65 Main References E. Bertino and E. Ferrari. Secure and Selective Dissemination of XML Documents, ACM Trans. on Information System and Security, to appear E. Bertino, S. Castano, e E. Ferrari. Author- X: a Comprehensive System for Securing XML Documents, IEEE Internet Computing, May 2001 E. Bertino, S. Castano, e E. Ferrari. Securing XML Documents: the Author-X Project Demonstration, Proc. of the ACM SIGMOD Conference 2001 E. Bertino, S. Castano, E. Ferrari, M. Mesiti. Specifying and Enforcing Access Control Policies for XML Document Sources. World Wide Web Journal, 3(3), 2000

66 Pag. 66 Main References Web sites: –The XML Security Page: siegen.de/~geuer-pollmann/ xml/security.html –OASIS Consortium: –World Wide Web Consortium:


Download ppt "Pag. 1 XML Security. Pag. 2 Outline Security requirements for web data. Basic concepts of XML Security policies for XML data protection and release Access."

Similar presentations


Ads by Google