Securing XML Documents with AuthorX - PowerPoint PPT Presentation

1 / 48
About This Presentation
Title:

Securing XML Documents with AuthorX

Description:

Elena Ferrari University of Como. Presented by. Michael Alexandrou. OUTLINE ... XML provides for fine granularity of information retrieval because the elements ... – PowerPoint PPT presentation

Number of Views:252
Avg rating:3.0/5.0
Slides: 49
Provided by: ITS8167
Category:

less

Transcript and Presenter's Notes

Title: Securing XML Documents with AuthorX


1
Securing XML Documents with Author-X
  • Elisa Bertino University of Milan
  • Silvana Castano University of Milan
  • Elena Ferrari University of Como
  • Presented by
  • Michael Alexandrou

2
OUTLINE
  • Introduction of the problem, introduction
  • of the java based Author- X system.
  • Credential-Based Security policies
  • System Architecture
  • X-Access Dissemination modes
  • X-Admin Facilities
  • Conclusion

3
Introduction
  • XML provides for fine granularity of information
    retrieval because the elements of an XML document
    can be retrieved by XML Queries directly and
    independently
  • Fine granularity requires mechanisms to control
    the access at the varying levels of the document
  • The setting is a typical three tier architecture

4
(No Transcript)
5
Introduction (continued)
  • Author-X is a java based system developed at the
    University of Milans Department of Information
    Science
  • Author-X addresses the security issues of access
    control and policy design of XML documents

6
Author-X
  • Support for the specification of security
    policies at varying granularity levels
  • Support for the specification of user credentials
  • Support for content based access control
  • Support for controlled release of XML documents
    according to the Push Dissemination and Pull
    Dissemination Modes
  • Document updates are distributed through hash
    functions and digital signature techniques

7
Author-X (continued)
  • In general security policies state who can access
    what under what conditions
  • In Author-X security policies
  • Can be set-oriented or instance-
  • oriented
  • Can be positive or negative
  • Include options for controlled
  • propagation of access rights
  • Include Credential based qualifications
  • for users

8
Credential based Security Policies
  • Six components implement the security policies of
    Author-X. These are
  • User Credentials
  • Protection Objects
  • Access Modes
  • Signs
  • Propagation Options
  • Policy Base

9
User credentials
  • Credentials are a set of properties relevant to
    security policies
  • Credential Type is a group of credentials with
    similar structures
  • Credentials and Credential Types are encoded by
    an XML language
  • XPath expressions that set conditions on
    credentials and credential properties can be used
    to qualify a user

10
User credentials (continued)
  • The XPath
  • //carrier_employeecompany CCX
  • selects all carrier employees that work for
  • the company CCX. These employees are
  • assigned credentials when subscribe to
  • the system as the Figure 2 shows
  • XPath is a language for finding information in an
    XML document. XPath is used to navigate through
    elements and attributes in an XML document

11
User credentials (continued)
  • XPath treats XML documents as trees of nodes
  • XPath uses path expressions to select nodes or
    node-sets in an XML document
  • Path expressions look very much like the
    expressions you see when you work with a
    traditional computer file system

12
(No Transcript)
13
User credentials (continued)
  • For the rest of the presentation we follow the
    example of the paper. This setting refers to a
    purchase order XML document
  • The root element is purchase_order
  • Children of root
  • Item, Customer, Carrier
  • Attributes of root
  • Date, OrderId

14
(No Transcript)
15
Protection Objects
  • All instances of a given DTD
  • Collections of XML documents (well formed or
    valid)
  • Selected portions within one or more documents
    (such as elements, attributes, or links or a set
    of any of these)
  • Author-X allows the security administrator to
    overwrite the security policy applied on a
    protection object

16
Access Modes
  • Browsing
  • Allows a user to read information on a
  • protection object or navigate through its
  • links
  • Authoring
  • Allows a user to modify (append, write,
  • delete, insert) protection objects




17
Signs
  • Permission or Denial
  • This feature allows the security administrator to
    overwrite a policy on a protection object
  • Author-X uses strongest-policy principle to solve
    conflicts
  • Policies on specific documents prevail
  • those in DTD
  • Policies on lower level prevail those on
  • higher level

18
Propagation Options
  • Implicit (automatically)
  • DTD-level policies propagate to
  • instances
  • Policies on specific document or DTD
  • element propagate to all associate
  • attributes and links

19
Propagation Options (continued)
  • Explicit (are stated explicitly)
  • NO_PROP
  • FIRST_LEVEL
  • CASCADE
  • The security administrator can overwrite
  • the implicit options of propagation

20
Policy Base
  • All security policies for an XML source are
    encoded in an XML file called policy base
  • In Figure 4 there are five security policies in
    the policy base file
  • policy_base is the root of the document
  • policy_spec is an element
  • cred_expr, path (attrs of policy_spec)
  • have values XPath expressions

21
Policy Base (continued)
  • target, priv, type, prop are all attributes of
    policy_spec with values that reflect the security
    policies
  • Example, the first element on Figure 4 encodes
    the policy that allows the secretaries of the
    sales department to modify and browse all
    purchase orders
  • documents

22
(No Transcript)
23
System Architecture
  • XML source
  • X-bases repositories
  • X-Access
  • X-Admin

24
(No Transcript)
25
X-bases repositories
  • Policy base
  • Contains the security policies for the
  • documents and DTDs
  • Credential base
  • Contains the user credentials and
  • credential types
  • Encrypted document base
  • Contains encrypted copy of portions
  • of the documents in XML source

26
X-bases repositories (continued)
  • Credentials, credential types, and security types
    are encoded in XML
  • XML makes them interoperable with one another
  • XML facilitates secure submission and
    distribution of them
  • XML simplifies information exportation from one
    source to another

27
Java Components
  • X-Access implements the access control
  • X-Access uses security policies and credentials
    to implement access control
  • There are two modes in X-Access
  • Pull-Mode and Push-Mode Operations
  • X-Admin Facilities
  • Provides tools to assist the security
  • administrator in managing policies and
  • credentials

28
Pull-Modes Operations
  • Release of view upon request
  • User submits
  • r
  • Subject is the user requesting, target is the
    requested XML doc, path is the XPath expr that
    selects the portions of the requested doc and
    acc_modality is the type of access requested
    (browsing or authoring)

29
Pull-Modes Operations (continued)
  • Pruning phase. X-Access queries the policy base
    for all browsing or authoring (depending on the
    request) policies on the target XML doc
  • If query returns empty access denied otherwise
    the algorithm iteratively considers each policy
    and marks the elements and attributes with or
    -.

30
Pull-Modes Operations (continued)
  • The minus signs and the unmarked are pruned from
    the target view and the path expression is
    evaluated against the doc
  • Example
  • rderID2030/item, browsing
  • The target doc is Purchase_order.xml

31
Pull-Modes Operations (continued)
  • XPath is //Purchase_order_at_orderID2030/item
  • Mode is browsing
  • Querying the policy base file in Figure 4 we
    select only the browsing (view) mode and then
    reject the minus signs (deny). We are left with 3
    policies and applying these policies on the
    Purchase_order.xml we end up with a pruned doc.
    We evaluate the XPath against the pruned doc and
    select all item elements and date

32
(No Transcript)
33
Push-Modes Operations
  • System Periodically broadcasts to viewers
  • Different viewers have different viewing rights
  • Instead of generating different views of
    different users Author-X generates the same view
    to all subjects with encrypting different
    portions of it with different keys for different
    security policies.
  • Push-Modes Operations for both browsing and
    authoring access

34
Browsing access for Push mode
  • From the policy base in Figure 4
  • All secretaries will receive all keys K1,K2,K3,K4
    because they have browsing access to all portions
  • All carrier employees will receive K1 - browsing
    rights to date and customer
  • All publicity agents will receive K3,K4
    browsing rights to purchase order, description

35
(No Transcript)
36
Browsing access for Push mode (continued)
  • Two different key distribution methods
  • Online (Documents and keys together)
  • Offline (keys are retrieved through further
    interactions with the system
  • Two different ways of online key distribution
  • One way is to place all keys with the doc in one
    package

37
Browsing access for Push mode (continued)
  • Every user gets the same package, then with
    his/her private unlocks his keys to decrypt the
    corresponding portions
  • A great number of users means great number of
    keys
  • All keys in one place. One could delete keys and
    launch a denial of service attack

38
Browsing access for Push mode (continued)
  • The second way of online key distribution is to
    send the keys to subjects with secure email
    technique
  • In the offline mode only the encrypted doc is
    sent to the users
  • Keys are stored at the server using the
    Lightweight Directory Access Protocol

39
Authoring access for Push mode
  • In the case where XML documents flow from one
    subject to another along a predefined
    distributed and cooperative update path the
    following authoring access is achieved Encrypted
    document with respective keys are sent to all
    users. Users use the key to decrypt received
    document and can modify only the authorized
    portions

40
Authoring access for Push mode (continued)
  • Example monthly report might first be modified
    by a secretary, for example, then signed by a
    manager, and passed along up the chain of
    command.

41
(No Transcript)
42
X-Admin Facilities
  • There are two tools to assist the security
    administrator
  • Credential manager. Supports the sec. admn. in
    specifying and maintaining credential types and
    associated credentials
  • Policy Manager. Supports the sec. admn. in
    specifying the security policies, with
    specification forms

43
X-Admin Facilities (continued)
  • Credential Manager and Policy Manager are build
    on top of five facilities
  • The Document/DTD viewer. Displays target XML
    documents or DTD. Similar to conventional XML
    editing and parsing tools
  • The Policy viewer. Displays the users and the XML
    documents related to a given policy

44
X-Admin Facilities (continued)
  • The propagation viewer. Displays all policies on
    a given target document by using all explicit and
    implicit propagation principles
  • The Conflict viewer. Shows all policy conflicts
    for the target document or DTD and also shows the
    default conflict resolution based on the
    strongest-policy principle

45
X-Admin Facilities (continued)
  • The Credential viewer. Displays the structure of
    credential types and user credentials, provides
    an editing environment for specifying credential
    expressions

46
(No Transcript)
47
X-Admin Facilities (continued)
  • Because documents and security-related
    information are specified in XML syntax, viewer
    facilities work internally on document object
    model (DOM) representations
  • Document Object Model. A platform- and
    language-neutral interface that allows programs
    and scripts to dynamically access and update the
    content, structure and style of documents

48
Conclusion
  • The authors believe that XML is the most standard
    for information exchange and interoperability
  • XML access control will constitute the core
    security mechanism of web based enterprise
    archtectures
Write a Comment
User Comments (0)
About PowerShow.com