Dynamic access-control policies on XML encrypted data

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Dynamic access-control policies on XML encrypted data

Full text

Pdf (583 KB)

Source

ACM Transactions on Information and System Security (TISSEC) archive
Volume 10 , Issue 4 (January 2008) table of contents

Article No. 4

Year of Publication: 2008

ISSN:1094-9224

Authors

Luc Bouganim	INRIA Rocquencourt and PRiSM Laboratory, Le Chesnay Cedex, France; University of Versailles, Versailles Cedex, France
Francois Dang Ngoc	INRIA Rocquencourt and PRiSM Laboratory, Le Chesnay Cedex, France; University of Versailles, Versailles Cedex, France
Philippe Pucheral	INRIA Rocquencourt and PRiSM Laboratory, Le Chesnay Cedex, France; University of Versailles, Versailles Cedex, France

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 24, Downloads (12 Months): 306, Citation Count: 0

Additional Information:

abstract references index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/1284680.1284684 What is a DOI?

ABSTRACT

The erosion of trust put in traditional database servers and in Database Service Providers and the growing interest for different forms of selective data dissemination are different factors that lead to move the access-control from servers to clients. Different data encryption and key dissemination schemes have been proposed to serve this purpose. By compiling the access-control rules into the encryption process, all these methods suffer from a static way of sharing data. With the emergence of hardware security elements on client devices, more dynamic client-based access-control schemes can be devised. This paper proposes a tamper-resistant client-based XML access-right controller supporting flexible and dynamic access-control policies. The access-control engine is embedded in a hardware-secure device and, therefore, must cope with specific hardware resources. This engine benefits from a dedicated index to quickly converge toward the authorized parts of a potentially streaming XML document. Pending situations (i.e., where data delivery is conditioned by predicates, which apply to values encountered afterward in the document stream) are handled gracefully, skipping, whenever possible the pending elements and reassembling relevant parts when the pending situation is solved. Additional security mechanisms guarantee that (1) the input document is protected from any form of tampering and (2) no forbidden information can be gained by replay attacks on different versions of the XML document and of the access-control rules. Performance measurements on synthetic and real datasets demonstrate the effectiveness of the approach. Finally, the paper reports on two experiments conducted with a prototype running on a secured hardware platform.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Martín Abadi , Bogdan Warinschi, Security analysis of cryptographically controlled access to XML documents, Proceedings of the twenty-fourth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems, June 13-15, 2005, Baltimore, Maryland [doi>10.1145/1065167.1065182]
	2	Selim G. Akl , Peter D. Taylor, Cryptographic solution to a problem of access control in a hierarchy, ACM Transactions on Computer Systems (TOCS), v.1 n.3, p.239-248, August 1983 [doi>10.1145/357369.357372]
	3	Sihem Amer-Yahia , SungRan Cho , Laks V. S. Lakshmanan , Divesh Srivastava, Minimization of tree pattern queries, Proceedings of the 2001 ACM SIGMOD international conference on Management of data, p.497-508, May 21-24, 2001, Santa Barbara, California, United States
	4	Arion, A., Bonifati, A., Costa, G., D'Aguanno, S., Manolescu, I., and Puglies, A. 2004. Efficient query evaluation over compressed data. In Proceedings of the 9th Extending Database Technology (EDBT) International Conference. Heraklion, Greece.
	5	Axalto E-Gate. 2004. Worldwide USB smartcard developer contest. 2nd ed. held at CTST, Washington, DC. http://www.egateopen.axalto.com.
	6	Axalto Simagine 2005. Worldwide Mobile Communication and Java Card^TM developer contest. 6th ed. held at 3GSM, Cannes, France. http://www.simagine.axalto.com.
	7	Axalto. SIMera---Classic SIM Card. http://www.axalto.com/wireless/classic.asp.
	8	R. J. Bayardo , D. Gruhl , V. Josifovski , J. Myllymaki, An evaluation of binary xml encoding optimizations for fast stream based xml processing, Proceedings of the 13th international conference on World Wide Web, May 17-20, 2004, New York, NY, USA [doi>10.1145/988672.988719]
	9	Bertino, E., Castano, S., and Ferrari, E. 2001. Securing XML documents with Author-X. In Proceedings of the IEEE International Conference on Internet Computing.
	10	Birget, J.-C., Zou, X., Noubir, G., and Ramamurthy, B. 2001. Hierarchy-based access-control in distributed environments. In Proceedings of the IEEE International Conference on Communication (ICC), Saint Petersbourg, Russia.
	11	Luc Bouganim , Philippe Pucheral, Chip-secured data access: confidential data on untrusted servers, Proceedings of the 28th international conference on Very Large Data Bases, p.131-142, August 20-23, 2002, Hong Kong, China
	12	Luc Bouganim , Cosmin Cremarenco , François Dang Ngoc , Nicolas Dieu , Philippe Pucheral, Safe data sharing and data dissemination on smart devices, Proceedings of the 2005 ACM SIGMOD international conference on Management of data, June 14-16, 2005, Baltimore, Maryland [doi>10.1145/1066157.1066276]
	13	Peter Buneman , Martin Grohe , Christoph Koch, Path queries on compressed XML, Proceedings of the 29th international conference on Very large data bases, p.141-152, September 09-12, 2003, Berlin, Germany
	14	Barbara Carminati , Elena Ferrari , Elisa Bertino, Securing XML data in third-party distribution systems, Proceedings of the 14th ACM international conference on Information and knowledge management, October 31-November 05, 2005, Bremen, Germany [doi>10.1145/1099554.1099575]
	15	Efficient Filtering of XML Documents with XPath Expressions, Proceedings of the 18th International Conference on Data Engineering, p.235, February 26-March 01, 2002
	16	Ramaswamy Chandramouli, Application of XML tools for enterprise-wide RBAC implementation tasks, Proceedings of the fifth ACM workshop on Role-based access control, p.11-18, July 26-28, 2000, Berlin, Germany [doi>10.1145/344287.344297]
	17	Tao-Ku Chang , Gwan-Hwan Hwang, Using the Extension Function of XSLT and DSL to Secure XML Documents, Proceedings of the 18th International Conference on Advanced Information Networking and Applications, p.556, March 29-31, 2004
	18	Yi Chen , George A. Mihaila , Susan B. Davidson , Sriram Padmanabhan, EXPedite: a system for encoded XML processing, Proceedings of the thirteenth ACM international conference on Information and knowledge management, November 08-13, 2004, Washington, D.C., USA [doi>10.1145/1031171.1031190]
	19	SungRan Cho , Sihem Amer-Yahia , Laks V. S. Lakshmanan , Divesh Srivastava, Optimizing the secure evaluation of twig queries, Proceedings of the 28th international conference on Very Large Data Bases, p.490-501, August 20-23, 2002, Hong Kong, China
	20	Computer Security Institute. 2003. CSI/FBI computer crime and security survey. http://www.gocsi.com/forms/fbi/pdf.html.
	21	Ernesto Damiani , Sabrina De Capitani di Vimercati , Stefano Paraboschi , Pierangela Samarati, A fine-grained access control system for XML documents, ACM Transactions on Information and System Security (TISSEC), v.5 n.2, p.169-202, May 2002 [doi>10.1145/505586.505590]
	22	P. Devanbu , M. Gertz , A. Kwong , C. Martel , G. Nuckolls , S. G. Stubblebine, Flexible authentication of XML documents, Proceedings of the 8th ACM conference on Computer and Communications Security, November 05-08, 2001, Philadelphia, PA, USA [doi>10.1145/501983.502003]
	23	Diao, Y. and Franklin, M. 2003. High-performance XML filtering: An overview of filter. In Proceedings of the 20th IEEE International Conference on Data Engineering (ICDE), Bangalore, India.
	24	Anas Abou El Kalam , Salem Benferhat , Alexandre Miège , Rania El Baida , Frédéric Cuppens , Claire Saurel , Philippe Balbiani , Yves Deswarte , Gilles Trouessin, Organization based access control, Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks, p.120, June 04-06, 2003
	25	Wenfei Fan , Chee-Yong Chan , Minos Garofalakis, Secure XML querying with security views, Proceedings of the 2004 ACM SIGMOD international conference on Management of data, June 13-18, 2004, Paris, France [doi>10.1145/1007568.1007634]
	26	Béatrice Finance , Saïda Medjdoub , Philippe Pucheral, The case for access control on XML relationships, Proceedings of the 14th ACM international conference on Information and knowledge management, October 31-November 05, 2005, Bremen, Germany [doi>10.1145/1099554.1099576]
	27	Alban Gabillon, An authorization model for XML databases, Proceedings of the 2004 workshop on Secure web service, p.16-28, October 29-29, 2004, Fairfax, Virginia [doi>10.1145/1111348.1111351]
	28	Todd J. Green , Ashish Gupta , Gerome Miklau , Makoto Onizuka , Dan Suciu, Processing XML streams with deterministic automata and stream indexes, ACM Transactions on Database Systems (TODS), v.29 n.4, December 2004 [doi>10.1145/1042046.1042051]
	29	Hakan Hacigümüş , Bala Iyer , Chen Li , Sharad Mehrotra, Executing SQL over encrypted data in the database-service-provider model, Proceedings of the 2002 ACM SIGMOD international conference on Management of data, June 03-06, 2002, Madison, Wisconsin [doi>10.1145/564691.564717]
	30	He Jingmin , Min Wang, Cryptography and Relational Database Management Systems, Proceedings of the International Database Engineering & Applications Symposium, p.273-284, July 16-18, 2001
	31	Neil J. Henderson , Neil M. White , Pieter H. Hartel, iButton Enrolment and Verification Requirements for the Pressure Sequence Smartcard Biometric, Proceedings of the International Conference on Research in Smart Cards: Smart Card Programming and Security, p.124-134, September 19-21, 2001
	32	John E. Hopcroft , Rajeev Motwani , Jeffrey D. Ullman, Introduction to Automata Theory, Languages, and Computation (3rd Edition), Addison-Wesley Longman Publishing Co., Inc., Boston, MA, 2006
	33	Michiharu Kudo , Satoshi Hada, XML document security based on provisional authorization, Proceedings of the 7th ACM conference on Computer and communications security, p.87-96, November 01-04, 2000, Athens, Greece [doi>10.1145/352600.352613]
	34	Alfred J. Menezes , Scott A. Vanstone , Paul C. Van Oorschot, Handbook of Applied Cryptography, CRC Press, Inc., Boca Raton, FL, 1996
	35	Ralph C. Merkle, A certified digital signature, Proceedings on Advances in cryptology, p.218-238, July 1989, Santa Barbara, California, United States
	36	Microsoft, Windows Microsoft Media 9. http://www.microsoft.com/windows/windowsmedia/.
	37	Gerome Miklau , Dan Suciu, Containment and equivalence for an XPath fragment, Proceedings of the twenty-first ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems, June 03-05, 2002, Madison, Wisconsin [doi>10.1145/543613.543623]
	38	Gerome Miklau , Dan Suciu, Controlling access to published data using cryptography, Proceedings of the 29th international conference on Very large data bases, p.898-909, September 09-12, 2003, Berlin, Germany
	39	Ng, W., Ooi, B., Tan, K., and Zhou, A. 2003. Peerdb: A p2p-based system for distributed data sharing. In Proceedings of the IEEE International Conference on Data Engineering, Bangalore, India.
	40	ODRL. The Open Digital Rights Language Initiative. http://odrl.net/.
	41	Feng Peng , Sudarshan S. Chawathe, XPath queries on streaming data, Proceedings of the 2003 ACM SIGMOD international conference on Management of data, June 09-12, 2003, San Diego, California [doi>10.1145/872757.872810]
	42	Indrakshi Ray , Indrajit Ray , Natu Narasimhamurthi, A cryptographic solution to implement access control in a hierarchy and more, Proceedings of the seventh ACM symposium on Access control models and technologies, June 03-04, 2002, Monterey, California, USA [doi>10.1145/507711.507723]
	43	Indrakshi Ray , Indrajit Ray, Using Compatible Keys for Secure Multicasting in E-Commerce, Proceedings of the 16th International Parallel and Distributed Processing Symposium, p.327, April 15-19, 2002
	44	SAX Project. Simple API for XML. http://www.saxproject.org/.
	45	Schneier, B. 1996. Applied Cryptography, 2nd ed., Wiley, New York.
	46	SmartRight. The SmartRight Content Protection System. http://www.smartright.org/
	47	TCPA. Trusted computing platform alliance. http://www.trustedcomputing.org/
	48	XGRIND: A Query-Friendly XML Compressor, Proceedings of the 18th International Conference on Data Engineering, p.225, February 26-March 01, 2002
	49	ToXgene. The ToX XML Data Generator. http://www.cs.toronto.edu/tox/toxgene/.
	50	UW XML. UW XML Data Repository. http://www.cs.washington.edu/research/xmldatasets/.
	51	Radek Vingralek, GnatDb: a small-footprint, secure database system, Proceedings of the 28th international conference on Very Large Data Bases, p.884-893, August 20-23, 2002, Hong Kong, China
	52	W3C DOM. DOM: Document Object Model. http://www.w3.org/DOM.
	53	W3C PICS. PICS: Platform for Internet Content Selection. http://www.w3.org/PICS.
	54	W3C XMLENC. XML Encryption Requirements, http://www.w3.org/TR/xml-encryption-req
	55	XACML. OASIS eXtensible access-control Markup Language (XACML). http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-core-spec-os.pdf.
	56	XRML. XrML eXtendible rights Markup Language. http://www.xrml.org/