Flexible authentication of XML documents

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Flexible authentication of XML documents

Full text

Pdf (219 KB)

Source

Conference on Computer and Communications Security archive
Proceedings of the 8th ACM conference on Computer and Communications Security table of contents

Philadelphia, PA, USA

Session: Secure Data Publishing and Certificate Management table of contents

Pages: 136 - 145

Year of Publication: 2001

ISBN:1-58113-385-5

Authors

P. Devanbu	University of California, Davis, CA
M. Gertz	University of California, Davis, CA
A. Kwong	University of California, Davis, CA
C. Martel	University of California, Davis, CA
G. Nuckolls	University of California, Davis, CA
S. G. Stubblebine	Stubblebine Consulting, LLC, Madison, NJ

Sponsor

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 7, Downloads (12 Months): 33, Citation Count: 18

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/501983.502003 What is a DOI?

ABSTRACT

XML is increasingly becoming the format of choice for information exchange, in critical areas such as government, finance, healthcare and law, where integrity is of the essence. As this trend grows, one can expect that documents (or collections thereof) may get quite large, and clients may wish to query for specific segments of these documents. In critical applications, clients must be assured that they are getting complete and correct answers to their queries. Existing methods for signing XML documents cannot be used to establish that an answer to a query is complete. A simple approach has a server processing queries and certifying answers by digitally signing them with an on-line private key; however, the server, and its on-line private key, would be vulnerable to external hacking and insider attacks. We propose a new approach to signing XML documents which allows untrusted servers to answer certain types of path queries and selection queries over XML documents without the need for trusted on-line signing keys. This approach enhances both the security and scalability of publishing information in XML format over the internet. In addition, it provides greater flexibility in authenticating parts of XML documents, in response to commercial or security policy considerations.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Serge Abiteboul , Peter Buneman , Dan Suciu, Data on the Web: from relations to semistructured data and XML, Morgan Kaufmann Publishers Inc., San Francisco, CA, 1999
	2	Serge Abiteboul , Victor Vianu, Regular path queries with constraints, Proceedings of the sixteenth ACM SIGACT-SIGMOD-SIGART symposium on Principles of database systems, p.122-133, May 11-15, 1997, Tucson, Arizona, United States [doi>10.1145/263661.263676]
	3	Angela Bonifati , Stefano Ceri, Comparative analysis of five XML query languages, ACM SIGMOD Record, v.29 n.1, p.68-79, March 2000 [doi>10.1145/344788.344822]
	4	Ahto Buldas , Peeter Laud , Helger Lipmaa, Accountable certificate management using undeniable attestations, Proceedings of the 7th ACM conference on Computer and communications security, p.9-17, November 01-04, 2000, Athens, Greece [doi>10.1145/352600.352604]
	5	J.Clark:XSL Transformation (XSLT),Version 1.0. W3C Recommendation,Nov 1999.
	6	J.Cowan:XML Information Set.W3C Working Draft,March 2001.
	7	J.Clark,S.DeRose:XML Path Language (XPath). W3C Recommendation,Nov 1999.
	8	Ernesto Damiani , Sabrina De Capitani di Vimercati , Stefano Paraboschi , Pierangela Samarati, XML Access Control Systems: A Component-Based Approach, Proceedings of the IFIP TC11/ WG11.3 Fourteenth Annual Working Conference on Database Security: Data and Application Security, Development and Directions, p.39-50, August 21-23, 2000
	9	Ernesto Damiani , Sabrina De Capitani di Vimercati , Stefano Paraboschi , Pierangela Samarati, Securing XML Documents, Proceedings of the 7th International Conference on Extending Database Technology: Advances in Database Technology, p.121-135, March 27-31, 2000
	10	Premkumar T. Devanbu , Michael Gertz , Charles U. Martel , Stuart G. Stubblebine, Authentic Third-party Data Publication, Proceedings of the IFIP TC11/ WG11.3 Fourteenth Annual Working Conference on Database Security: Data and Application Security, Development and Directions, p.101-112, August 21-23, 2000
	11	Digest Values for DOM (DOMHASH).RFC2803, http://www.land .eld.com/rfcs/rfc2803.html,April 2000.
	12	Dongwon Lee , Wesley W. Chu, Comparative analysis of six XML schema languages, ACM SIGMOD Record, v.29 n.3, p.76-87, Sept. 2000 [doi>10.1145/362084.362140]
	13	D.Eastlake,J.Reagle,D.Solo:XML -Signature Syntax and Processing,Internet Draft,www.ietf.org/- internet-drafts/draft-ietf-xmldsig-core-2-00.txt
	14	D.C.Fallside:XML Schema Part 0:Primer.W3C Recommendation,Ma 2001.
	15	M.T.Goodrich,R.Tamassia,and A.Schwerin: Implementation of an Authenticated Dictionary with Skip Lists and Commutative Hashing,In DISCEX II , 2001 (also U.S.Patent Filing ).
	16	Dan Gusfield, Algorithms on strings, trees, and sequences: computer science and computational biology, Cambridge University Press, New York, NY, 1997
	17	C.Martel,G.Nuckolls,P.Devanbu,M.Gertz,A. Kwong,S.Stubblebine,General Model for Authentic Data Publication, www.cs.ucdavis.edu/ ~devanbu/.les/model-paper.pdf
	18	Ralph C. Merkle, A certified digital signature, Proceedings on Advances in cryptology, p.218-238, July 1989, Santa Barbara, California, United States
	19	M.Naor and K.Nissim.Certi .cate Revocation and Certi .cate Update.In Proceedings,7th USENIX Security Symposium ,1999.

CITED BY 18

	Ernesto Damiani , Sabrina De Capitani di Vimercati , Stefano Paraboschi , Pierangela Samarati, A fine-grained access control system for XML documents, ACM Transactions on Information and System Security (TISSEC), v.5 n.2, p.169-202, May 2002
	Premkumar Devanbu , Michael Gertz , Charles Martel , Stuart G. Stubblebine, Authentic data publication over the internet, Journal of Computer Security, v.11 n.3, p.291-314, 1 March 2003
	Daniel J. Polivy , Roberto Tamassia, Authenticating distributed data using Web services and XML signatures, Proceedings of the 2002 ACM workshop on XML security, November 22-22, 2002, Fairfax, VA
	Barbara Carminati , Elena Ferrari , Elisa Bertino, Securing XML data in third-party distribution systems, Proceedings of the 14th ACM international conference on Information and knowledge management, October 31-November 05, 2005, Bremen, Germany
	Laurence Bull , Peter Stanski , David McG. Squire, Content extraction signatures using XML digital signatures and custom transforms on-demand, Proceedings of the 12th international conference on World Wide Web, May 20-24, 2003, Budapest, Hungary
	Cheng Peng , Robert H. Deng , Yongdong Wu , Weizhong Shao, A flexible and scalable authentication scheme for JPEG2000 image codestreams, Proceedings of the eleventh ACM international conference on Multimedia, November 02-08, 2003, Berkeley, CA, USA
	Marina Bykova , Mikhail Atallah, Succinct specifications of portable document access policies, Proceedings of the ninth ACM symposium on Access control models and technologies, June 02-04, 2004, Yorktown Heights, New York, USA
	Elisa Bertino , Barbara Carminati , Elena Ferrari , Bhavani Thuraisingham , Amar Gupta, Selective and Authentic Third-Party Distribution of XML Documents, IEEE Transactions on Knowledge and Data Engineering, v.16 n.10, p.1263-1278, October 2004
	Marina Blanton , Mikhail J. Atallah, Provable bounds for portable and flexible privacy-preserving access, Proceedings of the tenth ACM symposium on Access control models and technologies, June 01-03, 2005, Stockholm, Sweden
	Glen Nuckolls , Chip Martel , Stuart Stubblebine, Certifying data from multiple sources [Extended Abstract], Proceedings of the 4th ACM conference on Electronic commerce, June 09-12, 2003, San Diego, CA, USA
	Andrei Stoica , Csilla Farkas, Ontology guided XML security engine, Journal of Intelligent Information Systems, v.23 n.3, p.209-223, November 2004
	Shen-Tat Goh , HweeHwa Pang , Robert H. Deng , Feng Bao, Three architectures for trusted data dissemination in edge computing, Data & Knowledge Engineering, v.58 n.3, p.381-409, September 2006
	Bogdan C. Popescu , Bruno Crispo , Andrew S. Tanenbaum, Secure data replication over untrusted hosts, Proceedings of the 9th conference on Hot Topics in Operating Systems, p.21-21, May 18-21, 2003, Lihue, Hawaii
	Richard T. Snodgrass , Shilong Stanley Yao , Christian Collberg, Tamper detection in audit logs, Proceedings of the Thirtieth international conference on Very large data bases, p.504-515, August 31-September 03, 2004, Toronto, Canada
	Luc Bouganim , Francois Dang Ngoc , Philippe Pucheral, Dynamic access-control policies on XML encrypted data, ACM Transactions on Information and System Security (TISSEC), v.10 n.4, p.1-37, January 2008
	Marina Blanton , Mikhail Atallah, Succinct representation of flexible and privacy-preserving access rights, The VLDB Journal — The International Journal on Very Large Data Bases, v.15 n.4, p.334-354, November 2006
	Sarvjeet Singh , Sunil Prabhakar, Ensuring correctness over untrusted private database, Proceedings of the 11th international conference on Extending database technology: Advances in database technology, March 25-29, 2008, Nantes, France
	Ashish Kundu , Elisa Bertino, Structural signatures for tree data structures, Proceedings of the VLDB Endowment, v.1 n.1, August 2008