Bài giảng Bảo mật CSDL - Chap 12: XML Security

Pag. 1XML Security Pag. 2OutlineSecurity requirements for web data. Basic concepts of XMLSecurity policies for XML data protection and release Access control mechanisms for XML dataXML-based specification of security informaitonXML security: future trendsPag. 3Web Data: Protection RequirementsThe web is becoming the main informaiton dissemination means for many organizations Strong need for models and mechanisms enabling the specification and enforcement of security policies for web data protection and releasePag. 4Web DataIn the web environment, information distribution often takes the form of documents that are made available at Web servers, or that are actively broadcasted by Web servers to interested clientsDocuments may also be exchanged among the various serversPag. 5Web Docs: Protection RequirementsWeb documents may have a nested or hierarchical, inter-linked structureDifferent portions of the same document may have different protection requirements We need a wide spectrum of protection granularity levelsPag. 6Web Docs: Protection RequirementsWeb documents may have an associated description of their structure:DTDs and XML Schemas for XML documentsData models for describing the logical organization of data into web pagesPolicies specified both at the schema and at the instance levelPag. 7Web Docs: Protection RequirementsDocuments with the same type and structure may have contents of different sensitivity degree:Policies that take the document content into account (content-based policies)Pag. 8Web Docs: Protection RequirementsSupporting fine-grained policies could lead to the specification of a, possibly high, number of access control policies: Need of mechanisms for exception management and authorization propagationPag. 9Web Docs: Protection RequirementsHeterogeneity of subjects:Subjects accessing a web source may be characterized by different skills and needs and may dynamically changeConventional identity-based access control schemes are not enough Credentials based on subject characteristics and qualifications Pag. 10Web Docs: Protection RequirementsIn a web environment the traditional on user-demand mode of performing access control is not enough: Security policies enforcing both the pull and push dissemination modesPag. 11Web DataSource PULL PUSHRequestWeb DataSourceViewDissemination PoliciesPag. 12OutlineSecurity requirements for web dataBasic concepts of XMLSecurity policies for XML data protection and releaseAccess control mechanisms for XML dataXML-based specification of security informationXML security: future trendsPag. 13Why XML?Because XML is becoming a standard for data representation over the webXML compatibility is thus an important requirement for security policies, models and mechanisms for Web data sources Pag. 14XMLBuilding blocks of XML are tagged elements that can be nested at any depth in the document structureEach tagged element has zero or more subelements and zero or more attributesElements can be linked by means of IDREF(S) attributesOptional presence of a DTD/XMLSchema for describing the structure of documents (well-formed vs valid documents) Taxation ... Import-Export ... Guns ... ... Transportation ... ... An XML DocumentPag. 16Graph Representation&1&9&8&6&5&4&3&2&7LK75&10&12&11&13&14&15WordLawBulletinLawLawSummarySectionTopicBluePageReportLawLawTopicTopicTopicSummarySummarySummarySection{(Country,”USA”)}...{(Country,”Germany”)}{(Country,”USA”)}{(GeoArea,”NorthA.”)}{(GeoArea,E.)}{(Country,”Italy”)}TaxationGunsTransportationImport-Export{(Date,”08/08/1999”)}RelatedLawsAn XML DTD ]>Pag. 18XML & Security Two main issues:Development of access control models, techniques, mechanisms, and systems for protecting XML documentsUse of XML to specify security relevant information, (organizational policies, subject credentials, authentication information, encrypted contents)Pag. 19The Author-X ProjectPag. 20Author-X Java-based system for XML data sources protectionSecurity policy design and administration Credential-based access control to XML document sourcesSecure document dissemination and updatePag. 21Author-X ACPsSet-oriented and document-oriented policiesPositive and negative policies at different granularity levels, to enforce differentiated protection of XML documents and DTDs Controlled propagation of access rightsACPs reflect user profiles through credential-based qualificationsPag. 22Enforcing access controlSubject specificationProtection object specificationPrivilegePropagation optionPag. 23Subject SpecificationUser IdentifiersORSubject credential: credential expressionEx: X.age > 21 Programmer(X) and X.country=“Italy”Pag. 24Protection Object SpecificationIdentify the portions of a document(s) to which the authorization applies.We want to allow users to specify authorizationsranging from sets of documentsto single elements/attributes within documents specification on DTD or documents [{doc|*}|{DTD|#}].[pathOfElem|ElemIds].[Attrs|links]Pag. 25Privileges readbrowsing navigate writeauthoring append deletePag. 26Propagation optionNO PROPAGATIONPag. 27Propagation optionFIRST LEVELPag. 28Propagation optionCASCADEPag. 29Examples of authorization rulesP1 = ((LLoC Employee or European Division Employee), WorldLawBulletin.Law, browse_all, *) this authorization rule authorizes the LLoC and EuropeanDivision Employees to view all laws (not contained in theBluePageReport element) in all instances of WorldLawBulletin relations among laws, that is, RelatedLaws attributes,are also displayed Pag. 30Examples of authorization rulesP4 = (European Division Employee, (WorldLawBulletin.BluePageReport.Section, GeoArea = Europe), browse_all, *) this authorization rule authorizes the EuropeanDivision Employees to view the section pertaining to Europe of the BluePageReport in all instances of WorldLawBulletin Pag. 31access requestviewadministrative operationsuserSAAuthor-XDOM/XQLX-BasesXML SourceCredentialbasePolicybaseEncrypteddoc.base X-Access X-AdminPag. 32The access control component of Author-X enabling:The enforcement of access control policies on top of an XML sourcePull and push dissemination modesClient-Server architectureExcelon XML serverX-Access Pag. 33Excelon File SystemXML sourceInformation Pull - ArchitectureXML ParserXQLX-PathServer Extension (X-Access)Excelon ServerWeb ServerXMLVIEWDTDInternet BrowserCLIENTSERVER queryInternetPag. 34Access ControluserQueryResulting viewXML documentXML sourcePruned XML documentPruningPolicy baseCredential basePag. 35Access requestUserPasswordTarget DocumentqueryPag. 36Query resultQuery resultPag. 37Push Dissemination ModeSince:Different subjects -> different viewsWide range of protection granularitiesHigh number of subjectsNumber of views can be too largeSolution-> Encryption TechniquesPag. 38Push Dissemination ModeThe approach is based on encrypting different portions of the same document with different keysThe same (encrypted) copy is then broadcasted to all subjectsEach subject only receives the key(s) for the portions he/she is enabled to seePag. 39Information Push - Main IssuesHow to encrypt the documents in a sourceWhich and how many keys should be distributed to which subjects How to securely and efficiently distribute keys to subjects in such a way that keys are received only by the entitled subjectsPag. 40How to Encrypt DocumentsDocument encryption is driven by the specified access control policies: all the document portions to which the same access control policies apply are encrypted with the same keyThus, to determine which keys should be sent to a particular subject it is only necessary to verify which are the access control policies that apply to that subject and then sending the keys associated with these policiesPag. 41&1&13&9&7&6&4&3&2&8&5&10&12&11&14&15&16P1,P3P1,P3P2P1,P3P1,P3P3P3P1,P3P1,P3Well-Formed EncryptionPag. 42Node encrypted with key K1&1&13&9&7&6&4&3&2&8&5&10&12&11&14&15&16P1,P3P1,P3P2P1,P3P1,P3P3P3P1,P3P1,P3Well-Formed EncryptionPag. 43Nodes encrypted with key K2&1&13&9&7&6&4&3&2&8&5&10&12&11&14&15&16P1,P3P1,P3P2P1,P3P1,P3P3P3P1,P3P1,P3Well-Formed EncryptionPag. 44Nodes encrypted with key K3&13&7&6&4&3&2&8&5&12&11&14&15&16P1,P3P1,P3P2P1,P3P1,P3P3P3P1,P3P1,P3&1&9&10Well-Formed EncryptionPag. 45Nodes encrypted with key Kd&13&8&12&11&14&15&16P1,P3P1,P3P2P1,P3P1,P3P3P3P1,P3P1,P3&9&7&6&4&3&2&5&10&1Well-Formed EncryptionPag. 46&13&8&12&11&14&15&16P1,P3P1,P3P2P1,P3P1,P3P3P3P1,P3P1,P3P1K2P2K1P3K2, K3&9&7&6&4&3&2&5&10&1Well-Formed EncryptionPag. 47Key ManagementKey assignment scheme such that:From the key associated with a policy P1 it is possible to derive the keys associated with all the policy configurations containing P1Benefits:The system should manage in the worst case a number of keys equal to the size of the Policy BaseEach subject receives a key for each policy he/she satisfiesPag. 48Key DistributionTwo modes:Online: the XML source delivers both the keys and the encrypted document to subjectsOffline: subjects retrieve the keys through further interactions with the XML source (LDAP directory) Pag. 49OutlineSecurity requirements for web dataBasic concepts of XMLSecurity policies for XML data protection and releaseAccess control mechanisms for XML dataXML-based specification of security informationXML security: future trendsPag. 50Why?It allows a uniform protection of XML documents and their security-related informationIt facilitates the export and exchange of security informationPag. 51GoalsDefinition of an XML-based language for specifying security-related information for web documents:Subject credentialsAccess control policies for web documents satisfying the previously stated requirements An example: X-Sec the XML-based language developed in the framework of Author-XPag. 52X-Sec CredentialsCredentials with similar structure are grouped into credential typesA credential is a set of simple and composite propertiesCredential types DTDsCredentials XML documentsX-Sec credential type ]> Bob Watson 24 Baker Street 8005769840 bwatson@ups.com UPS X-Sec credentialPag. 55X-ProfilesTo simplify credential evaluation all the credentials a subject possesses are collected into an X-profile Bob Watson 24 Baker Street 8005769840 bwatson@ups.com UPS Paragon 400 $1000 X-profilePag. 57X-Sec Policy SpecificationXML template for specifying credential-based access control policiesThe template is as general as possible to be able to model access control policies for a variety of web documents (e.g., HTML, XML)Pag. 58]>X-Sec Policy Base TemplatePag. 59Instantiation for XML Sources Pag. 60OutlineSecurity requirements for web dataBasic concepts of XMLSecurity policies for XML data protection and releaseAccess control mechanisms for XML dataXML-based specification of security informationXML security: future trendsPag. 61Research TrendsSecure publishing of XML documents:A new class of information-centered applications based on Data disseminationPossible scenarios:Information commerce: digital libraries, electronic newsIntra-company information systemsSecurity requirements:ConfidentialityIntegrityAuthenticityCompletenessPag. 62Secure PublishingSubjectInformation OwnerTraditional ArchitectureThe Owner is the producer of information It specifies access control policies It answers to subject queriesPag. 63Third-Party ArchitectureThe Publisher is responsible for managing (a portion of) the Owner information and for answering subject queriesBenefits:ScalabilityNo Bottleneck PublisherDocsQueryViewSubjectOwnerSubscriptionPag. 64Main ReferencesB. Dournee, XML Security, RSA Press, 2002.E. Bertino, B. Carminati, E. Ferrari, and B. Thuraisingham, XML Security, Addison-Wesley, in preparation.Pag. 65Main ReferencesE. Bertino and E. Ferrari. Secure and Selective Dissemination of XML Documents, ACM Trans. on Information System and Security, to appearE. Bertino, S. Castano, e E. Ferrari. Author- X: a Comprehensive System for Securing XML Documents, IEEE Internet Computing, May 2001E. Bertino, S. Castano, e E. Ferrari. Securing XML Documents: the Author-X Project Demonstration, Proc. of the ACM SIGMOD Conference 2001E. Bertino, S. Castano, E. Ferrari, M. Mesiti. Specifying and Enforcing Access Control Policies for XML Document Sources. World Wide Web Journal, 3(3), 2000Pag. 66Main ReferencesWeb sites:The XML Security Page: xml/security.html OASIS Consortium: Wide Web Consortium: