Selective and Authentic Third-Party Distribution of XML Documents

Get BibTex-formatted data

Download

PDF

Author

E. Bertino, B.Carminati, E.Ferrari, B. Thuraisingham, A. Gupta

Tech report number

CERIAS TR 2004-69

Entry type

article

Abstract

Third-party architectures for data publishing over the Internet today are receiving growing attention, due to their scalability properties and to the ability of efficiently managing large number of subjects and great amount of data. In a third-party architecture, there is a distinction between the Owner and the Publisher of information. The Owner is the producer of information, whereas Publishers are responsible for managing (a portion of) the Owner information and for answering subject queries. A relevant issue in this architecture is how the Owner can ensure a secure and selective publishing of its data, even if the data are managed by a third-party, which can prune some of the nodes of the original document on the basis of subject queries and access control policies. An approach can be that of requiring the Publisher to be trusted with regard to the considered security properties. However, the serious drawback of this solution is that large Web-based systems cannot be easily verified to be secure and can be easily penetrated. For these reasons, in this paper, we propose an alternative approach, based on the use of digital signature techniques, which does not require the Publisher to be trusted. The security properties we consider are authenticity and completeness of a query response, where completeness is intended with regard to the access control policies stated by the information Owner. In particular, we show that, by embedding in the query response one digital signature generated by the Owner and some hash values, a subject is able to locally verify the authenticity of a query response. Moreover, we present an approach that, for a wide range of queries, allows a subject to verify the completeness of query results.

Download

PDF

Date

2004 – 08

Journal

IEEE Transactions on Knowledge and Data Engineering

Key alpha

Secure publishing, third-party publication, XML, authentication, completeness

Number

Pages

1263-1278

Volume

Publication Date

2004-08-01

1 INTRODUCTION 2 BASIC CONCEPTS 3 OVERALL ARCHITECTURE 4 SUBJECT-OWNER INTERACTION 5 OWNER-PUBLISHER INTERACTION 6 SUBJECT-PUBLISHER INTERACTION 7 SUBJECT VERIFICATION 8 ATTACK ANALYSIS 9 PERFORMANCE ISSUES 10 RELATED WORK 11 CONCLUSIONS

Copyright

2004 IEEE

Language

English

Location

A hard-copy of this is in the CERIAS Library

Subject

Third-Party Distribution

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.

@Article{ Secure publishing, third-party publication, XML, authentication, completeness,
	title = "Selective and Authentic Third-Party Distribution of XML Documents",
	author = "E. Bertino, B.Carminati, E.Ferrari, B. Thuraisingham, A. Gupta",
	year = "2004",
	month = "08",
	journal = "IEEE Transactions on Knowledge and Data Engineering",
	number = "10",
	pages = "1263-1278",
	volume = "16",
	abstract = "Third-party architectures for data publishing over the Internet today are receiving growing attention, due to their scalability
properties and to the ability of efficiently managing large number of subjects and great amount of data. In a third-party architecture,
there is a distinction between the Owner and the Publisher of information. The Owner is the producer of information, whereas
Publishers are responsible for managing (a portion of) the Owner information and for answering subject queries. A relevant issue in this
architecture is how the Owner can ensure a secure and selective publishing of its data, even if the data are managed by a third-party,
which can prune some of the nodes of the original document on the basis of subject queries and access control policies. An approach
can be that of requiring the Publisher to be trusted with regard to the considered security properties. However, the serious drawback of
this solution is that large Web-based systems cannot be easily verified to be secure and can be easily penetrated. For these reasons,
in this paper, we propose an alternative approach, based on the use of digital signature techniques, which does not require the
Publisher to be trusted. The security properties we consider are authenticity and completeness of a query response, where
completeness is intended with regard to the access control policies stated by the information Owner. In particular, we show that, by
embedding in the query response one digital signature generated by the Owner and some hash values, a subject is able to locally
verify the authenticity of a query response. Moreover, we present an approach that, for a wide range of queries, allows a subject to
verify the completeness of query results.",
	contents = "1 INTRODUCTION
2 BASIC CONCEPTS
3 OVERALL ARCHITECTURE
4 SUBJECT-OWNER INTERACTION
5 OWNER-PUBLISHER INTERACTION
6 SUBJECT-PUBLISHER INTERACTION
7 SUBJECT VERIFICATION
8 ATTACK ANALYSIS
9 PERFORMANCE ISSUES
10 RELATED WORK
11 CONCLUSIONS",
	copyright = "2004 IEEE",
	language = "English",
	subject = "Third-Party Distribution",
}

Selective and Authentic Third-Party Distribution of XML Documents

Download

Author

Tech report number

Entry type

Abstract

Download

Date

Journal

Key alpha

Number

Pages

Volume

Publication Date

Contents

Copyright

Language

Location

Subject

BibTex-formatted data