ABSTRACT
XML is increasingly becoming the format of choice for information exchange, in critical areas such as government, finance, healthcare and law, where integrity is of the essence. As this trend grows, one can expect that documents (or collections thereof) may get quite large, and clients may wish to query for specific segments of these documents. In critical applications, clients must be assured that they are getting complete and correct answers to their queries. Existing methods for signing XML documents cannot be used to establish that an answer to a query is complete. A simple approach has a server processing queries and certifying answers by digitally signing them with an on-line private key; however, the server, and its on-line private key, would be vulnerable to external hacking and insider attacks. We propose a new approach to signing XML documents which allows untrusted servers to answer certain types of path queries and selection queries over XML documents without the need for trusted on-line signing keys. This approach enhances both the security and scalability of publishing information in XML format over the internet. In addition, it provides greater flexibility in authenticating parts of XML documents, in response to commercial or security policy considerations.
- 1.S.Abiteboul,P.Buneman,D.Suciu:Data on the Web:From Relations to Semistructured Data and XML.Morgan Kaufman,2000.]] Google ScholarDigital Library
- 2.S.Abiteboul,V.Vianu:Regular Path Queries with Constraints.In Proc.16th ACM Symposium on Principles of Database Systems (PODS),122 -133, ACM Press,1997.]] Google ScholarDigital Library
- 3.A.Bonifati,S.Ceri:Comparative Analysis of Five XML Query Languages.SIGMOD Record 29:1 ,68 -79, 2000.]] Google ScholarDigital Library
- 4.A.Buldas,P.Laud,H.Lipmaa:Accountable Certi .cate Management using undeniable Attestations.In Proc.7th ACM Conference on Computer and Communications Security ,9 -17,ACM, 2000.]] Google ScholarDigital Library
- 5.J.Clark:XSL Transformation (XSLT),Version 1.0. W3C Recommendation,Nov 1999.]]Google Scholar
- 6.J.Cowan:XML Information Set.W3C Working Draft,March 2001.]]Google Scholar
- 7.J.Clark,S.DeRose:XML Path Language (XPath). W3C Recommendation,Nov 1999.]]Google Scholar
- 8.E.Damiani,S.De Capitani di Vimercati, S.Paraboschi,P.Samarati:XML Access Control Systems:A Component-Based Approach In 14th IFIP 11.3 Working Conference in Database Security ,2000.]] Google ScholarDigital Library
- 9.E.Damiani,S.De Capitani di Vimercati, S.Paraboschi,P.Samarati:Securing XML Dcoument. In 6th International Conference on Extending Database Technology (EDBT),LNCS 1777,121 -135, Springer,2000.]] Google ScholarDigital Library
- 10.P.Devanbu,M.Gertz,C.Martel,S.Stubblebine: Authentic Third-part Data Publication.In 14th IFIP 11.3 Working Conference in Database Security ,2000.]] Google ScholarDigital Library
- 11.Digest Values for DOM (DOMHASH).RFC2803, http://www.land .eld.com/rfcs/rfc2803.html,April 2000.]]Google Scholar
- 12.L.Dongwon,W.W.Chu:Comparative Analysis of Six XML Schema Languages Sigmod Record 29:3 (September 2000),76 -87]] Google ScholarDigital Library
- 13.D.Eastlake,J.Reagle,D.Solo:XML -Signature Syntax and Processing,Internet Draft,www.ietf.org/- internet-drafts/draft-ietf-xmldsig-core-2-00.txt]] Google ScholarDigital Library
- 14.D.C.Fallside:XML Schema Part 0:Primer.W3C Recommendation,Ma 2001.]]Google Scholar
- 15.M.T.Goodrich,R.Tamassia,and A.Schwerin: Implementation of an Authenticated Dictionary with Skip Lists and Commutative Hashing,In DISCEX II , 2001 (also U.S.Patent Filing ).]]Google ScholarCross Ref
- 16.D.Gus .eld,Algorithms on Strings,Trees,and Sequences:Computer Science and Computational Biology ,Cambridge Universit Press]] Google ScholarDigital Library
- 17.C.Martel,G.Nuckolls,P.Devanbu,M.Gertz,A. Kwong,S.Stubblebine,General Model for Authentic Data Publication, www.cs.ucdavis.edu/ ~devanbu/.les/model-paper.pdf]]Google Scholar
- 18.R.C.Merkle:A Certi .ed Digital Signature.In Advances in Cryptology -Crypto '89 ,1989.]] Google ScholarDigital Library
- 19.M.Naor and K.Nissim.Certi .cate Revocation and Certi .cate Update.In Proceedings,7th USENIX Security Symposium ,1999.]] Google ScholarDigital Library
Index Terms
- Flexible authentication of XML documents
Recommendations
Flexible authentication of XML documents
Special issue on ACM conference on computer and communications security, 2001XML is increasingly becoming the format of choice for information exchange on the Internet. As this trend grows, one can expect that documents (or collections thereof) may get quite large, and clients may wish to query for specific segments of these ...
Query XML Documents Using XTQ Language
WSCS '08: Proceedings of the IEEE International Workshop on Semantic Computing and SystemsUp to now many XML query languages, including XPath and XQuery which become the standard of XML query standard by W3C, have been prosposed. However, since the navigational query approach adopted by XPath can only get homogeneous data, it often incurs ...
Querying Encrypted XML Documents
IDEAS '06: Proceedings of the 10th International Database Engineering and Applications SymposiumThis paper proposes techniques to query encrypted XML documents. Such a problem predominantly occurs in "Database as a Service” (DAS) architectures, where a client may outsource data to a service provider that provides data management services. Security ...
Comments