A Structure Preserving Approach for Securing XML Documents
-
Upload
nabeel-yoosuf -
Category
Technology
-
view
660 -
download
0
Transcript of A Structure Preserving Approach for Securing XML Documents
A Structure Preserving Approach
for Securing XML Documents
TrustCol-2007
The Department of Computer Science
Purdue University
Mohamed Nabeel
Outline
• Introduction and Basic Concepts
• Annotation and Encoding Scheme
• Enforcing and Verifying Security
Requirements
• Experimental Results
• Conclusion and Future Work
Secure Sharing
• Hierarchical Data such as XML
• Correct Data
• Access Control
A
B C D
IHGFE J
LK
B
FE
LK
D
I J
Bob
Alice
Secure Sharing – Access Control
A
B C D
IHGFE J
LK
B
FE
LK
Bob
Apply Access
Control Policy
Secure Sharing – Correct Data
A
B C D
IHGFE J
LK
B
XE
LY
B
FE
LK
Eve
Bob
Eve has modified
the values
Eve has dropped
elements
Why Preserving Structure
• Partial access to secured documents
• Applying content filters
• Querying secured documents
Late Processing High Scalability
Message Level Security
• P2P vs. E2E
– Transport level security (HTTPS, IPSec, etc)
is sufficient to provide P2P security
– But E2E requires more than TLS
– We need message level security
Source Intermediary Destination
P2P
E2E
Typical Distributed Setting
• Three-tier architecture
Document Source(s)
Intermediaries
Clients
Scalable Systems Message Level Security
XML Node Orderings
• Two types of ordering
1.Hierarchical ordering
2.Sibling ordering
• What orderings are significant?
• What is the relationship between them?
• How does schema validation tools treat
these orderings?
XML Node Orderings
• Is Hierarchical ordering significant?
– Yes, It is!
• Is Sibling ordering significant?
– Depends on the application
Two orderings Two-level structural integrity
XML Node Orderings
<Review>
<p>Einstein is a
<b>genius</b>;
<b>ordinary</b>
people may not understand his work.</p>
</Review>
<Review>
<p>Einstein is a
<b>ordinary</b>;
<b>genius</b>
people may not understand his work.</p>
</Review>
Einstein is a genius; ordinary people may
not understand his work.
Einstein is a ordinary; genius people may
not understand his work.
XSLT XSLT
Sibling ordering in document centric
applications is significant
XML Node Orderings
<person>
<firstname>nabeel</firstname>
<country>sri lanka</country>
<major>cs</major>
<person>
<person>
<country>sri lanka</country>
<firstname>nabeel</firstname>
<major>cs</major>
<person>
firstname country major
nabeel sri lanka cs
Class Person {
String firstname;
String country;
String major;
};
person table
Sibling ordering in data centric
applications may not be significant
Information Leakage
A
B C D
IHGFE J
LK
A
B C D
IHGFE J
LK
B
FE
LK
Direct Leakage Indirect Leakage No Leakage
Key K1
Key K2
Bob only knows K1
Hiding the existence No Information Leakage
One Example
• Delta-publishing
First Message at t1 Second Message at t2
Delta-Message at t2
The smallest unit of change: An Element
Our Approach
• Recognize two level-ordering
• Provide E2E security for hierarchical data
• Reason about security at the smallest
possible change
• Minimal indirect information leakage
Next
• Introduction and Basic Concepts
• Annotation and Encoding Scheme
• Enforcing and Verifying Security
Requirements
• Experimental Results
• Conclusion and Future Work
XML Document
• A Graph G = { V, v, E, f, g}
– V = Ve U Va U Vr where Ve = {x | x is an element}, Va = {x | x is
an attribute}, Vr = {x | x is a node not in Ve U Va}
– v = document root
– E = Ee U Ea U Er where Ee = {e | e is an edge representing an
element-element connection or a link} , Ea = {e | e is an edge
representing an element-attribute connection}, Er = {e | e is an
edge not in Ee U Ea but starts from an element}
– f:E L where L = {l | l is a node name or an attribute name or
a pre-defined label}, f is called the labeling function
– g:(Ve, i) Ver where g returns the ith child of Ve, Ver = Ve U Vr
XML Document
• Example
<?xml version=“1.0” encoding=“UTF-8” ?>
<quote type =„bid‟>
<market>NY</market>
<price cur=„USD‟ size=5m>750</price>
</quote>
Circles – elements
Squares – attributes
Ellipse - other
v
quote
pricemarket
bidtype
USD
cur
5m
size
NY
text
750
text
Properties of the Annotation Scheme
• Two independent annotation schemes for
– Hierarchical ordering and
– Sibling ordering
• Time complexity = O( height of the XML
DOM tree)
• Provides the flexibility to incrementally
annotate
Concurrent Visitor Pattern
Hierarchical Ordering
• Should be able to unambiguously identify parent-child relationships
• Annotate each element with its parent HID
• Element HID‟s need not be unique
• Example: using XPath as HID‟s
– Element x is the parent of y
– Annotate y with h(XPx || name of y), where h is a collision-resistant hash function and XPx
is the XPath of x.XPath sequencing numbers
are not used to prevent indirect
Information leakage.
Sibling Ordering
• Maintain the following condition
– Given that elements x and y are siblings and x
is to the left of y, seqx < seqy where seqx and
seqy are secure random numbers assigned to
x and y respectively.
Secure random numbers make inferring
about hidden elements difficult, thus
preventing indirect information leakage.
Encoding Scheme
v
quote
pricemarket
bidtype
USD
cur
5m
size
NY
content
750
content
Elements and non-elements Only elements
v
quote
pricemarket
bidtype
USD
cur
5m
size
NY
text
750
text
High reduction in |V| and |E| for document-centric
applications.
Encoding Scheme
• New Graph G‟ = { V‟, v, E‟, f’, g’}
• V‟ = V U {x | x is an attribute for ID, seq or
content} - Vr
• E‟ = E U {e | e is an attribute-element from
ID, seq or content} - Er
• f‟:V‟ L‟ where L‟ = L U {ID, seq, content}
• g‟:{Ve, i} Ve where Ve consists only of
elements
Next
• Introduction and Basic Concepts
• Annotation and Encoding Scheme
• Enforcing and Verifying Security
Requirements
• Experimental Results
• Conclusion and Future Work
Integrity
• Two types of integrity
– Structural integrity
– Content integrity
• Introduce a new attribute (signed)
• Attribute value = h(E.attrs || E.content)
– h – hash function
– E.attrs - concatination of attribute name-value pairs of
element E
– E.content – content of element E
• Merkle hash vs. Our approach
Integrity
A
B C D
IHGFE J
LK
B
XE
LY
B
FE
LK
Bob receives..
Content Integrity is
violated
Sibling Integrity is
violated
B
FL
EK
B
FE
KL
Hierarchical
Integrity is violatedCompleteness
is violated
Confidentiality
• Content of each element is encrypted
• Introduce a new attribute (encrypted)
• Attribute value = keys(keyr||keyr (E.attrs || E.content || E.signed))– keyr – a randomly generated key
– keys – shared key
– E.attrs – concatination of attribute name-value pairs of element E
– E.content – content of element E
– E.signed – digital signature computed for E
Verifying and Updating
• Each element can be verified
independently
• Hierarchical and Sibling integrity can be
verified independently
• Each element can be updated
independently
• Structure can be updated without affecting
the existing values
Example: Updating
<?xml version=“1.0” encoding=“UTF-8” ?>
<quote type =„bid‟>
<market>NY</market>
<price cur=„USD‟ size=5m>765</price>
</quote>v
quote
pricemarket
X
X
signed
encrypted
X
X
signed
signed
X X
encrypted encrypted
Re-calculate signed and
encrypted attributes only
for this element
Next
• Introduction and Basic Concepts
• Annotation and Encoding Scheme
• Enforcing and Verifying Security
Requirements
• Experimental Results
• Conclusion and Future Work
Global vs. Local Annotation
0
50
100
150
200
250
300
350
400
1 2 3 4 5 6 7 8
Number of Elements in the XML document (in 500)
Tim
e t
ak
en
to
an
no
tate
(m
s)
Local Annotation Global Annotation
Updating XML Document
0
100
200
300
400
500
600
700
800
1 2 3 4 5
Percentage of the Document Updated
Tim
e t
ak
en
(m
s)
Our Scheme W3C Scheme
Division of Labor
0
5000
10000
15000
20000
25000
30000
35000
40000
45000
1 2 3 4 5 6 7 8
Number of Elements in the XML Document (in 500)
Tim
e T
ak
en
encoding signing encrypting
Outline
• Introduction and Basic Concepts
• Annotation and Encoding Scheme
• Enforcing and Verifying Security
Requirements
• Implementation and Experimental Results
• Conclusion and Future Work
Conclusion and Future Work
• We presented an interesting approach to secure XML documents while preserving the structure
• We plan to extend the work presented to
– Explore ways to reduce the signing time
– Explore possible hybrid combinations of our approach and the standard approach
• We are planning to publish the library under ASF license
Questions
Thank You!
Merkle Hash
Visitor Pattern
W3C Digital Signature