SlideShare une entreprise Scribd logo

A Structure Preserving Approach for Securing XML Documents

N
Nabeel Yoosuf

The talk I did at TrustCol 2007, NY, USA

Technologie
1  sur  41
Télécharger pour lire hors ligne
A Structure Preserving Approach for Securing XML Documents TrustCol-2007 The Department of Computer Science Purdue University Mohamed Nabeel nabeel@cs.purdue.edu
Outline • Introduction and Basic Concepts • Annotation and Encoding Scheme • Enforcing and Verifying Security Requirements • Experimental Results • Conclusion and Future Work
Secure Sharing • Hierarchical Data such as XML • Correct Data • Access Control B Bob A E F B C D K L E F G H I J D K L Alice I J
Secure Sharing – Access Control Apply Access Control Policy A B B C D E F G H I J E F Bob K L K L
Secure Sharing – Correct Data Bob Eve has modified B the values E X A Y L B C D Eve E F G H I J B K L E F Eve has dropped K L elements
Why Preserving Structure • Partial access to secured documents • Applying content filters • Querying secured documents Late Processing High Scalability
Message Level Security • P2P vs. E2E – Transport level security (HTTPS, IPSec, etc) is sufficient to provide P2P security – But E2E requires more than TLS – We need message level security P2P Source Intermediary Destination E2E
Typical Distributed Setting • Three-tier architecture Document Source(s) Intermediaries Clients Scalable Systems Message Level Security
XML Node Orderings • Two types of ordering 1.Hierarchical ordering 2.Sibling ordering • What orderings are significant? • What is the relationship between them? • How does schema validation tools treat these orderings?
XML Node Orderings • Is Hierarchical ordering significant? – Yes, It is! • Is Sibling ordering significant? – Depends on the application Two orderings Two-level structural integrity
XML Node Orderings <Review> <Review> <p>Einstein is a <p>Einstein is a <b>genius</b>; <b>ordinary</b>; <b>ordinary</b> <b>genius</b> people may not understand his work.</p> people may not understand his work.</p> </Review> </Review> XSLT XSLT Einstein is a genius; ordinary people may Einstein is a ordinary; genius people may not understand his work. not understand his work. Sibling ordering in document centric applications is significant
XML Node Orderings person table <person> firstname country major <firstname>nabeel</firstname> nabeel sri lanka cs <country>sri lanka</country> <major>cs</major> <person> <person> Class Person { <country>sri lanka</country> String firstname; <firstname>nabeel</firstname> String country; <major>cs</major> String major; <person> }; Sibling ordering in data centric applications may not be significant
Information Leakage Direct Leakage Indirect Leakage No Leakage A A Key K2 B B C D Key K1 B C D E F E F G H I J E F G H I J K L K L K L Bob only knows K1 Hiding the existence No Information Leakage
One Example • Delta-publishing Delta-Message at t2 First Message at t1 Second Message at t2 The smallest unit of change: An Element
Our Approach • Recognize two level-ordering • Provide E2E security for hierarchical data • Reason about security at the smallest possible change • Minimal indirect information leakage
Next • Introduction and Basic Concepts • Annotation and Encoding Scheme • Enforcing and Verifying Security Requirements • Experimental Results • Conclusion and Future Work
XML Document • A Graph G = { V, v, E, f, g} – V = Ve U Va U Vr where Ve = {x | x is an element}, Va = {x | x is an attribute}, Vr = {x | x is a node not in Ve U Va} – v = document root – E = Ee U Ea U Er where Ee = {e | e is an edge representing an element-element connection or a link} , Ea = {e | e is an edge representing an element-attribute connection}, Er = {e | e is an edge not in Ee U Ea but starts from an element} – f:E  L where L = {l | l is a node name or an attribute name or a pre-defined label}, f is called the labeling function – g:(Ve, i)  Ver where g returns the ith child of Ve, Ver = Ve U Vr
XML Document • Example <?xml version=“1.0” encoding=“UTF-8” ?> <quote type =„bid‟> <market>NY</market> v <price cur=„USD‟ size=5m>750</price> quote </quote> bid type USD Circles – elements market price cur Squares – attributes Ellipse - other text text size 5m NY 750
Properties of the Annotation Scheme • Two independent annotation schemes for – Hierarchical ordering and – Sibling ordering • Time complexity = O( height of the XML DOM tree) • Provides the flexibility to incrementally annotate
Concurrent Visitor Pattern
Hierarchical Ordering • Should be able to unambiguously identify parent-child relationships • Annotate each element with its parent HID • Element HID‟s need not be unique • Example: using XPath as HID‟s – Element x is the parent of y – Annotate y with h(XPx || name of y), where h is a collision-resistant hash function and XPx is the XPath of x. XPath sequencing numbers are not used to prevent indirect Information leakage.
Sibling Ordering • Maintain the following condition – Given that elements x and y are siblings and x is to the left of y, seqx < seqy where seqx and seqy are secure random numbers assigned to x and y respectively. Secure random numbers make inferring about hidden elements difficult, thus preventing indirect information leakage.
Encoding Scheme v v quote quote bid bid type type market price USD USD market price cur NY cur content size size text text 5m content 5m NY 750 750 Elements and non-elements Only elements High reduction in |V| and |E| for document-centric applications.
Encoding Scheme • New Graph G‟ = { V‟, v, E‟, f’, g’} • V‟ = V U {x | x is an attribute for ID, seq or content} - Vr • E‟ = E U {e | e is an attribute-element from ID, seq or content} - Er • f‟:V‟  L‟ where L‟ = L U {ID, seq, content} • g‟:{Ve, i}  Ve where Ve consists only of elements
Next • Introduction and Basic Concepts • Annotation and Encoding Scheme • Enforcing and Verifying Security Requirements • Experimental Results • Conclusion and Future Work
Integrity • Two types of integrity – Structural integrity – Content integrity • Introduce a new attribute (signed) • Attribute value = h(E.attrs || E.content) – h – hash function – E.attrs - concatination of attribute name-value pairs of element E – E.content – content of element E • Merkle hash vs. Our approach
Integrity A Content Integrity is B B C D violated E X E F G H I J Y L Sibling Integrity is K L Bob receives.. violated B Completeness Hierarchical B B is violated Integrity is violated E F L F E F L K K E K L
Confidentiality • Content of each element is encrypted • Introduce a new attribute (encrypted) • Attribute value = keys(keyr||keyr (E.attrs || E.content || E.signed)) – keyr – a randomly generated key – keys – shared key – E.attrs – concatination of attribute name-value pairs of element E – E.content – content of element E – E.signed – digital signature computed for E
Verifying and Updating • Each element can be verified independently • Hierarchical and Sibling integrity can be verified independently • Each element can be updated independently • Structure can be updated without affecting the existing values
Example: Updating <?xml version=“1.0” encoding=“UTF-8” ?> <quote type =„bid‟> <market>NY</market> <price cur=„USD‟ size=5m>765</price> v </quote> X quote signed Re-calculate signed and encrypted X encrypted attributes only for this element market price signed X encrypted signed encrypted X X X
Next • Introduction and Basic Concepts • Annotation and Encoding Scheme • Enforcing and Verifying Security Requirements • Experimental Results • Conclusion and Future Work
Global vs. Local Annotation Local Annotation Global Annotation 400 Time taken to annotate (ms) 350 300 250 200 150 100 50 0 1 2 3 4 5 6 7 8 Number of Elements in the XML document (in 500)
Updating XML Document Our Scheme W3C Scheme 800 700 600 Time taken (ms) 500 400 300 200 100 0 1 2 3 4 5 Percentage of the Document Updated
Division of Labor encoding signing encrypting 45000 40000 35000 30000 Time Taken 25000 20000 15000 10000 5000 0 1 2 3 4 5 6 7 8 Number of Elements in the XML Document (in 500)
Outline • Introduction and Basic Concepts • Annotation and Encoding Scheme • Enforcing and Verifying Security Requirements • Implementation and Experimental Results • Conclusion and Future Work
Conclusion and Future Work • We presented an interesting approach to secure XML documents while preserving the structure • We plan to extend the work presented to – Explore ways to reduce the signing time – Explore possible hybrid combinations of our approach and the standard approach • We are planning to publish the library under ASF license
Questions
Thank You!
Merkle Hash
Visitor Pattern
W3C Digital Signature

Recommandé

Best Practices In Translation And Language Technology For Foreign Language In...
Best Practices In Translation And Language Technology For Foreign Language In...Best Practices In Translation And Language Technology For Foreign Language In...
Best Practices In Translation And Language Technology For Foreign Language In...
jayrosen
 
Pub-Sub Systems and Confidentiality/Privacy
Pub-Sub Systems and Confidentiality/PrivacyPub-Sub Systems and Confidentiality/Privacy
Pub-Sub Systems and Confidentiality/Privacy
Nabeel Yoosuf
 
Tokenization: Life beyond the Information Age
Tokenization: Life beyond the Information AgeTokenization: Life beyond the Information Age
Tokenization: Life beyond the Information Age
Shannon Code
 
Efficient privacy preserving publish subscribe systems
Efficient privacy preserving publish subscribe systemsEfficient privacy preserving publish subscribe systems
Efficient privacy preserving publish subscribe systems
Nabeel Yoosuf
 
Risk Management Practices for PCI DSS 2.0
Risk Management Practices for PCI DSS 2.0Risk Management Practices for PCI DSS 2.0
Risk Management Practices for PCI DSS 2.0
Ulf Mattsson
 
Introduction to OAuth 2.0 - Part 1
Introduction to OAuth 2.0 - Part 1Introduction to OAuth 2.0 - Part 1
Introduction to OAuth 2.0 - Part 1
Nabeel Yoosuf
 
Building RESTful Applications
Building RESTful ApplicationsBuilding RESTful Applications
Building RESTful Applications
Nabeel Yoosuf
 
Introduction to OAuth 2.0 - Part 1
Introduction to OAuth 2.0 - Part 1Introduction to OAuth 2.0 - Part 1
Introduction to OAuth 2.0 - Part 1
Nabeel Yoosuf
 

Recommandé

Best Practices In Translation And Language Technology For Foreign Language In...
Best Practices In Translation And Language Technology For Foreign Language In...Best Practices In Translation And Language Technology For Foreign Language In...
Best Practices In Translation And Language Technology For Foreign Language In...
jayrosen
 
Pub-Sub Systems and Confidentiality/Privacy
Pub-Sub Systems and Confidentiality/PrivacyPub-Sub Systems and Confidentiality/Privacy
Pub-Sub Systems and Confidentiality/Privacy
Nabeel Yoosuf
 
Tokenization: Life beyond the Information Age
Tokenization: Life beyond the Information AgeTokenization: Life beyond the Information Age
Tokenization: Life beyond the Information Age
Shannon Code
 
Efficient privacy preserving publish subscribe systems
Efficient privacy preserving publish subscribe systemsEfficient privacy preserving publish subscribe systems
Efficient privacy preserving publish subscribe systems
Nabeel Yoosuf
 
Risk Management Practices for PCI DSS 2.0
Risk Management Practices for PCI DSS 2.0Risk Management Practices for PCI DSS 2.0
Risk Management Practices for PCI DSS 2.0
Ulf Mattsson
 
Introduction to OAuth 2.0 - Part 1
Introduction to OAuth 2.0 - Part 1Introduction to OAuth 2.0 - Part 1
Introduction to OAuth 2.0 - Part 1
Nabeel Yoosuf
 
Building RESTful Applications
Building RESTful ApplicationsBuilding RESTful Applications
Building RESTful Applications
Nabeel Yoosuf
 
Introduction to OAuth 2.0 - Part 1
Introduction to OAuth 2.0 - Part 1Introduction to OAuth 2.0 - Part 1
Introduction to OAuth 2.0 - Part 1
Nabeel Yoosuf
 
Introduction to OAuth 2.0 - Part 2
Introduction to OAuth 2.0 - Part 2Introduction to OAuth 2.0 - Part 2
Introduction to OAuth 2.0 - Part 2
Nabeel Yoosuf
 
Payment Acceptance and Card Tokenization in JavaScript by Diwa Del Mundo
Payment Acceptance and Card Tokenization in JavaScript by Diwa Del MundoPayment Acceptance and Card Tokenization in JavaScript by Diwa Del Mundo
Payment Acceptance and Card Tokenization in JavaScript by Diwa Del Mundo
DEVCON
 
Ken Smith - Tokenization
Ken Smith - TokenizationKen Smith - Tokenization
Ken Smith - Tokenization
Source Conference
 
Decision criteria and analysis for hardware-based encryption
Decision criteria and analysis for hardware-based encryptionDecision criteria and analysis for hardware-based encryption
Decision criteria and analysis for hardware-based encryption
Thales e-Security
 
API Façade Pattern
API Façade PatternAPI Façade Pattern
API Façade Pattern
Nabeel Yoosuf
 
Tokenization on the Node - Data Protection for Security and Compliance
Tokenization on the Node - Data Protection for Security and ComplianceTokenization on the Node - Data Protection for Security and Compliance
Tokenization on the Node - Data Protection for Security and Compliance
Ulf Mattsson
 
Host Card Emulation
Host Card Emulation Host Card Emulation
Host Card Emulation
Ahmed Fathallah
 
Encryption and Tokenization: Friend or Foe?
Encryption and Tokenization: Friend or Foe?Encryption and Tokenization: Friend or Foe?
Encryption and Tokenization: Friend or Foe?
Zach Gardner
 
White Paper: Tokenization, Credit Card Fraud Prevention, Beyond PCI Measures
White Paper: Tokenization, Credit Card Fraud Prevention, Beyond PCI MeasuresWhite Paper: Tokenization, Credit Card Fraud Prevention, Beyond PCI Measures
White Paper: Tokenization, Credit Card Fraud Prevention, Beyond PCI Measures
Nisum
 
Straight Talk on Data Tokenization for PCI & Cloud
Straight Talk on Data Tokenization for PCI & CloudStraight Talk on Data Tokenization for PCI & Cloud
Straight Talk on Data Tokenization for PCI & Cloud
Intel - API Security & Tokenization
 
HCE tutorial
HCE tutorialHCE tutorial
HCE tutorial
Chien-Ming Chou
 
What is Host Card Emulation (HCE)?
What is Host Card Emulation (HCE)?What is Host Card Emulation (HCE)?
What is Host Card Emulation (HCE)?
Rambus Inc
 
Introduction to Tokenization
Introduction to TokenizationIntroduction to Tokenization
Introduction to Tokenization
Nabeel Yoosuf
 
Privacy Preserving Access Control for Third Party Data Management Systems
Privacy Preserving Access Control for Third Party Data Management SystemsPrivacy Preserving Access Control for Third Party Data Management Systems
Privacy Preserving Access Control for Third Party Data Management Systems
Nabeel Yoosuf
 
Cloud payments (HCE): a simpler step with Thales HSMs
Cloud payments (HCE): a simpler step with Thales HSMsCloud payments (HCE): a simpler step with Thales HSMs
Cloud payments (HCE): a simpler step with Thales HSMs
Thales e-Security
 
Oracle Transparent Data Encryption (TDE) 12c
Oracle Transparent Data Encryption (TDE) 12cOracle Transparent Data Encryption (TDE) 12c
Oracle Transparent Data Encryption (TDE) 12c
Nabeel Yoosuf
 
What is Payment Tokenization?
What is Payment Tokenization?What is Payment Tokenization?
What is Payment Tokenization?
Rambus Inc
 
Android HCE: An intro into the world of NFC
Android HCE: An intro into the world of NFCAndroid HCE: An intro into the world of NFC
Android HCE: An intro into the world of NFC
NFC Forum
 
Access Control: Principles and Practice
Access Control: Principles and PracticeAccess Control: Principles and Practice
Access Control: Principles and Practice
Nabeel Yoosuf
 
What is a Trusted Service Manager?
What is a Trusted Service Manager?What is a Trusted Service Manager?
What is a Trusted Service Manager?
Rambus Inc
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Zilliz
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
apidays
 

Contenu connexe

En vedette

Decision criteria and analysis for hardware-based encryption
Decision criteria and analysis for hardware-based encryptionDecision criteria and analysis for hardware-based encryption
Decision criteria and analysis for hardware-based encryption
Thales e-Security
 
What is Host Card Emulation (HCE)?
What is Host Card Emulation (HCE)?What is Host Card Emulation (HCE)?
What is Host Card Emulation (HCE)?
Rambus Inc
 
Privacy Preserving Access Control for Third Party Data Management Systems
Privacy Preserving Access Control for Third Party Data Management SystemsPrivacy Preserving Access Control for Third Party Data Management Systems
Privacy Preserving Access Control for Third Party Data Management Systems
Nabeel Yoosuf
 
Cloud payments (HCE): a simpler step with Thales HSMs
Cloud payments (HCE): a simpler step with Thales HSMsCloud payments (HCE): a simpler step with Thales HSMs
Cloud payments (HCE): a simpler step with Thales HSMs
Thales e-Security
 
What is Payment Tokenization?
What is Payment Tokenization?What is Payment Tokenization?
What is Payment Tokenization?
Rambus Inc
 
What is a Trusted Service Manager?
What is a Trusted Service Manager?What is a Trusted Service Manager?
What is a Trusted Service Manager?
Rambus Inc
 

En vedette (20)

Introduction to OAuth 2.0 - Part 2
Introduction to OAuth 2.0 - Part 2Introduction to OAuth 2.0 - Part 2
Introduction to OAuth 2.0 - Part 2
 
Payment Acceptance and Card Tokenization in JavaScript by Diwa Del Mundo
Payment Acceptance and Card Tokenization in JavaScript by Diwa Del MundoPayment Acceptance and Card Tokenization in JavaScript by Diwa Del Mundo
Payment Acceptance and Card Tokenization in JavaScript by Diwa Del Mundo
 
Ken Smith - Tokenization
Ken Smith - TokenizationKen Smith - Tokenization
Ken Smith - Tokenization
 
Decision criteria and analysis for hardware-based encryption
Decision criteria and analysis for hardware-based encryptionDecision criteria and analysis for hardware-based encryption
Decision criteria and analysis for hardware-based encryption
 
API Façade Pattern
API Façade PatternAPI Façade Pattern
API Façade Pattern
 
Tokenization on the Node - Data Protection for Security and Compliance
Tokenization on the Node - Data Protection for Security and ComplianceTokenization on the Node - Data Protection for Security and Compliance
Tokenization on the Node - Data Protection for Security and Compliance
 
Host Card Emulation
Host Card Emulation Host Card Emulation
Host Card Emulation
 
Encryption and Tokenization: Friend or Foe?
Encryption and Tokenization: Friend or Foe?Encryption and Tokenization: Friend or Foe?
Encryption and Tokenization: Friend or Foe?
 
White Paper: Tokenization, Credit Card Fraud Prevention, Beyond PCI Measures
White Paper: Tokenization, Credit Card Fraud Prevention, Beyond PCI MeasuresWhite Paper: Tokenization, Credit Card Fraud Prevention, Beyond PCI Measures
White Paper: Tokenization, Credit Card Fraud Prevention, Beyond PCI Measures
 
Straight Talk on Data Tokenization for PCI & Cloud
Straight Talk on Data Tokenization for PCI & CloudStraight Talk on Data Tokenization for PCI & Cloud
Straight Talk on Data Tokenization for PCI & Cloud
 
HCE tutorial
HCE tutorialHCE tutorial
HCE tutorial
 
What is Host Card Emulation (HCE)?
What is Host Card Emulation (HCE)?What is Host Card Emulation (HCE)?
What is Host Card Emulation (HCE)?
 
Introduction to Tokenization
Introduction to TokenizationIntroduction to Tokenization
Introduction to Tokenization
 
Privacy Preserving Access Control for Third Party Data Management Systems
Privacy Preserving Access Control for Third Party Data Management SystemsPrivacy Preserving Access Control for Third Party Data Management Systems
Privacy Preserving Access Control for Third Party Data Management Systems
 
Cloud payments (HCE): a simpler step with Thales HSMs
Cloud payments (HCE): a simpler step with Thales HSMsCloud payments (HCE): a simpler step with Thales HSMs
Cloud payments (HCE): a simpler step with Thales HSMs
 
Oracle Transparent Data Encryption (TDE) 12c
Oracle Transparent Data Encryption (TDE) 12cOracle Transparent Data Encryption (TDE) 12c
Oracle Transparent Data Encryption (TDE) 12c
 
What is Payment Tokenization?
What is Payment Tokenization?What is Payment Tokenization?
What is Payment Tokenization?
 
Android HCE: An intro into the world of NFC
Android HCE: An intro into the world of NFCAndroid HCE: An intro into the world of NFC
Android HCE: An intro into the world of NFC
 
Access Control: Principles and Practice
Access Control: Principles and PracticeAccess Control: Principles and Practice
Access Control: Principles and Practice
 
What is a Trusted Service Manager?
What is a Trusted Service Manager?What is a Trusted Service Manager?
What is a Trusted Service Manager?
 

Dernier

Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
Overkill Security
 

Dernier (20)

Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 

A Structure Preserving Approach for Securing XML Documents

  • 1. A Structure Preserving Approach for Securing XML Documents TrustCol-2007 The Department of Computer Science Purdue University Mohamed Nabeel nabeel@cs.purdue.edu
  • 2. Outline • Introduction and Basic Concepts • Annotation and Encoding Scheme • Enforcing and Verifying Security Requirements • Experimental Results • Conclusion and Future Work
  • 3. Secure Sharing • Hierarchical Data such as XML • Correct Data • Access Control B Bob A E F B C D K L E F G H I J D K L Alice I J
  • 4. Secure Sharing – Access Control Apply Access Control Policy A B B C D E F G H I J E F Bob K L K L
  • 5. Secure Sharing – Correct Data Bob Eve has modified B the values E X A Y L B C D Eve E F G H I J B K L E F Eve has dropped K L elements
  • 6. Why Preserving Structure • Partial access to secured documents • Applying content filters • Querying secured documents Late Processing High Scalability
  • 7. Message Level Security • P2P vs. E2E – Transport level security (HTTPS, IPSec, etc) is sufficient to provide P2P security – But E2E requires more than TLS – We need message level security P2P Source Intermediary Destination E2E
  • 8. Typical Distributed Setting • Three-tier architecture Document Source(s) Intermediaries Clients Scalable Systems Message Level Security
  • 9. XML Node Orderings • Two types of ordering 1.Hierarchical ordering 2.Sibling ordering • What orderings are significant? • What is the relationship between them? • How does schema validation tools treat these orderings?
  • 10. XML Node Orderings • Is Hierarchical ordering significant? – Yes, It is! • Is Sibling ordering significant? – Depends on the application Two orderings Two-level structural integrity
  • 11. XML Node Orderings <Review> <Review> <p>Einstein is a <p>Einstein is a <b>genius</b>; <b>ordinary</b>; <b>ordinary</b> <b>genius</b> people may not understand his work.</p> people may not understand his work.</p> </Review> </Review> XSLT XSLT Einstein is a genius; ordinary people may Einstein is a ordinary; genius people may not understand his work. not understand his work. Sibling ordering in document centric applications is significant
  • 12. XML Node Orderings person table <person> firstname country major <firstname>nabeel</firstname> nabeel sri lanka cs <country>sri lanka</country> <major>cs</major> <person> <person> Class Person { <country>sri lanka</country> String firstname; <firstname>nabeel</firstname> String country; <major>cs</major> String major; <person> }; Sibling ordering in data centric applications may not be significant
  • 13. Information Leakage Direct Leakage Indirect Leakage No Leakage A A Key K2 B B C D Key K1 B C D E F E F G H I J E F G H I J K L K L K L Bob only knows K1 Hiding the existence No Information Leakage
  • 14. One Example • Delta-publishing Delta-Message at t2 First Message at t1 Second Message at t2 The smallest unit of change: An Element
  • 15. Our Approach • Recognize two level-ordering • Provide E2E security for hierarchical data • Reason about security at the smallest possible change • Minimal indirect information leakage
  • 16. Next • Introduction and Basic Concepts • Annotation and Encoding Scheme • Enforcing and Verifying Security Requirements • Experimental Results • Conclusion and Future Work
  • 17. XML Document • A Graph G = { V, v, E, f, g} – V = Ve U Va U Vr where Ve = {x | x is an element}, Va = {x | x is an attribute}, Vr = {x | x is a node not in Ve U Va} – v = document root – E = Ee U Ea U Er where Ee = {e | e is an edge representing an element-element connection or a link} , Ea = {e | e is an edge representing an element-attribute connection}, Er = {e | e is an edge not in Ee U Ea but starts from an element} – f:E  L where L = {l | l is a node name or an attribute name or a pre-defined label}, f is called the labeling function – g:(Ve, i)  Ver where g returns the ith child of Ve, Ver = Ve U Vr
  • 18. XML Document • Example <?xml version=“1.0” encoding=“UTF-8” ?> <quote type =„bid‟> <market>NY</market> v <price cur=„USD‟ size=5m>750</price> quote </quote> bid type USD Circles – elements market price cur Squares – attributes Ellipse - other text text size 5m NY 750
  • 19. Properties of the Annotation Scheme • Two independent annotation schemes for – Hierarchical ordering and – Sibling ordering • Time complexity = O( height of the XML DOM tree) • Provides the flexibility to incrementally annotate
  • 21. Hierarchical Ordering • Should be able to unambiguously identify parent-child relationships • Annotate each element with its parent HID • Element HID‟s need not be unique • Example: using XPath as HID‟s – Element x is the parent of y – Annotate y with h(XPx || name of y), where h is a collision-resistant hash function and XPx is the XPath of x. XPath sequencing numbers are not used to prevent indirect Information leakage.
  • 22. Sibling Ordering • Maintain the following condition – Given that elements x and y are siblings and x is to the left of y, seqx < seqy where seqx and seqy are secure random numbers assigned to x and y respectively. Secure random numbers make inferring about hidden elements difficult, thus preventing indirect information leakage.
  • 23. Encoding Scheme v v quote quote bid bid type type market price USD USD market price cur NY cur content size size text text 5m content 5m NY 750 750 Elements and non-elements Only elements High reduction in |V| and |E| for document-centric applications.
  • 24. Encoding Scheme • New Graph G‟ = { V‟, v, E‟, f’, g’} • V‟ = V U {x | x is an attribute for ID, seq or content} - Vr • E‟ = E U {e | e is an attribute-element from ID, seq or content} - Er • f‟:V‟  L‟ where L‟ = L U {ID, seq, content} • g‟:{Ve, i}  Ve where Ve consists only of elements
  • 25. Next • Introduction and Basic Concepts • Annotation and Encoding Scheme • Enforcing and Verifying Security Requirements • Experimental Results • Conclusion and Future Work
  • 26. Integrity • Two types of integrity – Structural integrity – Content integrity • Introduce a new attribute (signed) • Attribute value = h(E.attrs || E.content) – h – hash function – E.attrs - concatination of attribute name-value pairs of element E – E.content – content of element E • Merkle hash vs. Our approach
  • 27. Integrity A Content Integrity is B B C D violated E X E F G H I J Y L Sibling Integrity is K L Bob receives.. violated B Completeness Hierarchical B B is violated Integrity is violated E F L F E F L K K E K L
  • 28. Confidentiality • Content of each element is encrypted • Introduce a new attribute (encrypted) • Attribute value = keys(keyr||keyr (E.attrs || E.content || E.signed)) – keyr – a randomly generated key – keys – shared key – E.attrs – concatination of attribute name-value pairs of element E – E.content – content of element E – E.signed – digital signature computed for E
  • 29. Verifying and Updating • Each element can be verified independently • Hierarchical and Sibling integrity can be verified independently • Each element can be updated independently • Structure can be updated without affecting the existing values
  • 30. Example: Updating <?xml version=“1.0” encoding=“UTF-8” ?> <quote type =„bid‟> <market>NY</market> <price cur=„USD‟ size=5m>765</price> v </quote> X quote signed Re-calculate signed and encrypted X encrypted attributes only for this element market price signed X encrypted signed encrypted X X X
  • 31. Next • Introduction and Basic Concepts • Annotation and Encoding Scheme • Enforcing and Verifying Security Requirements • Experimental Results • Conclusion and Future Work
  • 32. Global vs. Local Annotation Local Annotation Global Annotation 400 Time taken to annotate (ms) 350 300 250 200 150 100 50 0 1 2 3 4 5 6 7 8 Number of Elements in the XML document (in 500)
  • 33. Updating XML Document Our Scheme W3C Scheme 800 700 600 Time taken (ms) 500 400 300 200 100 0 1 2 3 4 5 Percentage of the Document Updated
  • 34. Division of Labor encoding signing encrypting 45000 40000 35000 30000 Time Taken 25000 20000 15000 10000 5000 0 1 2 3 4 5 6 7 8 Number of Elements in the XML Document (in 500)
  • 35. Outline • Introduction and Basic Concepts • Annotation and Encoding Scheme • Enforcing and Verifying Security Requirements • Implementation and Experimental Results • Conclusion and Future Work
  • 36. Conclusion and Future Work • We presented an interesting approach to secure XML documents while preserving the structure • We plan to extend the work presented to – Explore ways to reduce the signing time – Explore possible hybrid combinations of our approach and the standard approach • We are planning to publish the library under ASF license