Abstract
Secure publication over the Internet of XML data is becoming a crucial need as XML is rapidly becoming a standard for document representation and exchange over the Web. Publishing services must have a mechanism that ensures that a user receives all and only those portions of information he/she is entitled to access (for instance those for which the user has paid a subscription fee). Furthermore, such a mechanism must ensure that these contents are not eavesdropped during their transmission from the publishing service to the user. In this paper, we propose an architecture for secure publishing of XML documents. Distinguishing features of our proposal is the flexibility the publishing service offers both in terms of the way users can select the contents they are interested in and in the way the contents are delivered to users. Secure content delivery to users is obtained through the use of different encryption schemes, which ensure that only subscribed users can access the contents managed by the publishing service. In the paper, we first present an overall view of the proposed approach. We then introduce the components of the architecture and the encryption schemes we have developed. Finally, we present algorithms for information delivery to users.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
E. Bertino, B. Carminati, E. Ferrari, B. Thuraisingham, A. Gupta. Selective and Authentic Third-party Distribution of XML Document. Tecnical Report DSI, University of Milano. Submitted for publication.
E. Bertino, S. Castano, E. Ferrari. Securing XML Documents: the Author-X Project Demonstration. In Proc. of the ACM SIGMOD 2001 Conference, Santa Barbara, CA, May 2001.
E. Bertino, S. Castano, E. Ferrari and M. Mesiti. Specifying and Enforcing Access Control Policies for XML Document Sources. World Wide Web Journal, Baltzer Science Publishers, 3(3), 2000.
G.C. Chick, S.E. Tavares. Flexible Access Control with Master Keys. In Proc. of the Conference on Advances in Crypology (EUROCRYPT ’89), pages 316–322, 1998.
C. Geuer Pollmann. The XML Security Page. http://www.nue.et-inf.uni-siegen.de/~geuer-pollmann/xmlsecurity.html
S. Halevi, and E. Petrank. Storing classified file. Available at ftp://theory.lcs.mit.edu/pub/people/shaih/classify.ps.gz
M. Moyer, J.R. Rao, P. Rohatgi. A Survey of Security Issues in Multicast Communications. IEEE Network 13, 6(Nov/Dec), 16–23, 1999.
RSA Data Security Inc. http://www.rsa.com
W. Stallings. Network Security Essentials: Applications and Standars. Prentice Hall, 2000.
A. Wool. Key Management for Encrypted Broadcast. ACM Transactions on Information and System Security, Vol. 3, 107–134, May 2000.
Word Wide Web Consortium. Extensible Markup Language (XML) 1.0, 1998.
World Wide Web Consortium (dy1999). XML Path Language (Xpath) 1.0. http://www.w3.org/TR/xpath.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bertino, E., Carminati, B., Ferrari, E. (2001). A Secure Publishing Service for Digital Libraries of XML Documents. In: Davida, G.I., Frankel, Y. (eds) Information Security. ISC 2001. Lecture Notes in Computer Science, vol 2200. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45439-X_24
Download citation
DOI: https://doi.org/10.1007/3-540-45439-X_24
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-42662-2
Online ISBN: 978-3-540-45439-7
eBook Packages: Springer Book Archive