Skip to main content
SpringerLink
Log in

A system for securing push-based distribution of XML documents

  • Regular Contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

Push-based systems for distributing information through Internet are today becoming more and more popular and widely used. The widespread use of such systems raises non trivial security concerns. In particular, confidentiality, integrity and authenticity of the distributed data must be ensured. To cope with such issues, we describe here a system for securing push distribution of XML documents, which adopts digital signature and encryption techniques to ensure the above mentioned properties and allows the specification of both signature and access control policies. We also describe the implementation of the proposed system and present an extensive performance evaluation of its main components.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Similar content being viewed by others

References

  1. Al-Mogren, A., Dunham, M.: Data broadcast classification. In: IEEE pp 221–241 (2005)

  2. Atallah, M.J., Frikken, K.B., Blanton, M.: Dynamic and efficient key management for access hierarchies. In: ACM CCS (2005)

  3. Bellare, M., Rogaway, P.: Encode-then-encipher encryption: how to exploit nonces or redundancy in plaintexts for efficient cryptography. Advances in Cryptology· Asiacrypt 00 LNCS (1976) (2000)

  4. Bertino, E., Carminati, B., Ferrari, E.: A temporal key management scheme for broadcasting XML documents. In: Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS’02) (2002)

  5. Bertino, E., Carminati, B., Ferrari, E.: Securing XML data in third-party distribution systems. In: CIKM ’05: proceedings of the 14th ACM international conference on information and knowledge management, pp 99–106. ACM Press, New York (2005)

  6. Bertino E., Castano S. and Ferrari E. (2001). Author- x: a comprehensive system for securing XML documents. IEEE Internet Comput. 5(3): 21–31

    Article  Google Scholar 

  7. Bertino E. and Ferrari E. (2003). Secure and selective dissemination of XML documents. ACM Trans. Inform. Syst. Secur. 5(3): 290–331

    Article  Google Scholar 

  8. Bertino E., Ferrari, E., Parasiliti Provenza, L.: Signature and access control policies for XML documents. In: Proceedings of 8th European symposium on research in computer security (ESORICS 2003) LNCS 2808(3):1–22 (2003)

  9. Bertino E. and Sandhu R. (2005). Database security—concepts, approaches and challenges. IEEE Trans. Dependable Secure Comput. 2(1): 2–19

    Article  Google Scholar 

  10. Castano S., Fugini M., Martella G., Samarati P.: Secure database systems. In: Diaz O., Piattini M. (eds.), Advanced Databases: Technology and Design, Artech House, London (2000)

  11. Chaum D., van Heijst, E.: Group signatures. In: Eurocrypt 91, vol. 547, pp 257–265. Springer, Berlin (1991)

  12. Chiou, G.H., Chen, W.T.: Secure broadcasting using the secure lock. IEEE Trans. Softw. Eng. 15(8) (1989)

  13. Desmedt Y. and Frankel Y. (1989). Threshold cryptosystems. Cryptology Crypto 89: 307–315

    Google Scholar 

  14. Deutsch, A., Fernandez, M., Florescu, D., Levy, A., Suciu, D.: A query language for xml. In: Int’l Conference on World Wide Web. (1999) Available at: http://www.research.att.com/suciu

  15. Devanbu P.T., Gertz M. and Kwong A. (2004). Flexible authentication of xml documents. J. Compu. Secur. 12(6): 841–864

    Google Scholar 

  16. Devanbu, P.T., Gertz, M., Martel, C.U., Stubblebine, S.G. Authentic third-party data publication. In: DBSec, pp 101–112 (2000)

  17. ElGamal T. (1985). A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. Info. Theory 31: 469–472

    Article  MATH  MathSciNet  Google Scholar 

  18. eXcelon Corporation: eXcelon XML Platform (2001). Available at http://www.exln.com

  19. Ferraiolo D.F., Sandhu R.S., Gavrila S.I., Kuhn D.R. and Chandramouli R. (2001). Proposed nist standard for role-based access control. TISSEC 4(3): 224–274

    Article  Google Scholar 

  20. Fiat A., Noar M. (1994) Broadcast encryption. Advances in Cryptology (Crypto 93) LNCS (773):480–491

  21. Gladney H., Lotspiech J. (1997) Safeguarding digital library contents and users. D-Lib Magazine. (1997) Available at http://www.dlib.org/dlib/may97/ibm/05gladney.html

  22. Hacigümüs H., Iyer B.R., Li C., Mehrotra S.: Executing sql over encrypted data in the database-service-provider model. In: SIGMOD Conference, pp 216–227 (2002)

  23. Hacigümüs H., Mehrotra S., Iyer B.R.: Providing database as a service. In: ICDE, pp 29–38 (2002)

  24. IBM: CryptolopeTM (1996). Available at http://domino.research.ibm.com/comm/wwwr_thinkresearch.nsf/pages/packinginfo396.html

  25. List, X.D.M.: Simple API for XML (SAX). (1998) Under the coordination of David Megginson. Available at http://www.saxproject.org/

  26. M., B., C., N.: Authenticated encryption: relations among notions and analysis of the generic composition paradigm. ASIACRYPT 5(3), 290–331 (2000)

  27. Malone-Lee, J., Mao, W.: Signcryption using RSA. CT-RSA LNCS (2612), 211–225 (2003)

  28. Martel C.U., Nuckolls G., Devanbu P.T., Gertz M., Kwong A. and Stubblebine S.G. (2004). A general model for authenticated data structures.. Algorithmica 39(1): 21–41

    Article  MATH  MathSciNet  Google Scholar 

  29. Merkle, R.C.: A certified digital signature. Advances in Cryptology-Crypto ’89 (1989)

  30. Micali, S., Ohta, K., Reyzin, L.: Accountable-subgroup multisignatures. In: ACM Conference on Computer and Communications Security, pp 245–254. ACM Press, New York (2001)

  31. Mykletun, E., Narasimha, M., Tsudik, G.: Authentication and integrity in outsourced databases. In: NDSS (2004)

  32. Narasimha, M., Tsudik, G.: Dsac: integrity for outsourced databases with signature aggregation and chaining. In: CIKM, pp 235–236 (2005)

  33. Pang, H., Jain, A., Ramamritham, K., Tan, K.L.: Verifying completeness of relational query results in data publishing. In: SIGMOD Conference, pp 407–418 (2005)

  34. Pang, H., Tan, K.L.: Authenticating query results in edge computing. In: ICDE, pp 560–571 (2004)

  35. Pollmann, C.G.: The XML security page. Available at http://www.nue.et-inf.uni-siegen.de/g̃euer-poll-mann/xml_security.html

  36. Rivest R.L., Shamir A. and Adleman L.M. (1978). A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21: 120–126

    Article  MATH  MathSciNet  Google Scholar 

  37. Rivest, R.L., Shamir, A., Tauman, Y.: How to leak a secret. In: ASIACRYPT 2001, vol. 2248, pp 552–565. Springer, Berlin (2001)

  38. Shamir A. (1979). How to share a secret.. Commun. ACM 22: 612–613

    Article  MATH  MathSciNet  Google Scholar 

  39. Song, D.X., Wagner, D., Perrig, A.: Practical techniques for searches on encrypted data. In: IEEE Symposium on Security and Privacy, pp 44–55 (2000)

  40. Stallings, W.: Network Security Essentials: Applications and Standards. Prentice Hall, Englewood Cliff (2000)

  41. W3C: Document Object Model (DOM) (1998) Available at http://www.w3.org/DOM

  42. W3C: XML Path Language (XPath). (1999) Available at http://www.w3.org/TR/xpath/

  43. W3C: XML-Encryption Syntax and Processing (2000). Available at http://lists.w3.org/Archives/Public/xml-encryption/2000Aug/att-0001/01-xmlencoverview.html

  44. W3C: XML-Signature Syntax and Processing (2002). Available at http://www.w3.org/TR/xmldsig-core/

  45. Zhang, J., Varadharajan, V., Mu, I.: Securing XML document sources and their distribution. In: Proceedings of the 18th international conference on advanced information networking and application (AINA’04) (2004)

  46. Zheng, Y.: Digital signcryption or how to achieve cost (signature & encryption)   <  <   cost (signature) + cost (encryption). CRYPTO’97 LNCS (1294), 165–179 (1997)

  47. Zheng, Y.: Identification, signature and signcryption using high order residues modulo an rsa composite. Public Key Cryptography (PKC 2001) LNCS (1992), 48–63 (2001)

Download references

Author information

Authors and Affiliations

  1. CERIAS and CS & ECE Departments, Purdue University, West Lafayette, IN, 47907-2086, USA

    Elisa Bertino

  2. Department of Computer Science and Communication, University of Insubria, Via Mazzini, 5, 21100, Varese, Italy

    Elena Ferrari

  3. DICO, University of Milan, Via Comelico, 39/41, 20135, Milano, Italy

    Federica Paci & Loredana Parasiliti Provenza

Authors
  1. Elisa Bertino
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Elena Ferrari
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Federica Paci
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Loredana Parasiliti Provenza
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Loredana Parasiliti Provenza.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Bertino, E., Ferrari, E., Paci, F. et al. A system for securing push-based distribution of XML documents. Int. J. Inf. Secur. 6, 255–284 (2007). https://doi.org/10.1007/s10207-007-0020-3

Download citation

  • Received:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-007-0020-3

Keywords

Search

Navigation