XML Meta Documents Security Based on Extended Provisional Authorization

XML Meta Documents Security Based on Extended Provisional

Authorization

Presentation Contents

• XML Introduction.• Research in XML

security• Bertino et.al Security• Diamino et.al Security• Security comparaison• Kuto et.al Security

• SOAP E-service Access control

• XML Meta Document Security Model

What is XML ?• XML (Extensible Markup Language) is a

flexible way to create common information formats and share both the format and the data on the World Wide Web

• XML is a method for putting structured data in a text file.

• XML looks a bit like HTML but isn't HTML

XML allows the creation of an unlimited number of different markup languages for different purposes

XMLParser

DataL1

DTDL1 Web browser

output

XML Document

Categories in XML Security

XML Security in General

XML Encryption

XML Server access side control

XML Server Side Access Control

Related Research

• Three different access control model are developed.

• All of them are relatively similar with minor differences between each other.

• Some modification can be done to include all the of the advantages of the three models

Bertino et.al model

Present an XML compliant formalism for specifying subject credentials and security policies for Web documents, more over they describes subscription_based schemas for accessing distributed web documents

Model security policy

• XML policy base template– Which subject can exercise which privilege on

which document / part of document within a document source.

– Two types of policies: +ve policy & -ve policy.– Include propagation options.

Browsing and Authoring

• Browsing privileges allow subjects to read the information in an element or to navigate through its links or both.– Read privilege : Authorizes a subject to view an

element and/or (some of) its components– The navigate privilege: Authorizes a subject to

see the existence of a specific link or of all the links in a given element and to navigate through them

Browsing and Authoring

• Authoring privileges allow subjects to modify (or delete) the content of an element or to append new information in an element.– The append privilege: allows a subject to

write information in an element without deleting any pre-existing information.

– The write privilege: allows a subject to modify the content of an element and to include links in the element.

Author X

• Author-X supports positive and negative authorizations for browsing and authoring privileges with controlled propagation.

• Core functionalities of access control and authorization base management have been implemented as Java server extensions on top of the data server.

Damiani et al. model

They define an XML markup for a set of security elements describing the requirements of XML documents. This security markup can be used to define both instance and schema level authorizations with the granularity of XML elements.

Damiani et.al model• Their security markup allows expressing different

protection requirements with support of exceptions.

• They also present a recursive propagation algorithm, which ensure fast online computation of such view on XML documents requested via HTTP connection or a query.

Access Authorization

• At each server, the access authorization specifies the actions that subjects are allowed/ forbidden to exercise on the objects stored on the server side.

• Authorization can be either positive or negative. The authorization specified on an element can be either applicable on the element attribute only, or to it’s sub elements and their attributes.

• Authorization can be specified on single XML documents or on DTD or schema level.

Requester view on documents• Consist of Document tree labeling and

transformation Process the view of a subject on a document depends on the access permissions and denial specified by the authorizations and their priorities. They compute that view through a tree labeling process. In that process, each node ( of the document tree) might have more than one sign (+,-) corresponding to authorizations of different types. In the transformation process, the requester is allowed to access all elements and attributes whose label is positive.

Models Comparison

• Damiani et al. does not consider the case of documents not conforming/partially conforming to a DTD. Therefore, the model does not provide any support to the Security Administrator for dealing with such documents

Models comparison

• Damiani et al. does not provide access control modes specific to XML documents. It only provides the read access mode.

• Damiani et al. model was at a early stage of design and has not been implemented yet.

• Damiani et al. only present a behavioral model, not a language.

Kudo et.al model

• Try to complete Damiani et al. model.• deal with not only with the read function.

(“action” as defined below) but also with write, create, and delete capabilities.

• describe an access control specification language defined in XML.

Kudo et.al model• Almost all studies in access control and

authorization systems have assumed the following model: “A user makes an access request of a system in some context, and the system either authorizes the access request or denies it.”

• Kudo et. al propose the notion of a provisional authorization which tells the user that his request will be authorized provided he (and/or the system) takes certain security actions such as signing his statement prior to authorization of his request.

Authorization Architecture

Authorization Architecture

• PAM :makes a set of authorization decisions based on the authorization policies.

• REM :executes object transformation operations according to the authorization decisions. Finally, the REM updates or returns an authorization result that corresponds to the securely transcoded target document.

• security transcoding implies two types of transformations: data retrieval and modification.

Kudo et.al model _ XACL• XACL is an access control language based on the

provisional authorization model. • The primary purpose of of XACL is to enable

security policy programmers to write flexible authorization policies in XML.

• to bind a set of policies written in XACL with target documents. There are two fundamental approaches. One is at the schema definition (e.g. DTD) level and the other is at the level of each specific document .

Web Applications

• Since a Web application is assumed to be using the HTTP protocol, the client’s browser initiates the communication and the server responses to it.

• The browser requests a Web page from the Web server.

• After the client is authenticated, the HTTP parameters containing the XML file name and the target element name are sent to the presentation processor that constructs an authorization request for the PAM.

• Then the REM generates securely the transcoded authorization result. The presentation processor generates dynamic HTML and/or a JavaScript Web page by calling, for example, an XSLT processor that converts XML to HTML and/or JavaScript.

• After viewing the HTML page sent by the Web server, the client sends data that may contain input values and/or a signature value to the Web server. When the browser signs the input data, the KeyStore is used to store the client’s private key.

• After receiving the input parameters, the presentation processor makes an authorization request for a write action for specific elements. The REM may verify the signature and/or update the target element. The server’s KeyStore is used to retrieve the signer’s public key or to sign the input value using the server's private key.

Web Applications

• For example, a securely transcoded cyber-catalogue in HTML format is returned to the client, although the original cyber-catalogue that may contain information of higher security class is represented in XML format.

• Using the HTTP Put mode is, a purchase order document stored in the Web server in XML format is securely updated with purchase order parameters submitted in HTML format.

Fine Grained Access Control for SOAP E-Services

Architecture of the Authorization Filter

• User Repository: Describes the users, groups and roles on which authorizations are defined.

• Authorization Repository: Describes all the privileges that are granted to users/groups/roles.

• Certification Engine: Evaluates the correctness of the certificates provided with the request.

• Authorization Engine: Applies a model to a given request instance to determine if the request must be restricted by the filter or can pass unaltered through it.

• The conversion from the textual XML payload to an internal representation is the responsibility of an XML parser.

• Depending on the degree of integration, the request can be forwarded to the SOAP gateway after it has been again serialized by the XML parser, or it can be directly passed in an internal format.

The Authorization Engine

• reacts to the receipt of a request and parses its <Header> element to determine the subject. If the subject presents a user id and a password, it asks to the User Repository the hashed password of the user; if the comparison is successful, the user is authenticated. If the subject presents credentials, each one of them is verified with the Certification Engine.

The Authorization Engine

• For every verified certificate, the corresponding role is associated with the subject. Then, the Authorization Engine retrieves all the authorizations whose object is in the request and for each of them asks the User Repository to verify if its subject corresponds to the actual subject producing the request.

Meta Data Representation

• Although it is possible to use XML directly as a description format for metadata, W3C proposes the use of the Resource Description Framework (RDF) as a framework for the purpose of metadata description.

• XML is used as the syntax in RDF

RSS• RDF Site Summary (RSS) is a lightweight

multipurpose extensible metadata description and syndication format. RSS is an XML application, conforming to the W3C's RDF Specification. RSS is extensible via XML-namespace and/or RDF based modularization.

RSS

• While items have traditionally been news headlines, RSS has seen much repurposing in its short existence.

• An RSS summary, at a minimum, is a document describing a "channel" consisting of URL-retrievable items. Each item consists of a title, link, and brief description.

DATA

DATADATA

Auth. Repos. Interface

Authorization Engine Certification Engine Interface

User Repos. Interface

Provisional Authorization Model

RSS Doc.

XML parser

XML Meta Doc. security based on extended Provisional authorization

Applying Security Model for metadata

• Using Damiani latest paper, some security enhancement can be added to his model to provide support to metadata files.

• The adjustments shall be in the Authorization repository , in a way that detect if the subject is requesting a metadata file.

• Some adjustments shall be added in the Authorization engine to manage contacting all the metadata components.

• If the subject requests a metadata file, to access other systems, the provisional authorization model provided by kudo will be borrowed.

• Using Kudo provisional authorization module, the authorization engine will contact the metadata components, and retrieve the required authentication information to access all/part of the metadata along with the source public key.

• The authorization engine will notify the subject with the required authentications , the subject send his user id and password encrypted with the source public key via the authorization engine

• The authorization engine receive the required documents, after subject authentication and send it to the subject via the XML parser.

• The Subject can update the metadata file encrypt it with it’s private key and send back to the source server via the application engine.

• The source server decrypt the subject private key and update the metafiles.

Thank You for Your Time