dr. bhavani thuraisingham september 2006 building trustworthy semantic webs lecture #5 ] xml and xml...
TRANSCRIPT
Dr. Bhavani Thuraisingham
September 2006
Building Trustworthy Semantic Webs
Lecture #5]
XML and XML Security
5-204/21/23 12:20
Objective of the Unit
0 This unit will provide an overview of XML and then discuss some security issues
5-304/21/23 12:20
Outline of the Unit
0 XML Elements
0 XML Attributes
0 XML DTD
0 XML Schema
0 XML Namespaces
0 Federations
0 Policy/Credential
0 Access Control
0 Third Party Publication
0 XML Databases
0 Inference Control
5-404/21/23 12:20
What is XML all about?
0 XML is needed due to the limitations of HTML and complexities of SGML
0 It is an extensible markup language specified by the W3C (World Wide Web Consortium)
0 Designed to make the interchange of structured documents over the Internet easier
0 Key to XML used to be Document Type Definitions (DTDs)- Defines the role of each element of text in a formal model
0 XML schemas have now become critical to specify the structure
- XML schemas are also XML documents
5-504/21/23 12:20
XML Elements
XML StatementJohn Smith is a Professor in Texas
This can be expressed as follows:
<Professor><name> John Smith </name><state> Texas </state>
</Professor>
5-604/21/23 12:20
XML Elements
Now suppose this data can be read by anyone then we can augment the XML statement by an additional element called access as follows.
<Professor><name> John Smith </name><state> Texas </state><access> All, Read </access>
</Professor>
5-704/21/23 12:20
XML Elements
If only HR can update this XML statement, then we have the following:
<Professor><name> John Smith </name><state> Texas </state><access> HR department, Write </access>
</Professor>
5-804/21/23 12:20
XML Elements
We may not wish for everyone to know that John Smith is a professor, but we can give out the information that this professor is in Texas.
This can be expressed as:
<Professor><name> John Smith, Govt-official, Read </name><state> Texas, All, Read </state><access> HR department, Write </access>
</Professor>
5-904/21/23 12:20
XML Attributes
Suppose we want to specify to access based on attribute values. One way to specify such access is given below.
<ProfessorName = “John Smith”, Access = All, ReadSalary = “60K”, Access = Administrator, Read, WriteDepartment = “Security” Access = All, Read
</Professor
Here we assume that everyone can read the name John Smith and Department Security.
But only the administrator can read and write the salary attribute.
5-1004/21/23 12:20
XML DTD
DTDs essentially specify the structure of XML documents.
Consider the following DTD for Professor with elements Name and State.
This will be specified as:
<!ELEMENT Professor Officer (Name, State)><!ELEMENT name (#PCDATA)><!ELEMENR state (#PCDATA)><!ELEMENT access (#PCDATA).>
5-1104/21/23 12:20
XML Schema
While DTDs were the early attempts to specify structure for XML documents, XML schemas are far more elegant to specify structures.
Unlike DTDs XML schemas essentially use the XML syntax for specification.
Consider the following example:
<ComplexType = name = “ProfessorType”><Sequence><element name = “name” type = “string”/><element name = “state” type = “string”/><element name = “access” type = “strong/><Sequence>
</ComplexType>
5-1204/21/23 12:20
XML NamespacesNamespaces are used for DISAMBIGUATION
<CountryX: Academic-Institution
Xmlns: CountryX = http://www.CountryX.edu/Instution DTD”
Xmlns: USA = “http://www.USA.edu/Instution DTD”Xmlns: UK = “http://www.UK.edu/Instution DTD”
<USA: Title = CollegeUSA: Name = “University of Texas at Dallas”USA: State = Texas”
<UK: Title = UniversityUK: Name = “Cambridge University”UK: State = Cambs
</CountryX: Acedmic-Instiution>
5-1304/21/23 12:20
XML Namespaces
<Country: Academic-Institution<Access = Government-official, Read </Access>
Xmlns: CountryX = http://www.CountryX.edu/Instution DTD”
Xmlns: USA = “http://www.USA.edu/Instution DTD”Xmlns: UK = “http://www.UK.edu/Instution DTD”
<USA: Title = CollegeUSA: Name = “University of Texas at Dallas”USA: State = Texas”
<UK: Title = UniversityUK: Name = “Cambridge University”UK: State = Cambs
</CountryX: Academic-Institution>
5-1404/21/23 12:20
Federations/Distribution
Site 1 document:<Professor-name>
<ID> 111 </ID><Name> John Smith </name><State> Texas </state>
</Professor-name>
Site 2 document:<Professor-salary>
<ID> 111 </ID><salary> 60K </salary>
<Professor-salary>
5-1504/21/23 12:20
XML Query
0 XML-QL, XQuery, etc. are query languages for XML0 XPath is used for query specification
5-1604/21/23 12:20
Presentations of XML Documents
0 XSLT
5-1704/21/23 12:20
Credentials in XML
<Professor credID=“9” subID = “16: CIssuer = “2”><name> Alice Brown </name><university> University of X <university/><department> CS </department><research-group> Security </research-group>
</Professor>
<Secretary credID=“12” subID = “4: CIssuer = “2”><name> John James </name><university> University of X <university/><department> CS </department><level> Senior </level>
</Secretary>
5-1804/21/23 12:20
Policies in XML
<? Xml VERSION = “1.0” ENCODING = “utf-8”?> <Policy–base>
<policy-spec cred-expr = “//Professor[department = ‘CS’]” target = “annual_ report.xml” path = “//Patent[@Dept = ‘CS’]//Node()” priv = “VIEW”/>
<policy-spec cred-expr = “//Professor[department = ‘CS’]” target = “annual_ report.xml” path = “//Patent[@Dept = ‘EE’] /Short-descr/Node() and //Patent [@Dept = ‘EE’]/authors” priv = “VIEW”/>
<policy-spec cred-expr = - - - -
<policy-spec cred-expr = - - --
</Policy-base>
Explantaion: CS professors are entitled to access all the patents of their department. They are entitled to see only the short descriptions and authors of patents of the EE department
5-1904/21/23 12:20
Access Control Strategy0 Subjects request access to XML documents under two modes: Browsing and
authoring
- With browsing access subject can read/navigate documents- Authoring access is needed to modify, delete, append documents
0 Access control module checks the policy based and applies policy specs0 Views of the document are created based on credentials and policy specs0 In case of conflict, least access privilege rule is enforced0 Works for Push/Pull modes
5-2004/21/23 12:20
System Architecture for Access Control
UserPull/Query Push/result
XML Documents
X-Access X-AdminAdmin Tools
Policybase
Credentialbase
5-2104/21/23 12:20
Third-Party Architecture
Credential base
policy baseXML Source
User/Subject
Owner
Publisher
Query
Reply documen
t
SE-XML
credentials
0 The Owner is the producer of information It specifies access control policies
0 The Publisher is responsible for managing (a portion of) the Owner information and answering subject queries
0 Goal: Untrusted Publisher with respect to Authenticity and Completeness checking
5-2204/21/23 12:20
XML Databases
0 Data is presented as XML documents
0 Query language: XML-QL
0 Query optimization
0 Managing transactions on XML documents
0 Metadata management: XML schemas/DTDs
0 Access methods and index strategies
0 XML security and integrity management
5-2304/21/23 12:20
Inference/Privacy Control
Policies
Ontologies
Rules
XML DatabaseXMLDocumentsWeb Pages, Databases
Inference Engine/Rules Processor
Interface to the Semantic WebTechnologyBy UTD
5-2404/21/23 12:20
Example Policies
0 Temporal Access Control
- After 1/1/05, only doctors have access to medical records
0 Role-based Access Control
- Manager has access to salary information
- Project leader has access to project budgets, but he does not have access to salary information
- What happens is the manager is also the project leader?
0 Positive and Negative Authorizations
- John has write access to EMP
- John does not have read access to DEPT
- John does not have write access to Salary attribute in EMP
- How are conflicts resolved?
5-2504/21/23 12:20
Privacy Policies
0 Privacy constraints processing
- Simple Constraint: an attribute of a document is private
- Content-based constraint: If document contains information about X, then it is private
- Association-based Constraint: Two or more documents taken together is private; individually each document is public
- Release constraint: After X is released Y becomes private
0 Augment a database system with a privacy controller for constraint processing
5-2604/21/23 12:20
Summary and Directions
0 XML is widely used
0 Securing XML documents is a challenges
0 How can we specify the policies discussed in this unit in XML?
0 How can query modification be carried out for XML documents?
0 Design access control for XML databases