research-article

Security analysis of cryptographically controlled access to XML documents

Authors:

Martín Abadi,

Bogdan WarinschiAuthors Info & Claims

Journal of the ACM (JACM), Volume 55, Issue 2

Article No.: 6, Pages 1 - 29

https://doi.org/10.1145/1346330.1346331

Published: 15 May 2008 Publication History

Get Access

Abstract

Some promising recent schemes for XML access control employ encryption for implementing security policies on published data, avoiding data duplication. In this article, we study one such scheme, due to Miklau and Suciu [2003]. That scheme was introduced with some intuitive explanations and goals, but without precise definitions and guarantees for the use of cryptography (specifically, symmetric encryption and secret sharing). We bridge this gap in the present work. We analyze the scheme in the context of the rigorous models of modern cryptography. We obtain formal results in simple, symbolic terms close to the vocabulary of Miklau and Suciu. We also obtain more detailed computational results that establish security against probabilistic polynomial-time adversaries. Our approach, which relates these two layers of the analysis, continues a recent thrust in security research and may be applicable to a broad class of systems that rely on cryptographic data protection.

References

[1]

Abadi, M., and Rogaway, P. 2002. Reconciling two views of cryptography (The computational soundness of formal encryption). J. Crypt. 15, 2, 103--127.

Digital Library

Google Scholar

[2]

Adam, N. R., and Worthmann, J. C. 1989. Security-control methods for statistical databases: A comparative study. ACM Comput. Surv. 21, 4, 515--556.

Digital Library

Google Scholar

[3]

Backes, M., Pfitzmann, B., and Waidner, M. 2003. A composable cryptographic library with nested operations. In Proceedings of the 10th ACM Conference on Computer and Communications Security. ACM, New York, 220--330. (Long version: IACR ePrint Archive, Report 2003/015.)

Digital Library

Google Scholar

[4]

Bellare, M., and Rogaway, P. 2005. Introduction to modern cryptography. (Available at: http://www.cs.ucsd.edu/~mihir/cse207/classnotes.html.)

Google Scholar

[5]

Bertino, E., Carminati, B., and Ferrari, E. 2002. A temporal key management scheme for secure broadcasting of XML documents. In Proceedings of the 8th ACM Conference on Computer and Communications Security. ACM, New York, 31--40.

Digital Library

Google Scholar

[6]

Bertino, E., Castano, S., and Ferrari, E. 2001. Author-X: A comprehensive system for securing XML documents. IEEE Internet Comput. 5, 3, 21--31.

Digital Library

Google Scholar

[7]

Canetti, R., Dwork, C., Goldreich, O., and Naor, M. 1996. Adaptively secure multiparty computation. In Proceedings of the 28th ACM Symposium on Theory of Computing. ACM, New York, 639--648.

Digital Library

Google Scholar

[8]

Castano, S., Fugini, M. G., Martella, G., and Samarati, P. 1995. Database Security. Addison-Wesley -- ACM Press, New York.

Digital Library

Google Scholar

[9]

Crampton, J. 2004. Applying hierarchical and role-based access control to XML documents. In Proceedings of the ACM Workshop on Secure Web Services. ACM, New York, 41--50.

Digital Library

Google Scholar

[10]

Damiani, E., de Capitani di Vimercati, S., Paraboschi, S., and Samarati, P. 2002. A fine-grained access control system for XML documents. ACM Trans. Inf. Syst. Sec. 5, 2, 169--202.

Digital Library

Google Scholar

[11]

Dolev, D., Dwork, C., and Naor, M. 2000. Non-malleable cryptography. SIAM J. Comput. 30, 2, 391--437.

Digital Library

Google Scholar

[12]

Dwork, C., Naor, M., Reingold, O., and Stockmeyer, L. J. 2003. Magic functions. J. ACM 50, 6, 852--921.

Digital Library

Google Scholar

[13]

Eastlake, D., and Reagle, J. 2002. XML encryption syntax and processing. http://www.w3.org/TR/xmlenc-core.

Google Scholar

[14]

Gifford, D. K. 1982. Cryptographic sealing for information secrecy and authentication. Commun. ACM 25, 4, 274--286.

Digital Library

Google Scholar

[15]

Goldwasser, S., and Micali, S. 1984. Probabilistic encryption. J. Comput. Syst. Sci. 28, 270--299.

Crossref

Google Scholar

[16]

Herzog, J. 2004. Computational soundness for standard assumptions of formal cryptography. Ph.D. dissertation, Massachusetts Institute of Technology, Cambridge, MA.

Digital Library

Google Scholar

[17]

Kudo, M., and Hada, S. 2000. XML document security based on provisional authorization. In Proceedings of the 7th ACM Conference on Computer and Communications Security. ACM, New York, 87--96.

Digital Library

Google Scholar

[18]

Laud, P. 2004. Symmetric encryption in automatic analyses for confidentiality against active adversaries. In Proceedings of the 2004 IEEE Symposium on Security and Privacy. IEEE Computer Society Press, Los Alamitos, CA, 71--85.

Google Scholar

[19]

Micciancio, D. 2004. Towards computationally sound symbolic security analysis. (Talk at DIMACS; slides available at: http://dimacs.rutgers.edu/Workshops/Protocols/slides/micciancio.pdf.)

Google Scholar

[20]

Micciancio, D., and Panjwani, S. 2005. Adaptive security of symbolic encryption. In Proceedings of the Symposium on Theory of Cryptography Conference (TCC 2005). Springer-Verlag, New York, 169--187.

Digital Library

Google Scholar

[21]

Micciancio, D., and Panjwani, S. 2006. Corrupting one vs. corrupting many: The case of broadcast and multicast encryption. In Automata, Languages and Programming, 33rd International Colloquium, Proceedings, Part II. Springer-Verlag, New York, 70--82.

Digital Library

Google Scholar

[22]

Micciancio, D., and Warinschi, B. 2004. Soundness of formal encryption in the presence of active adversaries. In Proceedings of the Theory of Cryptography Conference (TCC 2004). Springer-Verlag, New York, 133--151.

Crossref

Google Scholar

[23]

Miklau, G., and Suciu, D. 2003. Controlling access to published data using cryptography. In VLDB 2003: 29th International Conference on Very Large Data Bases. ACM, New York, 898--909.

Digital Library

Google Scholar

[24]

Shamir, A. 1979. How to share a secret. Commun. ACM 22, 11, 612--613.

Digital Library

Google Scholar

[25]

Ullman, J. 1983. Principles of Database Systems. Computer Science Press, Potomac, MD.

Digital Library

Google Scholar

[26]

Yang, X., and Li, C. 2004. Secure XML publishing without information leakage in the presence of data inference. In VLDB 2004: 30th International Conference on Very Large Data Bases. ACM, New York, 96--107.

Digital Library

Google Scholar

Cited By

View all

Micciancio D(2019)Symbolic Encryption with Pseudorandom KeysAdvances in Cryptology – EUROCRYPT 201910.1007/978-3-030-17659-4_3(64-93)Online publication date: 19-May-2019
https://dl.acm.org/doi/10.1007/978-3-030-17659-4_3
Li BMicciancio D(2018)Symbolic Security of Garbled Circuits2018 IEEE 31st Computer Security Foundations Symposium (CSF)10.1109/CSF.2018.00018(147-161)Online publication date: Jul-2018
https://doi.org/10.1109/CSF.2018.00018
Alderman JCrampton JFarley NBertino ESandhu RWeippl E(2017)A Framework for the Cryptographic Enforcement of Information Flow PoliciesProceedings of the 22nd ACM on Symposium on Access Control Models and Technologies10.1145/3078861.3078868(143-154)Online publication date: 7-Jun-2017
https://dl.acm.org/doi/10.1145/3078861.3078868
Show More Cited By

Index Terms

Security analysis of cryptographically controlled access to XML documents

Recommendations

Design of access control system for telemedicine secure XML documents

XML can supply the standard data type in information exchange format on a lot of data generated in running database or applied programs for a company by using the advantage that it can describe meaningful information directly. Accordingly since there ...
Security Analysis of a Privacy-Preserving Decentralized Key-Policy Attribute-Based Encryption Scheme

In a decentralized attribute-based encryption (ABE) system, any party can act as an authority by creating a public key and issuing private keys to different users that reflect their attributes without any collaboration. Such an ABE scheme can eliminate ...
Applying hierarchical and role-based access control to XML documents
SWS '04: Proceedings of the 2004 workshop on Secure web service

W3C Recommendations XML Encryption and XML-Digital Signature can be used to protect the confidentiality of and provide assurances about the integrity of XML documents transmitted over an insecure medium. The focus of this paper is how to control access ...

Reviews

Reviewer: Burkhard Englert

The ability to enforce policies on online access to data is a crucial ingredient of any viable Web technology. Recently, several elaborate schemes for fine-grained control of access to published Extensible Markup Language (XML) documents were developed. Instead of producing many versions of the same data for each potential user group, these policies avoid data duplication by relying on cryptography. For example, these policies allow users to publish medical records as XML documents so that only authorized users can see their contents. In 2003, Miklau and Suciu developed a policy query language that implements fine-grained access policies on XML documents and a corresponding logical model based on the concept of protection [1]. They showed how to translate consistent policies into protections and how to subsequently implement protections through XML encryption. Their analysis, however, does not address the question of whether the used cryptographic keys and encryption techniques correctly implement the abstract notion of protection. In this paper, Abadi and Warinschi address and bridge this crucial gap. They replace Miklau and Suciu's informal concept of data secrecy with a strong cryptographic definition. The authors use the following notion of security: assume that an adversary is given an arbitrary set of keys and the ability to select two instantiations for the data in all nodes that occur in an XML document; these two instantiations must coincide on the nodes to which the adversary has rightful access according to its keys, but may differ elsewhere. Given the partially encrypted document that corresponds to one of its two documents, the adversary must now decide which of the two instantiations was used in generating the partially encrypted document. Security means that the adversary cannot do much better than picking at random. Using a more formal version of this notion of security, the authors are able to prove that the encryption-based techniques suggested by Miklau and Suciu secure XML data. After a short introduction in Section 1, the paper reviews XML access control with protections in Section 2. In Section 3, the authors introduce a formal language to represent cryptographic expressions. The main result, showing that protections are secure, is presented in Section 4. Section 5 discusses some extensions, and the conclusions are presented in Section 6. I highly recommend this well-written paper. It makes a significant contribution, since its approach may serve as a blueprint for other researchers in their attempts to bridge the gap between the design and implementation of online security on one hand, and a strong guarantee of online security on the other. Online Computing Reviews Service

Access critical reviews of Computing literature here

Become a reviewer for Computing Reviews.

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

Journal of the ACM Volume 55, Issue 2

May 2008

282 pages

ISSN:0004-5411

EISSN:1557-735X

DOI:10.1145/1346330

Issue’s Table of Contents

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 15 May 2008

Accepted: 01 May 2007

Received: 01 January 2007

Published in JACM Volume 55, Issue 2

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Funding Sources

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

15
Total Citations
View Citations
1,255
Total Downloads

Downloads (Last 12 months)5
Downloads (Last 6 weeks)1

Reflects downloads up to 18 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Micciancio D(2019)Symbolic Encryption with Pseudorandom KeysAdvances in Cryptology – EUROCRYPT 201910.1007/978-3-030-17659-4_3(64-93)Online publication date: 19-May-2019
https://dl.acm.org/doi/10.1007/978-3-030-17659-4_3
Li BMicciancio D(2018)Symbolic Security of Garbled Circuits2018 IEEE 31st Computer Security Foundations Symposium (CSF)10.1109/CSF.2018.00018(147-161)Online publication date: Jul-2018
https://doi.org/10.1109/CSF.2018.00018
Alderman JCrampton JFarley NBertino ESandhu RWeippl E(2017)A Framework for the Cryptographic Enforcement of Information Flow PoliciesProceedings of the 22nd ACM on Symposium on Access Control Models and Technologies10.1145/3078861.3078868(143-154)Online publication date: 7-Jun-2017
https://dl.acm.org/doi/10.1145/3078861.3078868
Liu BWarinschi B(2016)Universally Composable Cryptographic Role-Based Access ControlProceedings of the 10th International Conference on Provable Security - Volume 1000510.1007/978-3-319-47422-9_4(61-80)Online publication date: 10-Nov-2016
https://dl.acm.org/doi/10.1007/978-3-319-47422-9_4
Chen LEdwards PNelson JNorman T(2015)An access control model for protecting provenance graphs2015 13th Annual Conference on Privacy, Security and Trust (PST)10.1109/PST.2015.7232963(125-132)Online publication date: Jul-2015
https://doi.org/10.1109/PST.2015.7232963
Ferrara AFachsbauer GLiu BWarinschi B(2015)Policy Privacy in Cryptographic Access ControlProceedings of the 2015 IEEE 28th Computer Security Foundations Symposium10.1109/CSF.2015.11(46-60)Online publication date: 13-Jul-2015
https://dl.acm.org/doi/10.1109/CSF.2015.11
Yao ZXiong JMa JLi QLiu X(2013)Access control requirements for structured document in cloud computingInternational Journal of Grid and Utility Computing10.1504/IJGUC.2013.0562444:2/3(95-102)Online publication date: 1-Sep-2013
https://dl.acm.org/doi/10.1504/IJGUC.2013.056244
Ferrara AFuchsbauer GWarinschi B(2013)Cryptographically Enforced RBACProceedings of the 2013 IEEE 26th Computer Security Foundations Symposium10.1109/CSF.2013.15(115-129)Online publication date: 26-Jun-2013
https://dl.acm.org/doi/10.1109/CSF.2013.15
Zhang Fan Li Zhoujun (2012)Computationally sound analysis of Diffie-Hellman-based protocols and encryption cycles2012 IEEE International Conference on Oxide Materials for Electronic Engineering (OMEE)10.1109/OMEE.2012.6343589(402-404)Online publication date: Sep-2012
https://doi.org/10.1109/OMEE.2012.6343589
Lei XXue RYu T(2011)Computational soundness about formal encryption in the presence of secret shares and key cyclesProceedings of the 13th international conference on Information and communications security10.5555/2075719.2075724(29-41)Online publication date: 23-Nov-2011
https://dl.acm.org/doi/10.5555/2075719.2075724
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Design of access control system for telemedicine secure XML documents

Security Analysis of a Privacy-Preserving Decentralized Key-Policy Attribute-Based Encryption Scheme

Applying hierarchical and role-based access control to XML documents

Reviews

Access critical reviews of Computing literature here