Securing XML data in third-party distribution systems

Web-based third-party architectures for data publishing are today receiving growing attention, due to their scalability and the ability to efficiently manage large numbers of users and great amounts of data. A third-party architecture relies on a distinction between the Owner and the Publisher of information. The Owner is the producer of information, whereas Publisher provides data management services and query processing functions for (a portion of) the Owner's information. In such architecture, there are important security concerns especially if we do not want to make any assumption on the trustworthy of the Publishers. Although approaches have been proposed [4, 5] providing partial solutions to this problem, no comprehensive framework has been so far developed able to support all the most important security properties in the presence of an untrusted Publisher. In this paper, we develop an XML-based solution to such problem, which makes use of non-conventional digital signature techniques and queries over encrypted data.

[1]  Sharad Mehrotra,et al.  Querying Encrypted XML Documents , 2006, 2006 10th International Database Engineering and Applications Symposium (IDEAS'06).

[2]  Elisa Bertino,et al.  Assuring Security Properties in Third-party Architectures , 2005, ICDE.

[3]  Ralph C. Merkle,et al.  A Certified Digital Signature , 1989, CRYPTO.

[4]  Elisa Bertino,et al.  Secure and selective dissemination of XML documents , 2002, TSEC.

[5]  Michael Gertz,et al.  Flexible authentication of XML documents , 2001, CCS '01.

[6]  Elisa Bertino,et al.  Selective and authentic third-party distribution of XML documents , 2004, IEEE Transactions on Knowledge and Data Engineering.

[7]  Hakan Hacigümüs,et al.  Providing database as a service , 2002, Proceedings 18th International Conference on Data Engineering.

[8]  Hakan Hacigümüs,et al.  Executing SQL over encrypted data in the database-service-provider model , 2002, SIGMOD '02.

[9]  Dan Suciu,et al.  Controlling Access to Published Data Using Cryptography , 2003, VLDB.