Secure Data Dissemination

In this chapter, we present the main security issues related to the selective dissemination of information (SDI system). More precisely, after provided an overview of the work carried out in this field, we have focused on the security properties that a secure SDI system (SSDI system) must satisfy and on some of the strategies and mechanisms that can be used to ensure them. Indeed, since XML is the today emerging standard for data exchange over the Web, we have casted our attention on Secure and Selective XML data dissemination (SSXD). As a result, we have presented a SSXD system providing a comprehensive solution to XML documents. In the proposed chapter, we also consider innovative architecture for the data dissemination, by suggesting a SSXD system exploiting the third-party architecture, since this architecture is receiving growing attention as a new paradigm for data dissemination over the web. In a third-party architecture, there is a distinction between the Owner and the Publisher of information. The Owner is the producer of the information, whereas Publishers are responsible for managing (a portion of) the Owner information and for answering user queries. A relevant issue in this architecture is how the Owner can ensure a secure dissemination of its data, even if the data are managed by a thirdparty. Such scenario requires a redefinition of dissemination mechanisms This chapter appears in the book, Information Security Policies and Actions i Modern Integrated Systems, edited by Mariagrazia Fugini and Ca lo Bellettini. Copyright © 2004, Idea Group Inc. Copying or distributing in print or electronic forms without written permission of Idea Group Inc. is prohibited. 701 E. Chocolate Avenue, Suite 200, Hershey PA 17033-1240, USA Tel: 717/533-8845; Fax 717/533-8661; URL-http://www.idea-group.com IDEA GROUP PUBLISHING Secure Data Dissemination 199 Copyright © 2004, Idea Group Inc. Copying or distributing in print or electronic forms without written permission of Idea Group Inc. is prohibited. developed for the traditional SSXD system. Indeed, the traditional techniques cannot be exploited in a third party scenario. For instance, let us consider the traditional digital signature techniques, used to ensure data integrity and authenticity. In a third party scenario, that is, a scenario where a third party may prune some of the nodes of the original document based on user queries, the traditional digital signature is not applicable, since its correctness is based on the requirement that the signing and verification process are performed on exactly the same bits. INTRODUCTION Companies and organizations are today massively using Internet as the main information distribution means both at internal and external levels. Such a widespread use of the web has sped up the development of a new class of information-centred applications focused on the selective dissemination of information (hereafter called SDI). The obvious purpose of these applications is the delivery of data to a possible large user community. The term selective in this context means that each user should not receive all the data but he/she must receive only specific portions of them. Such portions can be determined according to several factors, such as user interests and needs, or the access control policies that the data source has in place. The chapter focuses on security issues for selective data dissemination services, since such issues represent one of the most novel and promising research directions in the field. A Secure and Selective Dissemination of Information – SSDI service– is an SDI service that ensures a set of security properties to the data it manages. In particular, we focus on four of the most important security properties: authenticity, integrity, confidentiality, and completeness. Since it is often the case that data managed by an SDI service are highly strategic and sensitive, the scope of SSDI applications is wide and heterogeneous. For instance, a first relevant scenario for such kinds of applications is related to the electronic commerce of information. This is, for instance, the case of digital libraries or electronic news (e.g., stock price, sport news, etc.). In such a case, users subscribe to a source and they can access information on the basis of the fee they have paid. Thus, in a digital library scenario, it is necessary to develop a mechanism ensuring that a user receives all and only those portions of the library he/she is entitled to access, according to the fee he/she has paid and only for the subscription period. Additionally, the service must ensure that these contents are not eavesdropped during their transmission from the library to the intended receiver. Another important scenario for SSDI applications is data dissemination within an organization or community, where the delivery is controlled by security rules defined by Security Administrator(s) (SAs). Consider, for instance, documents containing sensitive information about industrial projects. In such a case, personal data of the enrolled 30 more pages are available in the full version of this document, which may be purchased using the "Add to Cart" button on the product's webpage: www.igi-global.com/chapter/secure-datadissemination/23373?camid=4v1 This title is available in InfoSci-Books, InfoSci-Security Technologies, Science, Engineering, and Information Technology, InfoSci-Select, InfoSci-Security and Forensics, InfoSci-Select, InfoSci-Select. Recommend this product to your librarian: www.igi-global.com/e-resources/libraryrecommendation/?id=1

[1]  Steven J. DeRose,et al.  XML Path Language (XPath) , 1999 .

[2]  Yanlei Diao,et al.  High-Performance XML Filtering: An Overview of YFilter , 2003, IEEE Data Eng. Bull..

[3]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[4]  Amos Fiat,et al.  Broadcast Encryption , 1993, CRYPTO.

[5]  Elisa Bertino,et al.  Selective and authentic third-party distribution of XML documents , 2004, IEEE Transactions on Knowledge and Data Engineering.

[6]  David S. Rosenblum,et al.  Achieving scalability and expressiveness in an Internet-scale event notification service , 2000, PODC '00.

[7]  William Stallings,et al.  Network Security Essentials: Applications and Standards , 1999 .

[8]  S. Robertson The probability ranking principle in IR , 1997 .

[9]  Douglas B. Terry,et al.  Continuous queries over append-only databases , 1992, SIGMOD '92.

[10]  Michael J. Franklin,et al.  Efficient Filtering of XML Documents for Selective Dissemination of Information , 2000, VLDB.

[11]  Dennis Shasha,et al.  WebFilter: A High-throughput XML-based Publish and Subscribe System , 2001, VLDB.

[12]  Michael McGill,et al.  Introduction to Modern Information Retrieval , 1983 .

[13]  Hector Garcia-Molina,et al.  Index structures for selective dissemination of information under the Boolean model , 1994, TODS.

[14]  Hector Garcia-Molina,et al.  Index structures for information filtering under the vector space model , 1994, Proceedings of 1994 IEEE 10th International Conference on Data Engineering.

[15]  Calton Pu,et al.  Continual Queries for Internet Scale Event-Driven Information Delivery , 1999, IEEE Trans. Knowl. Data Eng..

[16]  Guruduth Banavar,et al.  Gryphon: An Information Flow Based Approach to Message Brokering , 1998, ArXiv.

[17]  Wen-Guey Tzeng,et al.  A Time-Bound Cryptographic Key Assignment Scheme for Access Control in a Hierarchy , 2002, IEEE Trans. Knowl. Data Eng..

[18]  Ralph C. Merkle,et al.  A Certified Digital Signature , 1989, CRYPTO.

[19]  Gerald Salton,et al.  Automatic text processing , 1988 .

[20]  Elisa Bertino,et al.  Secure and selective dissemination of XML documents , 2002, TSEC.

[21]  Hector Garcia-Molina,et al.  The SIFT information dissemination system , 1999, TODS.

[22]  Elisa Bertino,et al.  A Secure Publishing Service for Digital Libraries of XML Documents , 2001, ISC.

[23]  C. M. Sperberg-McQueen,et al.  Extensible Markup Language (XML) , 1997, World Wide Web J..

[24]  David J. DeWitt,et al.  NiagaraCQ: a scalable continuous query system for Internet databases , 2000, SIGMOD 2000.

[25]  H. P. Luhn Selective dissemination of new scientific information with the aid of electronic processing equipment , 1961 .

[26]  Nicholas J. Belkin,et al.  Retrieval techniques , 1987 .

[27]  Shoshana Loeb,et al.  Information filtering , 1992, CACM.