研究生: |
張道顧 Tao-Ku Chang |
---|---|
論文名稱: |
XML文件安全塑模之設計與實作 Design and Implementation of the Security Model for XML Documents |
指導教授: |
黃冠寰
Hwang, Gwan-Hwan |
學位類別: |
博士 Doctor |
系所名稱: |
資訊教育研究所 Graduate Institute of Information and Computer Education |
論文出版年: | 2006 |
畢業學年度: | 95 |
語文別: | 英文 |
論文頁數: | 112 |
中文關鍵詞: | 可擴展標示語言 、安全 、元素加密 、數位簽章 、可擴展標示語言轉換 、文件安全語言 |
英文關鍵詞: | XML, Security, Element-wise Encryption, Digital Signature, XSLT, DSL |
論文種類: | 學術論文 |
相關次數: | 點閱:216 下載:2 |
分享至: |
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報 |
中文摘要
本篇論文提出XML文件安全模式的解決方案。首先我們研究單一XML文件加密與數位簽章的方式,研究成果包括發展一個加密的安全操作模式、文件安全語言-Document Security Language (DSL)、協助撰寫DSL文件的編輯器、利用XSLT配合DSL來實作加密XML文件加密程式及提供程式寫作的DSL API。我們提出的安全操作模式定義了如何對XML文件中任意資料之加密與數位簽章的程序,它提供了比現有的XML加密安全機制更為完整的解決方案,包括元素加密、元素內容加密與元素屬性加密,更加入了時間順序的數位簽章簽章模式。以這個具完整性模式為基礎,我們定義了一個新的語言,稱之為文件安全語言(DSL)來支援這個操作模式。我們已實作二種方法:第一種利用Java語言來撰寫,第二種利用XSLT的延伸自定函數功能來完成加密與解密的功能。我們也設計了一個圖形界面的DSL編輯工具來協助使用者容易地撰寫DSL文件。同時也我們設計了一個DSL API供程設計人員能夠以最少的成本且快速地將DSL的安全機制應用到現有的XML應用系統中。我們也進一步探討如果將XML文件儲存於資料庫中之擷取相關問題。我們研究XML Query雖然被廣泛應用在XML的查詢上,但在其語言描述中並無提供安全的機制。因此我們結合XQuery與DSL,提出一個sXQuery的新語言,讓XQuery查詢語言也擁有資訊加密功能。另外,XML文件經常會被加密後再儲存於檔案系統或資料庫,查詢已加密的XML文件時需要經過解密才能夠獲取資料;為了減少不必要的解密程式,我們也設計了一個自動轉換模式可以有效率地將經過加密後的XML文件從資料庫中擷取出來。
Abstract
In this dissertation we aim at the deisgn and implementation of the security model for XML documents. First, we propose an operational model which defines the process of encrypting data and embedding digital signatures which sign the data in an original XML docuemnt. It provides element-wise encryption that is more general than previous forms of XML security, by including element, content of element, and two types of attribute encryption. Moreover, the model of temporal-based element-wise digital signature is novel. Based on the generalized operational model, we define a new language – called document security language (DSL) – to support it. Two different implementations further demonstrate its practicability. In addition, we have developed a DSL editor and the DSL API to support the proposed operational model. The research following the XML security, we explore a little further into the XML query related issues. Although the W3C proposed the XQuery language, which is designed to be broadly applicable across all types of XML data sources, this language does not provide a security mechanism in its query expressions. We have designed a new XML query language, called the secure XML Query (sXQuery) language that is derived from XQuery and reinforced with a security mechanism; sXQuery combines the specification ability of both the XQuery language and the document security language which is designed to specify the scope and encryption details of XML. Furthermore, we address how to optimally query encrypted XML documents using XQuery, with the key point being how to eliminate redundant decryption so as to accelerate the querying. We have proposed a processing model that can automatically and appropriately translate the XQuery statements for encrypted XML documents.
References
1 T. Bray, E. Maler, J. Paoli, C. M. Sperberg-McQueen, “Extensible Markup Language (XML) 1.0 (Second Edition), W3C Recommendation,” October 2000.
2 J. Gettys, J. Mogul, H. Frystyk, L. Masinter, P. Leach, and T. Berners-Lee, “Hypertext Transfer Protocol -- HTTP/1.1,” June 1999. http://www.ietf.org/rfc/rfc2616.txt.
3 ISO (International Organization for Standardization). ISO 8879:1986(E). Information processing -- Text and Office Systems -- Standard Generalized Markup Language (SGML). First edition -- 1986-10-15. [Geneva]: International Organization for Standardization, 1986.
4 Bruce Schneier, “Applied Cryptography: Protocols, Algorithms, and Source Code in C,” 2nd Edition, published by John Wiley & Sons.
5 R. L. Rivest, A. Shamir, and L. Adleman, “A Method for Obtaining Digital Signatures and Public-Key Cryptosystems,” Communications of the ACM, Feb. 1978, vol.21, pp.122-126.
6 P. Kitsos, N. Sklavos, and O. Koufopavlou, “An Efficient Implementation of the Digital Signature Algorithm,” proceedings of 9th IEEE International Conference on Electronics, Circuits and Systems (ICECS'02), Croatia, 2002.
7 National Institute of Standards and Technology, Data Encryption Standard, Federal Information Processing Standard, FIPS PUB 46-2, December 1993.
8 Ricardo Rosario, “Secure XML: An Overview of XML Encryption,” http://www.cs.rit.edu/~rlr6379/xml_encryption.htm.
9 Paul Brandt and Frederik Bonte, “Towards secure XML,” http://lists.w3.org/Archives/Public/xml-encryption/2000Oct/att-0016/02-Discussion_paper_sXML.doc.
10 Hiroshi Maruyama and Takeshi Imamura, “Element-wise XML Encryption,” 2000. http://www.alphaworks.ibm.com/tech/xmlsecuritysuite.
11 Drug Tidwell, “Extending XSLT to Encrypt XML on the Fly,” http://web.oreilly.com/news/XSLT_0801.html.
12 “XML Encryption WG,” http://www.w3.org/Encryption/2001/Overview.html.
13 TAIWAN-CA.COM Inc, http://www.taica.com.tw/.
14 VeriSign Secure Site, http://www.verisign.com/.
15 J. Clark, “XSLT Transforms (XSLT) Version 1.0. W3C Recommendation,” November 1999. http://www.w3.org/TR/1999/REC-XSLT-19991116.html.
16 Scott Boag, Don Chamberlin, Mary F. Fernandez, Daniela Florescu, Jonathan Robie, and Jerome Simeon, “XQuery 1.0: An XML Query Language. W3C Candidate Recommendation 3 November 2005,” http://www.w3.org/TR/xquery/.
17 Michiharu Kudo and Satoshi Hada, “XML Document Security based on Provisional Authorization,” ACM Conference on Computer and Communication Security (CCS 2000), Nov. 2000.
18 Satoshi Hada and Michiharu Kudo, “XML access control language (XACL): Provisional Authorization for XML Doucments,” Tokyo Research Laboratory, IBM Research. http://www.trl.ibm.com/projects/xml/xacl/xacl-spec.html.
19 Ernesto Damiani, Pierangela Samarati di Vimercati, and Stefano Paraboschi, “Controlling Access to XML Documents,” IEEE Internet Computing, Dec. 2001.
20 Elisa Bertino, Silvana Castano, and Elena Ferrari, “On specifying Security Policies for Web Documents with an XML-based Language,” ACM SACMAT, 2001.
21 P. Devanbu, M. Gertz, A. Kwong, C.Martel, G. Nuckolls, and S. G. Stubblebine, “Flexible Authentication of XML Documents,” ACM CCS, 2001.
22 Nathan N. Vuong, Geoffrey S. Smith, and Yi Deng, “Managing Security Policies in a Distributed Environment Using extensible Markup Language (XML),” ACM SAC, 2001.
23 Takeshi Imamura and Hiroshi Maruyama, “Specification of Element-wise XML Encryption,” 2000. http://lists.w3.org/Archives/Public/xml-encryption/2000Aug/att-0005/01-xmlenc-spec.html.
24 E. Simon and B. LaMacchia, “XML Encryption strawman proposal,” Aug 09 2000. http://lists.w3.org/Archives/Public/xml-encryption/2000Aug/0001.html.
25 T.i Imamura, “Another proposal of XML Encryption,” Aug 14 2000. http://lists.w3.org/Archives/Public/xml-encryption/2000Aug/0005.html.
26 Takeshi Imamura, Blair Dillaway, and Edi Simon, “XML Encryption Syntax and Processing,” W3C Recommendation 10 December 2002. http://www.w3.org/TR/2002/REC-xmlenc-core-20021210.
27 Ed Simon , “Re: Attribute encryption, Schema validation, role of XSLT, scope of XML Encryption document (from XML Encryption Mailing List),” Jan 11 2001. http://lists.w3.org/Archives/Public/xml-encryption/2001Jan/0033.html.
28 Steve Wiley, “Re: Attribute encryption (from XML Encryption Mailing List),” Jan 10 2001. http://lists.w3.org/Archives/Public/xml-encryption/2001Jan/0031.html.
29 Steve Wiley, “Re: Attribute encryption & Blair's message (from XML Encryption Mailing List),” Jan 13 2001. http://lists.w3.org/Archives/Public/xml-encryption/2001Jan/0045.html.
30 Philip Hallam-Baker, “Re: Attribute encryption & Blair's message (from XML Encryption Mailing List),” January 12, 2001. http://lists.w3.org/Archives/Public/xml-encryption/2001Jan/0043.html
31 Yongge Wang, “Attribute encryption and low entropy (from XML Encryption Mailing List),” Jan 18 2001. http://lists.w3.org/Archives/Public/xml-encryption/2001Jan/0061.html
32 David C. Fallside, “XML Schema Part 0: Primer,” W3C Recommendation, 2 May 2001. http://www.w3.org/TR/xmlschema-0/.
33 Blair Dillaway, “Re: Attribute encryption (from XML Encryption Mailing List),” Jan 9 2001. http://lists.w3.org/Archives/Public/xml-encryption/2001Jan/0025.html
34 S. Goldwasser and S. Micali. “Probabilistic encryption,” Journal of Computer and System Sciences, 28(2), pp. 270-299, April 1984.
35 Joseph Reagle, “XML Encryption Requirements,” W3C Working Draft 18 October 2001. http://www.w3.org/TR/2001/WD-xml-encryption-req-20011018.
36 Ed Simon, “XML Encryption: Issues Regarding Attribute Values and Referenced, External Data,” Jan 31 2001. http://www.w3.org/Encryption/2001/Minutes/0103-Boston/simon-attribute-encryption.html.
37 R.G. Bartlett, M.W. Cook, “XML security using XSLT”. Proceedings of the 36th Annual Hawaii International Conference on System Sciences, 6-9 Jan. 2003, pp: 122 –127.
38 MIME (Multipurpose Internet Mail Extensions) Part One: Mechanisms for Specifying and Describing the Format of Internet Message Bodies http://www.ietf.org/rfc/rfc1521.txt.
39 James Gosling, Bill Joy, and Guy Steele. “The Java Language Specification,” First Edition, Addison-Wesley, Reading, Massachusetts, USA, 1986.
40 Java(TM) Remote Method Invocation (RMI), http://java.sun.com/j2se/1.3/docs/guide/rmi/.
41 Arnold, Wollrath, O'Sullivan, Scheifler, Waldo, “The Jini Specification,” Addison-Wesley, June 1999.
42 Common Object Request Broker Architecture (CORBA/IIOP Specification), http://www.omg.org/technology/documents/formal/corba_iiop.htm.
43 J. Clark and S. DeRose, “XML Path Language (XPath) Version 1.0. W3C Recommendation,” 16 November 1999, http://www.w3.org/TR/1999/REC-xpath-19991116.xml.
44 Mark Bartel, John Boyer, Barb Fox, Brian LaMacchia, and Ed Simon, “XML-Signature Syntax and Processing W3C Recommendation,” 12 February 2002.
45 Kelvin Lawrence, Chris Kaler, Anthony Nadalin, Martin Gudgin, Abbie Barbir, and Hans Granqvist, “WS-SecurityPolicy v1.0,” http://www.oasis-open.org/committees/download.php/15979/oasis-wssx-ws-securitypolicy-1.0.pdf, 2005.
46 Sun Microsystem, “The Source for Java(TM) Technology,” http://java.sun.com, 2002.
47 The alphaWorks, “XML Parser for Java,” November 25, 2002, http://www.alphaworks.ibm.com/tech/xml4j.
48 J. Clark, “XSLT Transforms (XSLT) Version 1.0. W3C Recommendation,” November 1999. http://www.w3.org/TR/1999/REC-XSLT-19991116.html.
49 The Apache Software Foundation, “Xalan-Java,” 2002. http://xml.apache.org/xalan-j/.
50 Gwan-Hwan Hwang and Tao-Ku Chang, “The Document Security Language (DSL) V2.0”, http://www.xml-dsl.com/DSL_Syntax_v2.pdf.
51 Tao-Ku Chang and Gwan-Hwan Hwang, “Using the Extension Function of XSLT and DSL to Secure XML Documents,” International Conference on Advanced Information Networking and Applications (AINA 2004), Fukuoka, Japan.
52 Gwan-Hwan Hwang and Tao-Ku Chang, “The DSL Editor”, http://www.xml-dsl.com/DSL_editor_detail.htm.
53 “XML Security Suite,” http://www.alphaworks.ibm.com/tech/xmlsecuritysuite.
54 “Phaos Liberty Toolkit,” http://www.phaos.com.
55 Tim Moses, “eXtensible Access Control Markup Language (XACML) Version 2.0,” Committee draft 04, 6 Dec 2004. http://docs.oasis-open.org/xacml/access_control-xacml-2_0-core-spec-cd-04.pdf.
56 Project: XQEngine - XML Query Engine, http://xqengine.sourceforge.net/.
57 Project: XQuench - XML Query Engine, http://xquench.sourceforge.net/.
58 Xavier C. Franc's Qizx/Open: http://www.xfra.net/qizxopen.
59 Galax. Available from: http://www.galaxquery.org.
60 Qexo. The GNU Kawa implementation of XQuery. Available from: http://www.gnu.org/software/qexo/.
61 Saxon. http://www.saxonica.com/.
62 Int’l Organization for Standardization, Information Technology- Database Language-SQL-Part 1: Framework (SQL/Framework), ISO/IEC 9075-1: 1999 and Information Technology- Database Language-SQL-Part 2: Foundation (SQL/Foundation), ISO/IEC 9075-2: 1999, http://www.iso.org, 1999..
63 Charles N. Fischer and Richard J. LeBlanc, Jr. “Crafting A Compiler with C,” The Benjamin/Cummings Publishing Company, Inc., 1991.