Posts Tagged ‘symmetric cipher
XML Encryption and Access Control
Subtree encryption (element wise)
The two published proposals by [Imamura] and [Simon, LaMacchia] have in common that they take a complete sub tree (descendant-or-self(), maybe with of without attributes of self()), serialize this subtree into a text representation, encrypt it using some encryption mechanism like a symmetric cipher and replace the unencrypted part of the document with the resulting cipher text.
The subtree encryption is an end-to-end-security approach, in which the document includes all sensitive information in encrypted (secured) form. It allows to include multiple encrypted subtrees, and depending on the choosen model and granularity, it is possible to select even single attributes for encryption. In the following illustration, the “Public Nodes” do not need to be confidential (encrypted),but the one at the bottom is encrypted in the subtree.
To encrypt a subtree, the nodes that should be secured are selected:
Server-side Access Control
The server-side access control scenarios with flexible in their content model:
- The XML entity is stored on a server. It is parsed into a DOM tree.
- If a client requests the entity, he is authenticated and it’s authorisations are checked.
- Based on these authorisations (access control lists), the DOM tree is labeled.
- After labeling the nodes, a pruning transformation is applied; all nodes to which the clienthas no access permission are deleted from the tree. [NOTE: Not only end-nodes of the tree can be deleted, even node which have childs. In thiscase, the childs become childs of their „grandparent“.]
- The last step is the serialisation of the resulting tree.
Server-side AC can completely restructure and rebuild the tree, based on the access control lists. It is not forced to make a complete subtree opaque, but it can let some elements childs visible (unencrypted) to the client without enforcing the root of the subtree (self()) being visible.
