Client-Based Access Control Management for XML documents [chapter]

2004 Proceedings 2004 VLDB Conference  
The erosion of trust put in traditional database servers and in Database Service Providers, the growing interest for different forms of data dissemination and the concern for protecting children from suspicious Internet content are different factors that lead to move the access control from servers to clients. Several encryption schemes can be used to serve this purpose but all suffer from a static way of sharing data. With the emergence of hardware and software security elements on client
more » ... es, more dynamic client-based access control schemes can be devised. This paper proposes an efficient client-based evaluator of access control rules for regulating access to XML documents. This evaluator takes benefit from a dedicated index to quickly converge towards the authorized parts of a -potentially streaming -document. Additional security mechanisms guarantee that prohibited data can never be disclosed during the processing and that the input document is protected from any form of tampering. Experiments on synthetic and real datasets demonstrate the effectiveness of the approach. Résumé: La baisse de confiance accordée aux serveurs traditionnels de bases de données et aux fournisseur de services de bases de données (DSP), l'intérêt croissant pour la distribution de données et la préoccupation de protéger nos enfants de contenus digitaux suspects sont différents facteurs qui amènent à migrer le contrôle d'accès du serveur vers le client. Plusieurs schémas de chiffrement peuvent être utilisés dans ce but mais tous contraignent à un partage statique des données. L'apparition d'éléments sécurisés matériels et logiciels pour divers terminaux clients permet de proposer des schémas dynamiques de contrôle d'accès. Cet article présente une solution, côté client, pour évaluer efficacement des règles de contrôle d'accès à des documents XML. Cet évaluateur tire parti d'un index approprié pour converger rapidement vers les parties autorisés d'un document arrivant éventuellement en flux. Des mécanismes supplémentaires de sécurité garantissent que les données interdites ne sont jamais révélées lors du traitement et que le document d'entrée est protégé contre toute forme de modification illicite. L'approche est validée par des expériences sur des données synthétiques et réelles. Mots clés: contrôle d'accès XML, confidentialité des données, gestion ubiquitaires de données, carte à puce Client-Based Access Control Management for XML documents 3 RR n° ???? RR n° ???? incurred by the Skip index and compare it with possible variants. Next, we study the performance of access control management, query evaluation and integrity checking. Finally, the global performance of the proposed solution is assessed on four datasets that exhibit different characteristics. Experimentation platform The abstract target architecture presented in Section 2 can be instantiated in many different ways. In this experimentation, we consider that the SOE is embedded in an advanced smart card platform. While existing smart cards are already powerful (32-bit CPU running at 30Mhz, 4 KB of RAM, 128KB of EEPROM), they are still too limited to support our architecture, especially in terms of communication bandwidth (9.6Kbps). Our industrial partner, Axalto (the Schlumberger's smart card subsidiary), announces by the end of this year a more powerful smart card equipped with a 32-bit CPU running at 40Mhz, 8KB of RAM, 1MB of Flash and supporting an USB protocol at 1MBps. Axalto provided us with a hardware cycle-accurate simulator for this forthcoming smart card. Our prototype has been developed in C and has been measured using this simulator. Cycle-accuracy guarantees an exact prediction of the performance that will be obtained with the target hardware platform. As this section will make clear, our solution is strongly bounded by the decryption and the communication costs. The numbers given in Table 1 allow projecting the performance results given in this section on different target architectures. The number given for the smart card communication bandwidth corresponds to a worst case where each data entering the SOE takes part in the result. The decryption cost corresponds to the 3DES algorithm, hardwired in the smart card (line 1) and measured on a PC at 1Ghz (lines 2 and 3).
doi:10.1016/b978-012088469-8/50011-5 fatcat:f475euzv5rewjbdafnrzpok35y