1 / 84

Bitmap-based High-Speed Access Control for Heterogeneous XML Documents

Bitmap-based High-Speed Access Control for Heterogeneous XML Documents. Problems. Trade-offs between fast-services and secure-services Why? Checking security takes time. Security Checking Model. Documents (entire or part) require a proper authorization to access

wiley
Télécharger la présentation

Bitmap-based High-Speed Access Control for Heterogeneous XML Documents

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Bitmap-based High-Speed Access Control for Heterogeneous XML Documents

  2. Problems • Trade-offs between fast-services and secure-services • Why? Checking security takes time

  3. Security Checking Model • Documents (entire or part) require a proper authorization to access • Access type: remote-read, local-read (printable), local-save (not modifiable), remote-write (controlled by the remote site) , local-write (modifiable and distributable) • A user credential is verified for the accessibility of a document.

  4. Access Control Specification • Mainly triplet: <subject, object, authorization> • Different subjects may have the right to access different portions of the same document.

  5. DTD Scenario XML Instance

  6. Situations (1) • Subjects • Distributed inter-organization • Hierarchies intra-organization • Objects • Distributed inter-documents • Hierarchies intra-documents • Control flow • Push • Pull

  7. Situations (2) • Propagation • Authorization propagation along document hierarchies • By number (x), content (o) • Credential reverse-propagation • Authorization types • DTD • Entire DTD, Partial DTD • Documents • Entire XML instances, Partial XML instances

  8. Situation (3) • 3 AC Specifications • AC-specified Subjects • AC-specified Objects • AC-specified Moderator • AC Specifications • Static specification • Associated with Credential, Document, or Moderator • Dynamic specification • Not associated but linkable from them by xlink

  9. Access Control Specification grant request Request with Credential  Release from Server Request  Decision @ Server  Release from Server Request  Decision @ Coordinator  Grant from Coordinator  Release from Server

  10. <?xml version=“1.0” ?> <xml:xlink xlmns:xlink=“http://…/xlink” /> <order>International purchase <item id=“t1”>gold apples <desc>food</desc> <quantity>5</quantity> <price>9.99</price> </item> <item id=“t2”>cd player <desc>appliance</desc> <color>white</color> <quantity>2</quantity> <price>49.00</price> </item> <nego item_id=“all” on=“price”> <offer> <price> <sum item_id=“all” compute=“*” arg1=“quantity” arg2=“price” /> </price> <term>Valid terms</term> </offer> <deal>false</deal> </nego> <delivery>2 Rex St., Lafayette, LA 70504 <xlink:locator href=“http://lafayette.la/map.jpg” /> <xlink:arc from=“remote” to=“local” actuate=“onRequest” /></delivery> </order> </xml> <?xml version=“1.0” ?> <xml:xlink xlmns:xlink=“http://…/xlink” /> <order>International purchase <item id=“t1”>gold apples <desc>food</desc> <quantity>5</quantity> <price>9.99</price> </item> <item id=“t2”>cd player <desc>appliance</desc> <color>white</color> <quantity>2</quantity> <price>49.00</price> </item> <nego item_id=“all” on=“price”> <offer> <price> <sum item_id=“all” compute=“*” arg1=“quantity” arg2=“price” /> </price> <term>Valid terms</term> </offer> <deal>false</deal> </nego> <delivery>2 Rex St., Lafayette, LA 70504 <xlink:locator href=“http://lafayette.la/map.jpg” /> <xlink:arc from=“remote” to=“local” actuate=“onRequest” /></delivery> </order> </xml> (a) order.xml

  11. <access_req type=“query”> <object href=“$p/order.xml/order/item/[position()=2]” /> <subject> <uid>u21</uid> </subject> <action type=“read”/> </access_req> <?xml version=“1.0” ?> <xml:xlink xlmns:xlink=“http://…/xlink” /> <order> <item id=“t1”> <desc>food</desc> <quantity>5</quantity> <price>9.99</price> </item> <item id=“t2”> <desc>appliance</desc> <color>white</color> <quantity>2</quantity> <price>49.00</price> </item> <nego item_id=“all” on=“price”> <offer> <price> <sum item_id=“all” compute=“*” arg1=“quantity” arg2=“price” /> </price> <term>Valid terms</term> </offer> <deal>false</deal> </nego> <delivery>2 Rex St., Lafayette, LA 70504 <xlink:locator href=“http://lafayette.la/map.jpg” /> <xlink:arc from=“remote” to=“local” actuate=“onRequest” /></delivery> </order> </xml> <access_req type=“query”> <object href=“$p/order.xml/order/nego” /> <subject> <uid>u15</uid> </subject> <action type=“write”/> </access_req> <access_req type=“query”> <object href=“$p/order.xml/order/nego” /> <subject> <uid>u15</uid> <rid>engineer</rid> </subject> <action type=“write”/> </access_req>

  12. <?xml version=“1.0” ?> <xml:xlink xlmns:xlink=“http://…/xlink” /> <order> <item id=“t1”> <desc>food</desc> <quantity>5</quantity> <price>9.99</price> </item> <item id=“t2”> <desc>appliance</desc> <color>white</color> <quantity>2</quantity> <price>49.00</price> </item> <nego item_id=“all” on=“price”> <offer> <price> <sum item_id=“all” compute=“*” arg1=“quantity” arg2=“price” /> </price> <term>Valid terms</term> </offer> <deal>false</deal> </nego> <delivery>2 Rex St., Lafayette, LA 70504 <xlink:locator href=“http://lafayette.la/map.jpg” /> <xlink:arc from=“remote” to=“local” actuate=“onRequest” /></delivery> </order> </xml> <access_req type=“query”> <object href=“$p/order.xml/order/item/[position()=2]” /> <object href=“order.xml/order/nego” /> <subject ip=“100.29.199.com”> <rid>comp_staff</rid> </subject> <action type=“read”/> </access_req> <access_req type=“query”> <object href=“$p/order.xml/order/item/[position()=1]” /> <object href=“order.xml/order/delivery” /> <subject ip=“100.29.199.com”> <uid>u33</uid> <rid>sales</rid> </subject> <action type=“read”/> </access_req>

  13. <?xml version=“1.0” ?> <xml:xlink xlmns:xlink=“http://…/xlink” /> <order> <item id=“t1”> <desc>food</desc> <quantity>5</quantity> <price>9.99</price> </item> <item id=“t2”> <desc>appliance</desc> <color>white</color> <quantity>2</quantity> <price>49.00</price> </item> <nego item_id=“all” on=“price”> <offer> <price> <sum item_id=“all” compute=“*” arg1=“quantity” arg2=“price” /> </price> <term>Valid terms</term> </offer> <deal>false</deal> </nego> <delivery>2 Rex St., Lafayette, LA 70504 <xlink:locator href=“http://lafayette.la/map.jpg” /> <xlink:arc from=“remote” to=“local” actuate=“onRequest” /></delivery> </order> </xml> <access_req type=“query”> <object href=“$p/order.xml/order/item/[position()=1]” /> <object href=“order.xml/order/delivery” /> <subject ip=“100.29.199.com”> <uid>u33</uid> </subject> <action type=“read”/> </access_req>

  14. <?xml version=“1.0” ?> <xml:xlink xlmns:xlink=“http://…/xlink” /> <order>International purchase <item id=“t1”>gold apples <desc>food</desc> <quantity>5</quantity> <price>9.99</price> </item> <item id=“t2”>cd-player <desc>appliance</desc> <color>white</color> <quantity>2</quantity> <price>49.00</price> </item> <nego item_id=“all” on=“price”> <offer> <price> <sum item_id=“all” compute=“*” arg1=“quantity” arg2=“price” /> </price> <term>Valid terms</term> </offer> <deal>false</deal> </nego> <delivery>2 Rex St., Lafayette, LA 70504 <xlink:locator href=“http://lafayette.la/map.jpg” /> <xlink:arc from=“remote” to=“local” actuate=“onRequest” /> </delivery> </order> </xml> <?xml version=“1.0” ?> <xml:xlink xlmns:xlink=“http://…/xlink” /> <order>quotation <item id=“t3”>domestic car <desc>car</desc> <color>green</color> <quantity>1</quantity> <price>15000.00</price> </item> <nego> <offer> <price>*</price> </offer> </nego> <delivery>2 Rex St., Lafayette, LA 70504 <xlink:locator href=“http://mysite.com” /> <xlink:arc from=“remote” to=“local” actuate=“onRequest” /></delivery> </order> </xml> (b) order2.xml <?xml version=“1.0” ?> <xml:xlink xlmns:xlink=“http://…/xlink” /> <order>International purchase <item id=“t2”>cd-player <desc>appliance</desc> <color>white</color> <quantity>1</quantity> <price>49.00</price> </item> <nego><offer> <term>Valid terms</term> </offer> <deal>false</deal> </nego> <delivery> //** omitted due to space problem **// </delivery> </order> </xml> (c) order3.xml (a) order.xml

  15. 1 = 0 15000.00 = 1 2 = 2 2 Rex St, Lafayette, LA 70504 =3 49.00 = 4 5 = 5 9.99 = 6 all = 7 appliance = 8 car = 9 cd-player = 10 domestic car = 11 false = 12 food = 13 gold apples = 14 green = 15 http://lafayette.la/map.jpg = 16 http://mysite.com = 17 http://yoursite.com = 18 International purchase = 19 local = 20 onRequest = 21 price = 22 quantity = 23 quotation = 24 remote = 25 true = 26 Valid terms = 27 white = 28 * = 29 order = 0 order/delivery = 1 order/delivery/xlink:locator/@href = 2 order/delivery/xlink:arc/@actuate = 3 order/delivery/xlink:arc/@from = 4 order/delivery/xlink:arc/@to = 5 order/item = 6 order/item/color = 7 order/item/desc = 8 order/item/price = 9 order/item/quantity = 10 order/nego/@item_id = 11 order/nego/@on = 12 order/nego/deal = 13 order/nego/offer/price = 14 order/nego/offer/price/sum/@item_id = 15 order/nego/offer/price/sum/@compute = 16 order/nego/offer/price/sum/@arg1 = 17 order/nego/offer/price/sum/@arg2 = 18 order/nego/offer/term = 19 (a) Hashing XML Path Expression (b) Hashing XML Contents

  16. [0,19] [1,3] [2,17] [3,21] [5,20] [6,11] [7,15] [8,8] [8,13] [9,4] [10,0] [10,5] [12,22] [13,26] [15,7] [17,23] [19,27] [0,24] [2,16] [2,18] [4,25] [6,10] [6,14] [7,28] [8,9] [9,6] [9,1] [10,2] [11,7] [13,12] [14,29] [16,29] [18,22] order.xml order2.xml order3.xml 1 0 1 1 1 0 0 1 1 1 0 1 0 1 1 0 1 1 1 0 0 1 1 1 1 1 0 0 1 1 1 1 1 0 1 1 0 0 1 1 1 1 0 1 0 1 0 0 1 0 0 0 1 1 0 0 0 0 0 0 1 0 0 0 0 0 1 0 1 1 1 0 0 1 1 1 0 0 0 1 1 0 0 0 1 0 1 0 0 0 0 0 1 0 0 0 0 0 1 (c) DBI for XML documents in Figure 3.1

  17. <access_req type=“query”> <object href=“$p/order/item/desc/[text()=‘appliance’]” /> <subject ip=“100.29.199.com”> <uid>u33</uid> </subject> <action type=“read”/> </access_req>

  18. T public all *.*.*.* user admin engineer sales 33.129.20.edu *.28.199.com *.22.111.org sys_admin …….. comp_staff u21 u33 u15 u7 u19 11.28.199.com 28.28.199.com  Subject Lattice (uid, role, ip)

  19. T * public tech_user decision_maker admin engineer sales director manager comp_staff u21 u33 u15 u7 u19  uid = {*, public, u21, u33, u15, u7, u19} rid = {admin, engineer, sales, tech_user, decision_maker, comp_staff, director, manager}

  20. <authorization_policy> <authorization aid=“Ax1”> <subject><uid>u21</uid> <uid>u33</uid></subject> <object>order.xml/order/item order.xml/order/delivery</object> <action>read</action> <permission>granted</ permission > </authorization> <authorization aid=“Ax2”> <subject propagation=“down”><rid>tech_user</rid></subject> <object propagation=“up” depth=“1”>order.xml/order/item order.xml/order/nego</object> <action>read write</action> < permission >granted</ permission > </authorization> ……. </authorization_policy> (a) Authorization Policy in XML Ax1: Auth (O: order.xml/order/item order.xml/order/delivery, S:u21, S:u33, P:read, z:+) . Ar1:Auth (O:$o, S:$u, P:read, z:+)  Auth (O:$o, S:$u, P:write, z:+). Ar2:Auth (O:$o, OP:-1, S:sales, SP:+1, P:write, z:-)  Contains (O:$o//deal, “false”). (b) Authorization Policy in Logic

  21. admin = 0 comp_staff = 1 decision_maker = 2 director = 3 engineer = 4 granted = 5 manager = 6 read = 6 sales = 7 tech_user = 8 u15 = 9 u21 = 10 u33 = 11 u7 = 12 write = 13 authorization_policy/authorization/subject/uid =0 authorization_policy/authorization/subject/rid = 1 authorization_policy/authorization/action = 2 authorization_policy/authorization/permission = 3 (a) Hashing Authorization Element (b) Hashing Authorization Content [0,9] [0,10] [0,11] [0,12] [1,0] [1,1] [1,2] [1,3] [1,4] [1,6] [1,7] [1,8] [2,6] [2,13] [3,5] [0,9] [0,10] [0,11] [0,12] [1,0] [1,1] [1,2] [1,3] [1,4] [1,6] [1,7] [1,8] [2,6] [2,13] [3,5] Ax1 Ax2 Ax1 Ax2 0 0 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 1 1 1 (c) AI for Figure 3.4(a) 0 1 0 0 1 0 1 1 0 1 1 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 1 1 1 1 (d) AI for Figure 3.4(a) after Subject Propagation

  22. Auth (o, op, s, sp, x, v, z) given by XML • Auth (o, op, s, sp, x, v, z) reasoned by rules • Initial Bitmap Index • Auth (o, op, s, sp, x, v, z) AI(s0,x,v,z) + DI(o0) • Propagation •  AI(s,x,v,z) + DI(o) •  AI(s,x,v,z) + DI(o0) • Approaches • Coupling: AI(s,x,v,z) + DI(o)  CADI (s,x,v,z,o) • Pipelining: AI(s,x,v,z)  DI(o)  • Parallelism: AI(s,x,v,z) || DI(o)

  23. <authorization_list> <authorization aid=“a1”> <subject propagation=“F”><uid>u21</uid> <uid>u33</uid></subject> <object propagation=“F”>order.xml/order/item order.xml/order/delivery</object> <action>read</action> <permission>granted</ permission > </authorization> <authorization aid=“a2”> <subject propagation=“down”><rid>user</rid></subject> <object propagation=“F”>order.xml/order/item order.xml/order/nego</object> <action>read write</action> < permission >granted</ permission > </authorization> <authorization aid=“a3”> <subject propagation=“down”><uid>engineer</uid></subject> <object propagation=“T”>order.xml/order</object> <action activation=“T”>read write</action> < permission >granted</ permission > </authorization> <authorization aid=“a4”> <subject propagation=“up”><rid>comp_staff</rid></subject> <object propagation=“T”>order.xml/order/item</object> <action>read</action> < permission excluded_by=“ip” ip=“33.129.20.edu”>denied</ permission > </authorization> <authorization aid=“a5”> <subject propagation=“F”><uid>sales</uid></subject> <object propagation=“T”>order.xml/order/delivery</object> <action>read</action> < permission >denied</ permission > </authorization> </authorization_list> Authorization • Subject: only a specified ip will be served. Default is none. • context-based propagation: within document, system, subnet, all others • Propagation up, down, no, for both Subject and Object • Authorization Scope based on inclusion and exclusion for both Subject, Object, Action, and Sign. Default is “inclusion.” • Activation of programs is specified for Action. Default is “F”

  24. Bitmap-based Access Control • Request (s,o,a)  request bitmap based on s,(o,a) • Authorization (s,o,a,p,n,v)  authorization bitmap s,(o,a) appended by s,(o,v) and s,n • On-the-fly propagation of the authorization • The second bitmap indicates the activatability of computations • The third bitmap indicates the decision of grant, deny, wait, etc

  25. High-Speed • Query  parsing  Authorization + Request • Authorization  bitmap • Relaxation (Optimization)  bitmap • Answering  bitmap • Bitmap  interpretation

  26. Authorization/Answering Bitmaps • ePath: a set of paths that are used to check authorizations • Content: a set of contents that are associated with ePath • Two bitmaps: (1) Answering Bitmap, (2) Authorization Bitmap

  27. Authorization Bitmaps • Limited number of ePaths and contents • Limited number of AC Policies c0 =comp_staff c1 =denied c2 =engineer c3 =granted c4 =order/delivery c5 = order/item/desc/[text()=‘appliance’] c6 =order/item/[position()=1] c7 =order/item/[position()=2] c8 =order/nego c9 =query c10 =read c11 =sales c12 =user c13 = u15 c14 = u19 c15 =u7 c16 =u21 c17 =u33 c18 =write c19 =33.129.20.edu c20 =100.29.199.com r0 = {access_req.}type r1 = {access_req.}object.href r2 = {access_req.}subject.uid r3 = {access_req.}subject.rid r4 = {access_req.}subject.ip r5 = {access_req.}action.type r2 = {authorization.}subject.uid r3 = {authorization.}subject.rid r1 = {authorization.}object r5 = {authorization.}action a1 = {authorization.}permission a2 = {authorization.}permission.excluded_by a3 = {authorization.}permission.ip

  28. Authorization Bitmaps (push-up Query Relaxation) [0,8] [1,4] [1,5] [1,6] [1,7] [1,8] [2,13] [2,14] [2,15] [2,16] [2,17] [3,0] [3,2] [3,11] [3,12] [4,20] [5,10] [5,18] user1 user2 user3 user4 user5 user6 user7 1 0 0 0 1 0 0 0 1 0 0 0 0 0 1 0 0 0 1 0 0 0 0 1 1 0 0 0 0 0 0 0 0 1 0 0 1 0 0 0 0 1 1 0 0 0 0 1 0 0 0 1 0 0 1 0 0 0 1 1 0 0 0 0 1 0 0 1 1 0 0 0 1 1 0 1 0 0 0 0 0 1 0 0 1 1 1 0 0 0 1 1 0 1 0 0 0 0 0 1 0 0 0 1 1 0 0 0 [6,3] [5,18] 1 0 1 0 0 0 0 0 0 1 0 0 0 1 1 0 0 0 policy1 policy2 policy3 policy4 policy5 1 1 0 0 0 0 0 0 0 1 1 0 0 0 0 1 1 0 1 0 1 0 0 0 0 1 1 1 1 0 0 0 0 0 1 1 1 1 1 0 1 1 1 1 1 1 1 0 1 0 1 0 1 0 0 1 1 1 1 0 1 0 1 1 1 0 0 0 0 0 0 1 0 0 1 1 1 0 0 1 1 1 0 0 0 0 0 0 0 0 0 0 0 1 0 1 1 0 0 0 Propagation on-the-fly of encoding: propagation=“down” for rid=“user” will set bits for the lb(user)={u7, u15, u19} for policy2, lb(engineer)={u7, u15, u33} and lb(order)={*} for policy3. For ip, unless specified, all bits [4,20] should be set to 1, meaning that all accesses from any ip will be permitted. For policy4, [5,18]=1 indicates that an access from that ip should not be admitted. Ub[comp_staff]={users, all}.

  29. Answering Bitmaps • Limited number of ePaths and contents • Limited number of XML documents c0 = all c1 = appliance c2 = best offer c3 = false c4 = food c5 = http://lafayette.la/map.jpg c6 = price c7 = quantity c8 = t1 c9 = t2 c10 = valid terms c11 = white c12 = 1 c13 = 2 Rex St., Lafayette, LA 70504 c14 = 2 c15 = 5 c16 = 9.99 c17 = 49.00 c18 = * p0 = order.item.id p1 = order.item.desc p2 = order.item.quantity p3 = order.item.price p4 = order.item.color p5 = order.nego p6 = order.nego.item_id p7 = order.nego.on p8 = order.nego.offer.price.sum.item_id p9 = order.nego.offer.price.sum.compute p10 = order.nego.offer.price.sum.arg1 p11 = order.nego.offer.price.sum.arg2 p12 = order.nego.offer.term p13 = order.nego.deal p14 = order.delivery p15 = order.delivery.xlink:locator.href q0 = order.item/[position()] q1 = order.item.desc q2 = order.nego q3 = delivery

  30. 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 Query Answering in the Presence of Authorization Bitmaps [0,8] [1,4] [1,5] [1,6] [1,7] [1,8] [2,13] [2,14] [2,15] [2,16] [2,17] [3,0] [3,2] [3,11] [3,12] [4,20] [5,10] [5,18] user1 user2 user3 user4 user5 user6 user7 1 0 0 0 1 0 0 0 1 0 0 0 0 0 1 0 0 0 1 0 0 0 0 1 1 0 0 0 0 0 0 0 0 1 0 0 1 0 0 0 0 1 1 0 0 0 0 1 0 0 0 1 0 0 1 0 0 0 1 1 0 0 0 0 1 0 0 1 1 0 [0,8] [0,9] [1,3] [1,1] [2,14] [2,15] [3,16] [3,17] [4,11] [5,2] [6,0] [7,6] [8,0] [9,18] [10,7] [11,6] [12,10] [13,3] [14,13] [15,5] 0 0 1 1 0 1 0 0 0 0 0 1 0 0 1 1 1 0 0 0 1 1 0 1 0 0 0 0 0 1 0 0 0 1 1 0 0 0 [6,3] [5,18] 1 0 1 0 0 0 0 0 0 1 0 0 0 1 1 0 0 0 policy1 policy2 policy3 policy4 policy5 1 1 0 0 0 0 0 0 0 1 1 0 0 0 0 1 1 0 1 0 1 0 0 0 0 1 1 1 1 0 0 0 0 0 1 1 1 1 1 0 1 1 1 1 1 1 1 0 1 0 1 0 1 0 0 1 1 1 1 0 1 0 1 1 1 0 0 0 0 0 0 1 0 0 1 1 1 0 0 1 1 1 0 0 0 0 0 0 0 0 0 0 0 1 0 1 1 0 0 0

  31. (subject/uid) =0 (subject/rid) = 1 (subject/ip) = 2 (action/type) = 4 (object/href) = 4 (permission) = 5 (permission/excluded_by) =5 (permission/ip) = 7 (comp_staff) =0 (denied) = 1 (engineer) = 2 (grated) = 3 (read) = 4 (sales) = 5 (user) = 6 (u15) = 7 (u19) = 8 (u7) = 9 (u21) = 10 (u33) = 11 (white) = 12 (33.129.20.edu) = 13 (100.29.199.com) = 14 (*) = 15 (ip) = 16 (a) Hashing Authorization Element (b) Hashing Authorization Content [0,2] [0,5] [0,7] [0,8] [0,9] [0,10] [0,11] [1,0] [1,6] [2,13] [2,14] [3,4] [3,12] [4,15] [5,1] [5,3] [6,16] [7,13] authorization 1 authorization 2 authorization 3 authorization 4 authorization 5 authorization 6 0 0 0 0 0 1 1 0 0 0 0 1 0 1 0 1 0 0 0 0 0 0 0 0 0 0 1 0 0 1 1 1 0 1 0 0 1 0 0 0 0 0 0 0 0 0 0 1 1 1 0 1 0 0 0 0 0 0 0 0 0 1 0 0 0 1 0 1 1 0 1 1 0 1 0 0 0 0 0 0 0 0 0 1 0 1 1 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 1 1 1 0 0 0 (c) Indexing XML Authorization Collections

  32. (order) = 0 (order/item[1]) = 1 (order/item[1]/desc) = 2 (order/item[1]/color) = 3 (order/item[1]/quantity) = 4 (order/item[1]/price) = 5 (order/item[2]) = 6 (order/item[2]/desc) = 7 (order/item[2]/color) = 8 (order/item[2]/quantity) = 9 (order/item[2]/price) = 10 (order/nego/offer[1]/price) = 11 (order/nego/offer[1]/item[1]) = 12 (order/nego/offer[2]/price) = 13 (order/nego/offer[2]/item[1]) = 14 (order/nego/offer[2]/item[2]) = 15 (order/nego/deal) = 16 (order/delivery) = 17 (order/delivery/xlink:locator) = 18 (order/delivery/xlink:arc) = 19 (a) Hashing XML Element 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 order.xml order2.xml order3.xml 1 1 1 0 1 1 1 1 1 1 1 1 1 0 0 0 1 1 1 1 0 0 1 1 1 1 1 0 0 0 0 1 0 1 1 1 1 0 0 0 0 1 1 1 1 1 0 0 0 0 0 1 0 0 0 0 0 0 0 0 Notice that actual files of order2.xml and order3.xml are omitted. (b) Indexing XML Document Collections

  33. [0,2] [0,5] [0,7] [0,8] [0,9] [0,10] [0,11] [1,0] [1,6] [2,13] [2,14] [3,4] [3,12] [4,15] [5,1] [5,3] [6,16] [7,13] authorization 1 authorization 2 authorization 3 authorization 4 authorization 5 authorization 6 0 0 0 0 0 1 1 0 0 0 0 1 0 1 0 1 0 0 0 0 1 1 1 0 1 0 1 0 0 1 1 1 0 1 0 0 1 0 0 0 0 0 0 0 0 0 0 1 1 1 0 1 0 0 0 0 0 0 0 0 0 1 1 0 0 1 0 1 1 0 1 1 0 1 0 0 0 0 0 0 0 0 0 1 0 1 1 0 0 0 0 0 0 0 1 0 0 1 0 0 0 0 1 1 1 0 0 0 Notice that some bit values are changed from Figure 4.1(c) due to early propagation.

  34. [0,2] [0,5] [0,7] [0,8] [0,9] [0,10] [0,11] [1,0] [1,6] [2,13] [2,14] [3,4] [3,12] [4,15] [5,1] [5,3] [6,16] [7,13] authorization 1 authorization 2 authorization 3 authorization 4 authorization 5 authorization 6 0 0 0 0 0 1 1 0 0 0 0 1 0 1 0 1 0 0 0 0 1 1 1 0 1 0 1 0 0 1 1 1 0 1 0 0 1 0 0 0 0 0 0 0 0 0 0 1 1 1 0 1 0 0 0 0 0 0 0 0 0 1 1 0 0 1 0 1 1 0 1 1 0 1 0 0 0 0 0 0 0 0 0 1 0 1 1 0 0 0 0 0 0 0 1 0 0 1 0 0 0 0 1 1 1 0 0 0 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 0 1 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 1 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 1 1 0 1 1 1 1 1 1 1 1 1 0 0 0 1 1 1 1 0 0 1 1 1 1 1 0 0 0 0 1 0 1 1 0 1 1 0 0 0 1 1 1 1 1 0 1 0 1 1 1 1 1 1 1 0 0 0 0 0 1 1 0 1 1 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 1 1 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 1 1 0 1 0 1 1 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 1 1 1 0 0 0 1 0 0 0 0 0 0 0 0 0 1 0 0 0 0 1 0 1 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 1 1 1 1 0 0 0 0 c4 c5 c6 c4 c5 c6

  35. (a) (b) (c) (d) (e) ……

  36. <access_req type=“query”> <object href=“$p/order.xml/order/item/[position()=‘1’]” /> <object href=“$p/order.xml/order/item/*” /> <subject ip=“100.29.199.com”> <uid>u7</uid> <rid>user</rid> </subject> <action type=“read” /> </access_req> <access_req type=“query”> <object href=“$p/order.xml/order” /> <subject> <uid>u7</uid> </subject> <action type=“read” /> </access_req> (q1) Uid u7 requests to read the items of orders (q3) Uid u7 requests to real all the information about the first item of orders from the ip, 100.29.199.com. <access_req type=“query”> <object href=“$p/order/nego/offer/item/[text() =‘Valid term’]” /> <subject> <uid>u7</uid> </subject> <action type=“write” /> </access_req> (q2) Uid u7 requests to write on the documents whose negotiation term is valid.

  37. 1 0 1 0

  38. Authorization by Dynamic Delegation • Dynamic delegation remotely • Auto dealers can sell to a buyer if she has a delegate, which do not know, which is not fixed, but available if her credential is verified

  39. SecureBit: Bitmap Indexing Approach to Fast and Secure Access Control for XML Retrieval

  40. Motivating example • Preliminaries • XML Document • Authorization AUTH(s,o,p,g,w): direct, derivation, propagation • Propagation: access propagation (up down outward), subject/object propagation • Bitmap indexing • XML document collection DSI • AUTH (s,sp,o,op,p,w): Model-theoretic evaluation  ABI0, ABIp, ABIpv, • Integration: IAD = ABIpv + DSI • Request q • Responding to Request • Bit-wise operations: C={c|for each a  IAD, c=(aq)} • Sub-bitmap: s(c), o(c), id(c), w(c), • Example: To process queries, say “grant” “denial” • Authorization Conflicts • Definition conflict, o/s Propagation conflict, • P conflict  Specific-take precedence: lub(o), glb(o), lub(s), glb(s), Explicit precedence using ABI0, Wait  s AUTH(s:$s,…) • Experiment • Scalable construction, authorization time, conflict resolution time • Conclusion

  41. Why Bitmap Approach • Fast • Bit-wise operations  constant processing time • Simple Integration with QP • An access to data needs to be securely controlled. Data access requires AUTH. • An evaluation of AUTH(o,s,p,g,w) needs to access data. AUTH requires data access.

  42. AUTH  Bitmap • Model-theoretic Evaluation of AUTH • AUTH (s,sp,o,op,p,x,g,w)

  43. AR1: Auth (O: order.xml/order/item/[position()=1], S:engineer, P:write, G:g33, :+)   Auth (O: order.xml/order/item/[position()=1], S:sales, P:read, G:g33, :+) AR2: Auth (O: order.xml/order/item/[position()=1], S:engineer, P:read, G:g33, :+)   Auth (O: order.xml/order/item/[position()=1], S:sales, X:100.29.199.com, P:read, G:g33, :+) AR3: Auth (O:$o1, S:$u1, P:read, G:$g1, :+)  Auth (O:$o1, S:$u1, X:100.29.199.com, P:write, G:$g1, :+) AR4: Auth (O:$o1, S:$u1, P:read, G:$g1, :+)  Auth (O:$o1, S:$u1, X: XLink:locator href=“http://x.y.z/allowedURI.xml”, P:write, G:$g1, :+) AR5: Auth (O: order.xml/order/item/[position()=1], S:engineer, P:read, G:g33, :+)   Auth (O: order.xml/order/item/[position()=1], S:sales, P:read, G:g33, :+) // {AR1, AR3} {AR5} AR6: Auth (O: order.xml/order/item/[position()=1], S:engineer, P:read, G:g33, :+) // {AR1, AR3} {AR6} AR7: Auth (O: order.xml/order/item/[position()=1], S:u15, P:write, G:g33, :+)   Auth (O: order.xml/order/item/[position()=1], S:sales, P:read, G:g33, :+) // The authorization for “engineer” is propagated down to “u15” AR7’: Auth (O: order.xml/order/item/[position()=1], S:u33, P:write, G:g33, :+)   Auth (O: order.xml/order/item/[position()=1], S:sales, P:read, G:g33, :+) // conflict due to AR1: u33 is both sales and engineer unless otherwise specified.

  44. 1 1 0 0 … 1 0 1 1 0 1 1 … 0 1 0 … 1 1 0 1 0 1 … 0 1 s v w x o Authorization Bitmap Index DPI AUTH (s,sp,o,ip,p,x,g,w) • Subject s: partial orders of registered users; if not registered use a wildcard • Object o: appears in the Document Bitmap Index • Privilege p: 2 bits of read and write • Determination w: 1 bit for +/- • Communication x: partial orders of registered ips • Subject/Object Propagation sp/op: used for early propagation

  45. Authorization Rule • Rules type • Ground authorization rules  only credentials specified in these rules • Non-ground authorization rules  partial ordering of credentials [all together] bits for the partial orderings • Direct authorization rules  do as above • Authorization rules by derivation • Once derived, it can be encoded as above • Authorization rules by propagation • Finitely many rules can be generated. Therefore, the propagation mode in AUTH is practical and efficient.  early propagation is possible. • Delegation rules • Another type of propagation. Authorization propagation in addition to those subject/object propagation already discussed.  encoded as above (propagation)

  46. Authorization Bitmap Index • AUTH (s,sp,o,op,p,g,x,w) • Authorization Bitmap Index ABI0 = (s,p,x,w,b), where b denotes 0 or 1. • Bitmap index for Authorization by propagation, ABIP, • Early sp • Other components, o and op, appear in DSI. • ABIv is a bitmap index for authorizations by derivation • ABIPv is a bitmap index for authorizations by both propagation and derivation

  47. Document Bitmap Index • Keep minimum information • Document Collection: (d,p,c) • D: a set of XML documents. Document dD. • P: a set of paths used in D. Path pP. • C: a set of XML element contents used in D. Content cC. • Document Bitmap Index • DBI=(d,p,c,b), where b denotes 1 or 0. • Document Signature Bitmap Index • DSI=(d,p’,b), where p’P’ and P’P. Proper subset due to the assumption that not all paths used in D are not secured. • Early op

  48. Provision • Path-word relations • <p> indicates <d,e>, the existence in the doc d. (order) = 0 (order/item[1]) = 1 (order/item[1]/desc) = 2 (order/item[1]/color) = 3 (order/item[1]/quantity) = 4 (order/item[1]/price) = 5 (order/item[2]) =6 (order/item[2]/desc) = 7 (order/item[2]/color) = 8 (order/item[2]/quantity) = 9 (order/item[2]/price) = 10 (order/nego/offer[1]/price) = 11 (order/nego/offer[1]/term[1]) = 12 (order/nego/offer[2]/price) = 13 (order/nego/offer[2]/term[1]) = 14 (order/nego/offer[2]/term[2]) = 15 (order/nego/deal) = 16 (order/delivery) = 17 (order/delivery/xlink:locator) = 18 (order/delivery/xlink:arc) = 19 (a) Projected XML Paths 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 order.xml order2.xml order3.xml 1 1 1 0 1 1 1 1 1 1 1 1 1 0 0 0 1 1 1 1 0 0 1 1 1 1 1 0 0 0 0 1 0 1 1 1 1 0 0 0 (b) Projected-bitmap Index for XML Documents 0 1 1 1 1 1 0 0 0 0 0 1 0 0 0 0 0 0 0 0

More Related