Recent implementations of secure publishing uses read-only, rolebased
access control policies (ACPs) for sharing fragments of XML
documents and disseminates a single document encrypted with
multiple cryptographic keys in such a way that the stated policies
are enforced. This talk describes two techniques useful for such
implementations.
In the first part, I will describe role-based ACPs defined at the
schema level . Since secure publishing uses “similar” documents, i.e.
documents based on a selected schema, a standard implementation
of ACPs will incur a high cost of generating keys separately for each
document. However, secure publishing uses a fixed number of
schemas, and keys can be generated (or even pre-generated) only
once, and then reused in all documents valid for the given schema.
The main advantage of our approach is that the minimal set of keys
required to enforce an arbitrary access control policy is generated
only once, at the schema level, and then reused to limit access to
any documents, which are valid with respect to that schema. I will
also describe an efficient, single-pass technique for encrypting
instance documents in a manner that disguises the original
structure of hidden sub-trees, while guaranteeing that each
document node is encrypted at most once, along with
accompanying methods enabling document-level decryption.
In the second part, I will describe an extension of the role-based
ACP model to include role parameterization , in order to address the
problem of role proliferation, which can occur in large scale
systems. I will also describe algorithms for generating the minimum
number of keys required to enforce an arbitrary PRBAC policy; for
distributing to each user only keys needed for decrypting accessible
nodes; and for applying the minimal number of encryption
operations to an XML document required to satisfy the protection
requirements of the policy.