Securing XML document sources and their distribution

Abstract

XML has been becoming popular for data store, document representation and exchange over the Web. Security mechanisms for the protection of XML document sources and their distribution are essential. Author-X is a Java based system specifically conceived for the protection of XML documents. It supports a range of protection granularity levels and subject credentials, but also supports push distribution for documents broadcast. However, the proposed system has certain disadvantages in terms of both security and dynamic key management. For example, a sender has to distribute the secret keys to all correspondent users for different XML documents. Also, if one of the users leave or a credential is changed, then the sender has to re-encrypt all related documents and redistribute the secret keys to all correspondent users. In this paper, we present a scheme for securing XML documents and their distribution. Our scheme has several advantages over Author-X such as: (a) one user needs only one private key; (b) even when the user leaves or a credential is changed, all the other users will be unaffected; (c) there is no need to establish a secure channel for key distribution; and (d) there is no need for checking the XML documents for access control policies applied. These make the security model more efficient and robust as well as simplifying the programming and the generation of the encrypted document base.