Realizing fine-granular Read andWrite Rights on Tree Structured Documents

The Second International Conference on Availability, Reliability and Security (ARES'07) Pub Date : 2007-04-10 DOI:10.1109/ARES.2007.121

Franz Kollmann

{"title":"Realizing fine-granular Read andWrite Rights on Tree Structured Documents","authors":"Franz Kollmann","doi":"10.1109/ARES.2007.121","DOIUrl":null,"url":null,"abstract":"Partial encryption of contents in tree structured documents like XML allows to define a fine-granular local access control on nodes for different users: depending on the read permissions a user gets keys and can decrypt encrypted document parts. However, this approach leads to a management of countless keys. The main goal of the presented key management scheme is to reduce the effort for the key management in tree structured documents in order to achieve a simple key retrieval. In contrast to existing approaches, write permissions are introduced allowing only authorized users valid write operations in such documents. To reduce the key storage, a derivation of read permissions from write permissions is presented, while read permissions and write permissions are inherited from parent nodes. Among read and write permissions, rights for structural modifications are included to guarantee the authenticity of such documents. Additionally the problem of key transmission, the evaluation of data overhead for a realization of this scheme, and security aspects are discussed","PeriodicalId":383015,"journal":{"name":"The Second International Conference on Availability, Reliability and Security (ARES'07)","volume":"7 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2007-04-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"The Second International Conference on Availability, Reliability and Security (ARES'07)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ARES.2007.121","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Partial encryption of contents in tree structured documents like XML allows to define a fine-granular local access control on nodes for different users: depending on the read permissions a user gets keys and can decrypt encrypted document parts. However, this approach leads to a management of countless keys. The main goal of the presented key management scheme is to reduce the effort for the key management in tree structured documents in order to achieve a simple key retrieval. In contrast to existing approaches, write permissions are introduced allowing only authorized users valid write operations in such documents. To reduce the key storage, a derivation of read permissions from write permissions is presented, while read permissions and write permissions are inherited from parent nodes. Among read and write permissions, rights for structural modifications are included to guarantee the authenticity of such documents. Additionally the problem of key transmission, the evaluation of data overhead for a realization of this scheme, and security aspects are discussed

查看原文本刊更多论文

实现树形结构文档的细粒度读写权限

对树状结构文档(如XML)中的内容进行部分加密，允许在节点上为不同用户定义细粒度的本地访问控制:根据用户获得密钥的读取权限，用户可以解密加密的文档部分。然而，这种方法导致管理无数的密钥。提出的密钥管理方案的主要目标是减少树状结构文档中密钥管理的工作量，从而实现简单的密钥检索。与现有方法相比，引入了写权限，只允许授权用户在此类文档中进行有效的写操作。为了减少密钥存储，提出了从写权限派生读权限的方法，而从父节点继承读权限和写权限。在读写权限中，包含了结构修改的权限，以保证文件的真实性。此外，还讨论了密钥传输问题、实现该方案所需的数据开销评估以及安全性问题

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

The Second International Conference on Availability, Reliability and Security (ARES'07)

自引率

0.00%

发文量