A system for securing push-based distribution of XML documents

  • Elisa Bertino
  • Elena Ferrari
  • Federica Paci
  • Loredana Parasiliti ProvenzaEmail author
Regular Contribution


Push-based systems for distributing information through Internet are today becoming more and more popular and widely used. The widespread use of such systems raises non trivial security concerns. In particular, confidentiality, integrity and authenticity of the distributed data must be ensured. To cope with such issues, we describe here a system for securing push distribution of XML documents, which adopts digital signature and encryption techniques to ensure the above mentioned properties and allows the specification of both signature and access control policies. We also describe the implementation of the proposed system and present an extensive performance evaluation of its main components.


Push-based data dissemination XML Security policies Authentication 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Al-Mogren, A., Dunham, M.: Data broadcast classification. In: IEEE pp 221–241 (2005)Google Scholar
  2. 2.
    Atallah, M.J., Frikken, K.B., Blanton, M.: Dynamic and efficient key management for access hierarchies. In: ACM CCS (2005)Google Scholar
  3. 3.
    Bellare, M., Rogaway, P.: Encode-then-encipher encryption: how to exploit nonces or redundancy in plaintexts for efficient cryptography. Advances in Cryptology· Asiacrypt 00 LNCS (1976) (2000)Google Scholar
  4. 4.
    Bertino, E., Carminati, B., Ferrari, E.: A temporal key management scheme for broadcasting XML documents. In: Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS’02) (2002)Google Scholar
  5. 5.
    Bertino, E., Carminati, B., Ferrari, E.: Securing XML data in third-party distribution systems. In: CIKM ’05: proceedings of the 14th ACM international conference on information and knowledge management, pp 99–106. ACM Press, New York (2005)Google Scholar
  6. 6.
    Bertino E., Castano S. and Ferrari E. (2001). Author- x: a comprehensive system for securing XML documents. IEEE Internet Comput. 5(3): 21–31 CrossRefGoogle Scholar
  7. 7.
    Bertino E. and Ferrari E. (2003). Secure and selective dissemination of XML documents. ACM Trans. Inform. Syst. Secur. 5(3): 290–331 CrossRefGoogle Scholar
  8. 8.
    Bertino E., Ferrari, E., Parasiliti Provenza, L.: Signature and access control policies for XML documents. In: Proceedings of 8th European symposium on research in computer security (ESORICS 2003) LNCS 2808(3):1–22 (2003)Google Scholar
  9. 9.
    Bertino E. and Sandhu R. (2005). Database security—concepts, approaches and challenges. IEEE Trans. Dependable Secure Comput. 2(1): 2–19 CrossRefGoogle Scholar
  10. 10.
    Castano S., Fugini M., Martella G., Samarati P.: Secure database systems. In: Diaz O., Piattini M. (eds.), Advanced Databases: Technology and Design, Artech House, London (2000)Google Scholar
  11. 11.
    Chaum D., van Heijst, E.: Group signatures. In: Eurocrypt 91, vol. 547, pp 257–265. Springer, Berlin (1991)Google Scholar
  12. 12.
    Chiou, G.H., Chen, W.T.: Secure broadcasting using the secure lock. IEEE Trans. Softw. Eng. 15(8) (1989)Google Scholar
  13. 13.
    Desmedt Y. and Frankel Y. (1989). Threshold cryptosystems. Cryptology Crypto 89: 307–315 Google Scholar
  14. 14.
    Deutsch, A., Fernandez, M., Florescu, D., Levy, A., Suciu, D.: A query language for xml. In: Int’l Conference on World Wide Web. (1999) Available at: Scholar
  15. 15.
    Devanbu P.T., Gertz M. and Kwong A. (2004). Flexible authentication of xml documents. J. Compu. Secur. 12(6): 841–864 Google Scholar
  16. 16.
    Devanbu, P.T., Gertz, M., Martel, C.U., Stubblebine, S.G. Authentic third-party data publication. In: DBSec, pp 101–112 (2000)Google Scholar
  17. 17.
    ElGamal T. (1985). A public key cryptosystem and a signature scheme based on discrete logarithms. IEEE Trans. Info. Theory 31: 469–472 zbMATHCrossRefMathSciNetGoogle Scholar
  18. 18.
    eXcelon Corporation: eXcelon XML Platform (2001). Available at http://www.exln.comGoogle Scholar
  19. 19.
    Ferraiolo D.F., Sandhu R.S., Gavrila S.I., Kuhn D.R. and Chandramouli R. (2001). Proposed nist standard for role-based access control. TISSEC 4(3): 224–274 CrossRefGoogle Scholar
  20. 20.
    Fiat A., Noar M. (1994) Broadcast encryption. Advances in Cryptology (Crypto 93) LNCS (773):480–491Google Scholar
  21. 21.
    Gladney H., Lotspiech J. (1997) Safeguarding digital library contents and users. D-Lib Magazine. (1997) Available at Scholar
  22. 22.
    Hacigümüs H., Iyer B.R., Li C., Mehrotra S.: Executing sql over encrypted data in the database-service-provider model. In: SIGMOD Conference, pp 216–227 (2002)Google Scholar
  23. 23.
    Hacigümüs H., Mehrotra S., Iyer B.R.: Providing database as a service. In: ICDE, pp 29–38 (2002)Google Scholar
  24. 24.
    IBM: CryptolopeTM (1996). Available at Scholar
  25. 25.
    List, X.D.M.: Simple API for XML (SAX). (1998) Under the coordination of David Megginson. Available at Scholar
  26. 26.
    M., B., C., N.: Authenticated encryption: relations among notions and analysis of the generic composition paradigm. ASIACRYPT 5(3), 290–331 (2000)Google Scholar
  27. 27.
    Malone-Lee, J., Mao, W.: Signcryption using RSA. CT-RSA LNCS (2612), 211–225 (2003)Google Scholar
  28. 28.
    Martel C.U., Nuckolls G., Devanbu P.T., Gertz M., Kwong A. and Stubblebine S.G. (2004). A general model for authenticated data structures.. Algorithmica 39(1): 21–41 zbMATHCrossRefMathSciNetGoogle Scholar
  29. 29.
    Merkle, R.C.: A certified digital signature. Advances in Cryptology-Crypto ’89 (1989)Google Scholar
  30. 30.
    Micali, S., Ohta, K., Reyzin, L.: Accountable-subgroup multisignatures. In: ACM Conference on Computer and Communications Security, pp 245–254. ACM Press, New York (2001)Google Scholar
  31. 31.
    Mykletun, E., Narasimha, M., Tsudik, G.: Authentication and integrity in outsourced databases. In: NDSS (2004)Google Scholar
  32. 32.
    Narasimha, M., Tsudik, G.: Dsac: integrity for outsourced databases with signature aggregation and chaining. In: CIKM, pp 235–236 (2005)Google Scholar
  33. 33.
    Pang, H., Jain, A., Ramamritham, K., Tan, K.L.: Verifying completeness of relational query results in data publishing. In: SIGMOD Conference, pp 407–418 (2005)Google Scholar
  34. 34.
    Pang, H., Tan, K.L.: Authenticating query results in edge computing. In: ICDE, pp 560–571 (2004)Google Scholar
  35. 35.
    Pollmann, C.G.: The XML security page. Available at̃euer-poll-mann/xml_security.htmlGoogle Scholar
  36. 36.
    Rivest R.L., Shamir A. and Adleman L.M. (1978). A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21: 120–126 zbMATHCrossRefMathSciNetGoogle Scholar
  37. 37.
    Rivest, R.L., Shamir, A., Tauman, Y.: How to leak a secret. In: ASIACRYPT 2001, vol. 2248, pp 552–565. Springer, Berlin (2001)Google Scholar
  38. 38.
    Shamir A. (1979). How to share a secret.. Commun. ACM 22: 612–613 zbMATHCrossRefMathSciNetGoogle Scholar
  39. 39.
    Song, D.X., Wagner, D., Perrig, A.: Practical techniques for searches on encrypted data. In: IEEE Symposium on Security and Privacy, pp 44–55 (2000)Google Scholar
  40. 40.
    Stallings, W.: Network Security Essentials: Applications and Standards. Prentice Hall, Englewood Cliff (2000)Google Scholar
  41. 41.
    W3C: Document Object Model (DOM) (1998) Available at Scholar
  42. 42.
    W3C: XML Path Language (XPath). (1999) Available at Scholar
  43. 43.
    W3C: XML-Encryption Syntax and Processing (2000). Available at Scholar
  44. 44.
    W3C: XML-Signature Syntax and Processing (2002). Available at Scholar
  45. 45.
    Zhang, J., Varadharajan, V., Mu, I.: Securing XML document sources and their distribution. In: Proceedings of the 18th international conference on advanced information networking and application (AINA’04) (2004)Google Scholar
  46. 46.
    Zheng, Y.: Digital signcryption or how to achieve cost (signature & encryption)   <  <   cost (signature) + cost (encryption). CRYPTO’97 LNCS (1294), 165–179 (1997)Google Scholar
  47. 47.
    Zheng, Y.: Identification, signature and signcryption using high order residues modulo an rsa composite. Public Key Cryptography (PKC 2001) LNCS (1992), 48–63 (2001)Google Scholar

Copyright information

© Springer-Verlag 2007

Authors and Affiliations

  • Elisa Bertino
    • 1
  • Elena Ferrari
    • 2
  • Federica Paci
    • 3
  • Loredana Parasiliti Provenza
    • 3
    Email author
  1. 1.CERIAS and CS & ECE DepartmentsPurdue UniversityWest LafayetteUSA
  2. 2.Department of Computer Science and CommunicationUniversity of InsubriaVareseItaly
  3. 3.DICO, University of MilanMilanoItaly

Personalised recommendations