Modeling Integrity in Data Exchange

  • Gerome Miklau
  • Dan Suciu
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3178)

Abstract

We provide a formal model of security guarantees offered by digital signature schemes when they are applied to structured data. This model is an important step towards managing the integrity of data that is shared, integrated, transformed, and exchanged on the World Wide Web. We express signature semantics using well-known database constraints, which can help authors decide what to sign, help recipients evaluate the integrity of signed data, and clarify the capabilities of different signature technologies.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Abiteboul, S., Hull, R., Vianu, V.: Foundations of Databases. Addison-Wesley, Reading (1995)MATHGoogle Scholar
  2. 2.
    Baxevanis, A.D.: Molecular biology database collection. Nucleic Acids Research (2003), available at http://www3.oup.co.uk/nar/database/
  3. 3.
    Bertino, E., Mella, G., Correndo, G., Ferrari, E.: An infrastructure for managing secure update operations on xml data. In: Symposium on Access control models and technologies, pp. 110–122. ACM Press, New York (2003)Google Scholar
  4. 4.
    Bull, L., Stanski, P., Squire, D.M.: Content extraction signatures using xml digital signatures and custom transforms on-demand. In: Conference on World Wide Web, pp. 170–177. ACM Press, New York (2003)Google Scholar
  5. 5.
    Burrows, M., Abadi, M., Needham, R.: A logic of authentication. ACM Trans. Comput. Syst. 8(1), 18–36 (1990)CrossRefGoogle Scholar
  6. 6.
    Devanbu, P., Gertz, M., Kwong, A., Martel, C., Nuckolls, G., Stubblebine, S.G.: Flexible authentication of xml documents. In: Proceedings of the 8th ACM conference on Computer and Communications Security, pp. 136–145. ACM Press, New York (2001)CrossRefGoogle Scholar
  7. 7.
    Devanbu, P.T., Gertz, M., Martel, C., Stubblebine, S.G.: Authentic third-party data publication. In: IFIP Workshop on Database Security, pp. 101–112 (2000)Google Scholar
  8. 8.
    Halevy, A.: Answering queries using views: A survey. VLDB Journal 10(4), 270–294 (2001)MATHCrossRefGoogle Scholar
  9. 9.
    Johnson, R., Molnar, D., Song, D.X., Wagner, D.: Homomorphic signature schemes. In: RSA Conference on Topics in Cryptology, pp. 244–262. Springer, Heidelberg (2002)Google Scholar
  10. 10.
    Merkle, R.C.: Protocols for public key cryptosystems. In: IEEE Symposium on Security and Privacy, pp. 122–134 (1980)Google Scholar
  11. 11.
    Merkle, R.C.: A certified digital signature. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 218–238. Springer, Heidelberg (1990)Google Scholar
  12. 12.
    Micali, S., Rivest, R.L.: Transitive signature schemes. In: RSA Conference on Topics in Cryptology, pp. 236–243. Springer, Heidelberg (2002)Google Scholar
  13. 13.
    Ostrovsky, R., Rackoff, C., Smith, A.: Efficient consistency proofs on a committed database (2003)Google Scholar
  14. 14.
    Buneman, P., Khanna, S., Tan, W.-C.: Data Provenance: Some Basic Issues. In: Foundations of Software Technology and Theoretical Computer Science 2000 (2000)Google Scholar
  15. 15.
    Popa, L., Tannen, V.: An equational chase for path-conjunctive queries, constraints, and views. In: Beeri, C., Bruneman, P. (eds.) ICDT 1999. LNCS, vol. 1540, pp. 39–57. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  16. 16.
    A question of balance: Private rights and the public interest in scientific and technical databases. National Academy Press, National Research Council (1999)Google Scholar
  17. 17.
    Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1978)MATHCrossRefMathSciNetGoogle Scholar
  18. 18.
    Rivest, R.: Two new signature schemes. Presented at Cambridge seminar (March 2001), See http://www.cl.cam.ac.uk/Research/Security/seminars/2000/rivest-tss.pdf
  19. 19.
    RSA Data Security, Inc. PKCS #1 v2.1: RSA Public Key Cryptography Standard (June 2002) Google Scholar
  20. 20.
    Secure hash standard. Federal Information Processing Standards Publication (FIPS PUB), 180(1) (April 1995)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Gerome Miklau
    • 1
  • Dan Suciu
    • 1
  1. 1.Department of Computer Science and EngineeringUniversity of WashingtonSeattleUSA

Personalised recommendations