XML文件安全塑模之設計與實作
No Thumbnail Available
Date
2006
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
中文摘要
本篇論文提出XML文件安全模式的解決方案。首先我們研究單一XML文件加密與數位簽章的方式,研究成果包括發展一個加密的安全操作模式、文件安全語言-Document Security Language (DSL)、協助撰寫DSL文件的編輯器、利用XSLT配合DSL來實作加密XML文件加密程式及提供程式寫作的DSL API。我們提出的安全操作模式定義了如何對XML文件中任意資料之加密與數位簽章的程序,它提供了比現有的XML加密安全機制更為完整的解決方案,包括元素加密、元素內容加密與元素屬性加密,更加入了時間順序的數位簽章簽章模式。以這個具完整性模式為基礎,我們定義了一個新的語言,稱之為文件安全語言(DSL)來支援這個操作模式。我們已實作二種方法:第一種利用Java語言來撰寫,第二種利用XSLT的延伸自定函數功能來完成加密與解密的功能。我們也設計了一個圖形界面的DSL編輯工具來協助使用者容易地撰寫DSL文件。同時也我們設計了一個DSL API供程設計人員能夠以最少的成本且快速地將DSL的安全機制應用到現有的XML應用系統中。我們也進一步探討如果將XML文件儲存於資料庫中之擷取相關問題。我們研究XML Query雖然被廣泛應用在XML的查詢上,但在其語言描述中並無提供安全的機制。因此我們結合XQuery與DSL,提出一個sXQuery的新語言,讓XQuery查詢語言也擁有資訊加密功能。另外,XML文件經常會被加密後再儲存於檔案系統或資料庫,查詢已加密的XML文件時需要經過解密才能夠獲取資料;為了減少不必要的解密程式,我們也設計了一個自動轉換模式可以有效率地將經過加密後的XML文件從資料庫中擷取出來。
Abstract In this dissertation we aim at the deisgn and implementation of the security model for XML documents. First, we propose an operational model which defines the process of encrypting data and embedding digital signatures which sign the data in an original XML docuemnt. It provides element-wise encryption that is more general than previous forms of XML security, by including element, content of element, and two types of attribute encryption. Moreover, the model of temporal-based element-wise digital signature is novel. Based on the generalized operational model, we define a new language – called document security language (DSL) – to support it. Two different implementations further demonstrate its practicability. In addition, we have developed a DSL editor and the DSL API to support the proposed operational model. The research following the XML security, we explore a little further into the XML query related issues. Although the W3C proposed the XQuery language, which is designed to be broadly applicable across all types of XML data sources, this language does not provide a security mechanism in its query expressions. We have designed a new XML query language, called the secure XML Query (sXQuery) language that is derived from XQuery and reinforced with a security mechanism; sXQuery combines the specification ability of both the XQuery language and the document security language which is designed to specify the scope and encryption details of XML. Furthermore, we address how to optimally query encrypted XML documents using XQuery, with the key point being how to eliminate redundant decryption so as to accelerate the querying. We have proposed a processing model that can automatically and appropriately translate the XQuery statements for encrypted XML documents.
Abstract In this dissertation we aim at the deisgn and implementation of the security model for XML documents. First, we propose an operational model which defines the process of encrypting data and embedding digital signatures which sign the data in an original XML docuemnt. It provides element-wise encryption that is more general than previous forms of XML security, by including element, content of element, and two types of attribute encryption. Moreover, the model of temporal-based element-wise digital signature is novel. Based on the generalized operational model, we define a new language – called document security language (DSL) – to support it. Two different implementations further demonstrate its practicability. In addition, we have developed a DSL editor and the DSL API to support the proposed operational model. The research following the XML security, we explore a little further into the XML query related issues. Although the W3C proposed the XQuery language, which is designed to be broadly applicable across all types of XML data sources, this language does not provide a security mechanism in its query expressions. We have designed a new XML query language, called the secure XML Query (sXQuery) language that is derived from XQuery and reinforced with a security mechanism; sXQuery combines the specification ability of both the XQuery language and the document security language which is designed to specify the scope and encryption details of XML. Furthermore, we address how to optimally query encrypted XML documents using XQuery, with the key point being how to eliminate redundant decryption so as to accelerate the querying. We have proposed a processing model that can automatically and appropriately translate the XQuery statements for encrypted XML documents.
Description
Keywords
可擴展標示語言, 安全, 元素加密, 數位簽章, 可擴展標示語言轉換, 文件安全語言, XML, Security, Element-wise Encryption, Digital Signature, XSLT, DSL