Alban Gabillon

Regulating access to XML documents

In this paper, our objective is to define a security model for regulating access to XML documents. Our model offers a security policy with a great expressive power. An XML document is represented by a tree. Nodes of this tree are of different type (element, attribute, text, comment...etc). The smallest protection granularity of our model is the node, that is, authorisation rules granting or denying access to a single node can be defined. The authorisation rules related to a specific XML document are first defined on a separate Authorisation sheet. This Authorisation sheet is then translated into an XSLT sheet. If a user requests access to the XML document then the XSLT processor uses the XSLT sheet to provide the user with a view of the XML document which is compatible with his rights.

Cover story management

Abstract In a multilevel database, cover stories are usually managed using the ambiguous technique of polyinstantiation. In this paper, we define a new technique to manage cover stories and propose a formal representation of a multilevel database containing cover stories. Our model aims to be a generic model, that is, it can be interpreted for any kind of database (e.g., relational, object-oriented, etc.). We then consider the problem of updating a multilevel database containing cover stories managed with our technique.

A general approach to securely querying XML

XML access control requires the enforcement of highly expressive access control policies to support schema-, document and object-specific protection requirements. Access control models for XML data can be classified in two major categories: node filtering and query rewriting systems. The first category includes approaches that use access policies to compute secure user views on XML data sets. User queries are then evaluated on those views. In the second category of approaches, authorization rules are used to transform user queries to be evaluated against the original XML data set. The pros and cons for these approaches have been widely discussed in the framework of XML access control standardization activities. The aim of this paper is to describe a model combining the advantages of these approaches and overcoming their limitations, suitable as the basis of a standard technique for XML access control enforcement. The model specification is given using a Finite State Automata, ensuring generality w.r.t. specific implementation techniques.

A formal access control model for XML databases

In this paper, we first define a logical theory representing an XML database supporting XPath as query language and XUpdate as modification language. We then extend our theory with predicates allowing us to specify the security policy protecting the database. The security policy includes rules addressing the read and write privileges. We propose axioms to derive the database view each user is permitted to see. We also propose axioms to derive the new database content after an update.

Logical foundations of multilevel databases

In this paper, we propose a formal model for multilevel databases. This model aims at being a generic model, that is it can be interpreted for any kind of database (relational, object-oriented...). Our model has three layers. The first layer corresponds to a model for a non-protected database. The second layer corresponds to a model for a multilevel database. In this second layer, we propose a list of theorems that must be respected in order to build a secure multilevel database. We also propose a new solution to manage cover stories without using the ambiguous technique of polyinstantiation. The third layer corresponds to a model for a MultiView database, that is, a database that provides at each security level a consistent view of the multilevel database. Finally, as an illustration, we interpret our 3-layer model in the case of an object-oriented database.

CHRONOS: an authenticated dictionary based on skip lists for timestamping systems

Skip Lists were first used as data structures for their simple implementation and optimal update and search time. Goodrich [7][8] was the first to propose an authenticated dictionary based on skip lists. More recently, Maniatis and Baker [10][11][12] have proposed an authenticated append only dictionary based on perfect skip lists. In this paper, we propose an authenticated append only dictionary which offers better performances than the previous proposals. Moreover this dictionary allows comparing the relative order of elements. Such a dictionary could be used for timestamping purposes.

Securely updating XML

We study the problem of updating XML repository through security views. Users are provided with the view of the repository schema they are entitled to see. They write update requests over their view using the XUpdate language. Each request is processed in two rewriting steps. First, the XPath expression selecting the nodes to update from the view is rewritten to another expression that only selects nodes the user is permitted to see. Second the XUpdate query is refined according to the write privileges held by the user.

An Access Control Model for Tree Data Structures

Trees are very often used to structure data. For instance, file systems are structured into trees and XML documents can be represented by trees. There are literally as many access control schemes as there are tree data structures. Consequently, an access control model which has been defined for a particular kind of tree cannot be easily adapted to another kind of tree. In this paper, we propose an access control model for generic tree data structures. This model can then be applied to any specific typed tree data structure.

A new timestamping scheme based on skip lists

Time stamping is a cryptographic technique providing us with a proof-of-existence of a message/document at a given time. Several times-tamping schemes have already been proposed [1-10]. In this paper, we first define a new timestamping scheme which is based on skip lists [11]. Then, we show that our scheme offers nice properties and optimal performances.

Secure time-stamping schemes: a distributed point of view

Time-stamping is a technique used to prove the existence of a digital document prior to a specific point in time. Today, implemented schemes rely on a centralized server model that has to be trusted. We point out the drawbacks of these schemes, showing that the unique serveur represent a weak point for the system. We propose an alternative scheme which is based on a network of servers managed by administratively independent entities. This scheme appears to be a trusted and reliable distributed time-stamping scheme.RésuméL’horodatage électronique est une technique qui permet de prouver l’existence d’un document avant un instant précis. Actuellement, les schémas implantés adoptent une architecture centralisée basée sur un serveur jouant le rôle de tiers de confiance. Dans de tels schémas, le serveur d’horodatage représente une faiblesse pour le système. Nous proposons un système basé sur un réseau de serveurs gérés par des entités administrativement indépendantes. Nous montrons que ce schéma distribué est robuste et sûr.