分布式XML数据并行更新及发布方法的研究
|
摘要
随着基于Internet的分布式系统的发展,XML数据已成为这些系统进行数据描述和数据交换的事实上的标准。由于高数据处理性能和可扩展性是分布式XML数据更新与发布方法的基本要求,且具有广泛的实用性,在Internet上的分布式XML数据的并行更新与基于第三方的发布也越来越引起了人们的关注,并发展成为了XML数据研究领域的一个重要课题。
分布式系统中XML数据的并行修改主要考虑数据修改效能,数据机密性和完整性。目前,对数据机密性的研究已非常广泛,而对数据修改效能和数据完整性的研究却不够深入。本文在已有的相关研究的基础上,提出了一种支持在分布式系统中并行地修改XML数据的策略模型,以优化处理算法提高数据修改效能,以对称加密传输保证数据机密性,以数字签名技术保证数据完整性。利用本算法,不同的系统客户端可以同时修改同一个XML数据的不同部分或相同部分。同时,本策略模型支持修改操作的分散式管理,即客户端在不与服务器进行交互的情况下进行正确的数据修改。另外,本策略模型也支持动态客户端和动态权限控制信息,即适用于在更新过程中参与更新的客户端和更新权限都发生变化的情况。
基于第三方的XML数据发布方式将数据处理过程的参与者划分为数据管理服务器、数据发布服务器和数据访问客户端,其中数据管理服务器是XML数据的产生者和管理者;数据发布服务器实现XML数据的发布,负责响应客户端提出的各种查询,是非信任的数据参与者;数据客户端是根据访问控制策略对数据进行查询与访问,是数据的消费者。正是由于发布服务器的非信任属性,基于第三方的XML数据发布方法面临的主要问题就是管理服务器如何保证XML数据的安全发布与访问客户端的方便获取。本文在现有的对XML数据的发布方法研究的基础上,结合数字签名技术,提出了一种安全高效的分布式XML数据的发布架构,保证了XML数据发布过程中的真实性和完整性。
With the rapid developments of internet-based distributed systems, XML is becoming a facto standard of these systems for data representation and exchange over Internet. Because of the scalability properties and the ability of efficiently managing large number of clients and great amount of data, Parallel modification and publishing based third-party for XML data in distributed systems are receiving growing attention, and has become a hot research topic in XML field.
Efficiency, confidentiality and integrity are the main properties in parallel modification for XML data in a distributed system. Nowadays, investigation of efficiency and integrity is not as much as that of confidentiality. A strategy is proposed to support parallel modification to XML data in distributed environments. An optimized algorithm, symmetric keys an digital signatures are used to ensure the efficiency, confidentiality and integrity respectively. Different users are able to simultaneously modify different portions or the same portions of the same XML data, and decentralized management of update operations is supported in which a user can perform his privileges and verify the correctness with the digital signature technology and without interaction with the data server. Dynamic users and dynamic policies are supported which means a user may join in or drop out of during the modify process and the privilege of a user over some portions of a XML data may be changed.
There is a distinction among the data manager, the data publisher and the client in the third-party architecture. The data manager is the producer and manager of the XML information, the data publishers are responsible for control the XML information and for answering client queries, the clients are the data consumer and update the XML data sometimes. Because it is difficult to verify the data publishers to be trusted, the relevant issue in the third-party architecture is how the data manager can ensure a secure publishing of its XML data. Based on the available publishing methods of XML data and use of digital signature, we propose a XML data publishing architecture with high efficiency and security which clients can easily verify the authentication and completeness of query results.
分布式系统中XML数据的并行修改主要考虑数据修改效能,数据机密性和完整性。目前,对数据机密性的研究已非常广泛,而对数据修改效能和数据完整性的研究却不够深入。本文在已有的相关研究的基础上,提出了一种支持在分布式系统中并行地修改XML数据的策略模型,以优化处理算法提高数据修改效能,以对称加密传输保证数据机密性,以数字签名技术保证数据完整性。利用本算法,不同的系统客户端可以同时修改同一个XML数据的不同部分或相同部分。同时,本策略模型支持修改操作的分散式管理,即客户端在不与服务器进行交互的情况下进行正确的数据修改。另外,本策略模型也支持动态客户端和动态权限控制信息,即适用于在更新过程中参与更新的客户端和更新权限都发生变化的情况。
基于第三方的XML数据发布方式将数据处理过程的参与者划分为数据管理服务器、数据发布服务器和数据访问客户端,其中数据管理服务器是XML数据的产生者和管理者;数据发布服务器实现XML数据的发布,负责响应客户端提出的各种查询,是非信任的数据参与者;数据客户端是根据访问控制策略对数据进行查询与访问,是数据的消费者。正是由于发布服务器的非信任属性,基于第三方的XML数据发布方法面临的主要问题就是管理服务器如何保证XML数据的安全发布与访问客户端的方便获取。本文在现有的对XML数据的发布方法研究的基础上,结合数字签名技术,提出了一种安全高效的分布式XML数据的发布架构,保证了XML数据发布过程中的真实性和完整性。
With the rapid developments of internet-based distributed systems, XML is becoming a facto standard of these systems for data representation and exchange over Internet. Because of the scalability properties and the ability of efficiently managing large number of clients and great amount of data, Parallel modification and publishing based third-party for XML data in distributed systems are receiving growing attention, and has become a hot research topic in XML field.
Efficiency, confidentiality and integrity are the main properties in parallel modification for XML data in a distributed system. Nowadays, investigation of efficiency and integrity is not as much as that of confidentiality. A strategy is proposed to support parallel modification to XML data in distributed environments. An optimized algorithm, symmetric keys an digital signatures are used to ensure the efficiency, confidentiality and integrity respectively. Different users are able to simultaneously modify different portions or the same portions of the same XML data, and decentralized management of update operations is supported in which a user can perform his privileges and verify the correctness with the digital signature technology and without interaction with the data server. Dynamic users and dynamic policies are supported which means a user may join in or drop out of during the modify process and the privilege of a user over some portions of a XML data may be changed.
There is a distinction among the data manager, the data publisher and the client in the third-party architecture. The data manager is the producer and manager of the XML information, the data publishers are responsible for control the XML information and for answering client queries, the clients are the data consumer and update the XML data sometimes. Because it is difficult to verify the data publishers to be trusted, the relevant issue in the third-party architecture is how the data manager can ensure a secure publishing of its XML data. Based on the available publishing methods of XML data and use of digital signature, we propose a XML data publishing architecture with high efficiency and security which clients can easily verify the authentication and completeness of query results.
引文
[1] 孟小峰, 王宇, 王小锋. XML 查询优化研究. 软件学报 2006.4
[2] Eastlake D. Reagle J. XML Encryption Syntax and Processing. W3C Recommendation [EB/OL]. http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/.
[3] Donald E. Joseph M. XML-Signature Syntax and Processing. W3C Recommendation [EB/OL]. http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/.
[4] 耿建勇. 基于 XML 加密规范的安全数据交换的实现. 计算机应用与软件 2005.2
[5] 胡邦昀, 夏薇. XML 网络服务安全的研究 计算机时代 2002.10
[6] 李国徽, 王洪亚, 刘云生. 移动实时数据库系统中的更新分发. 软件学报 2005.3
[7] Y.Koglin, G.Mella, E.Bertino. An Update Protocol For Xml Documents In Distributed And Cooperative Systems. 25th IEEE International Conference on Distributed Computing Systems (ICDCS'05). 2005-6, pp314-323.
[8] E.Bertino, B.Carminati, E.Ferrari. Selective and Authentic Third-Party Distribution of XML Documents. IEEE Transactions on Knowledge and Data Engineering (TKDE), 2004-10, pp1263-1278.
[9] E.Bertino, B.Carminati, E.Ferrari, Secure Third Party Distribution of XML Data. Proceedings of the 21st International Conference on Data Engineering. 2005-4, pp547-548.
[10] 林学练,刘旭东,怀进鹏. XML 数据安全系统的研究与实现 北京航空航天大学学报. 2003.4.
[11] 周永彬,贺也平,刘娟译. XML 安全基础[M]. 北京:清华大学出版社. 2003-01, pp162-265.
[12] 陈赫贝,阮飞. XML 数字签名及其应用研究. 微机发展. 2005-02.
[13] 何永忠,王晓京. 用 XML 实现电子公文的签名和加密[J ] .计算机应用.2002.8, pp85-89.
[14] Phillip Hallam-Baker, Verisign Shivaram, H. Mysore. XML Key Management Specification (XKMS 2.0) [EB/OL]. http://www.w3.org/TR/2005/REC-xkms2-20050628/
[15] Visa International Service Association. 3-D secure protocol specification core functions [EB/OL ]. http//international.visa.com/fb/paytech/secure/main.jsp,2004-01.
[16] V. Cridlig, R. State, O. Festor. An Integrated Security Framework for XML based Management, Integrated Network Management IEEE, 2005-5, pp587-600.
[17] 吴小强, 刘晶. 基于可信第三方的安全支付认证模型及其应用 计算机集成制造系统 2005.5.
[18] 徐晶. XML 数据安全的研究. 微机发展 2005.3.
[19] 李丁山. 企业网络 XML 数据的安全交换. 计算机工程. 2005-03.
[20] 高扬, 张家钰, 吴敏. 利用 RBAC 实现对 XML 文档的安全访问控制. 微机发展 2005.5.
[21] R.Merkle. A Certified Digital Signature. Proc. Conf. Advances in Cryptology (Crypto ’89), 1989.
[22] 杨小龙 基于网闸技术实现 xml 数据交换 计算机网络 2005.1
[23] M. Naor and K. Nissim, Certificate Revocation and Certificate Update, IEEE Journal On Selected Areas In Communications, 2000-4, pp561-570.
[24] P.Devanbu, M.Gertz, C.Martel, S.Stubblebine. Authentic Third-Party Data Publication, Proc. 14th Ann. IFIP WG 11.3 Working Conf.Database Security, 2000-8.
[25] E.Bertino, S.Castano, E. Ferrari. Authorx: A Comprehensive System for Securing XML Documents, IEEE Internet Computing, 2001-6, pp21-31.
[26] Jan Mendling, Mark Strembeck, Gerald Stermsek, and Gustaf Neumann. An Approach to Extract RBAC Models from BPEL4WS Processes, Proceedings of the 13th IEEE International Workshops on Enabling Technologies. 2004.9 pp81-86.
[27] S. Ernest Chang. The Design of a Secure and Pervasive Multimodal Web System, Proceedings of the 19th International Conference on Advanced Information Networking and Applications 2005.3 pp683-688.
[28] David Cunningham, Jonathan Anderson, Brad Medairy. Network-Centric Architecture to Enable Secure Communications and Discovery, IEEE Aerospace Conference Proceedings, 2004.3, pp1686-1692.
[29] Troy J. Ames. XML in an Adaptive Framework for Instrument Control, IEEE Aerospace Conference Proceedings, 2004.3, pp1349-1354.
[30] Varadharajan, V., Calvelli, C. An access control model and its use in representing mental health application access policy, Knowledge and Data Engineering, IEEE, 1996.2 pp81-95.
[31] Junqi Zhang, Vijay Haradharajan, Yi Mu. Secure XML Document Sources and Their Distribution. Proceedings of the 18th International Conference on Advanced Information Networking and Application, 2004.
[32] 王俊红, 郭荷清. J2EE 平台上基于 XML 的数据交换系统的设计与实现. 计算机应用与软件. 2005.03
[33] 唐韶华. XML 的授权与访问控制方法. 小型微型计算机系统. 2005.03.
[34] 李尊朝, 徐颖强, 饶元, 曹博. 基于XML的异构数据库间信息安全交换. 计算机工程与应用. 2005.13. pp163-165
[35] Benny B. Nasution, Elizabeth A. Kendall, Asad I. Khan. Algorithm Exchange of a Security Control System for Web Services Applications. Proceedings of the 38th Hawaii International Conference on System Sciences. 2005
[2] Eastlake D. Reagle J. XML Encryption Syntax and Processing. W3C Recommendation [EB/OL]. http://www.w3.org/TR/2002/REC-xmlenc-core-20021210/.
[3] Donald E. Joseph M. XML-Signature Syntax and Processing. W3C Recommendation [EB/OL]. http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/.
[4] 耿建勇. 基于 XML 加密规范的安全数据交换的实现. 计算机应用与软件 2005.2
[5] 胡邦昀, 夏薇. XML 网络服务安全的研究 计算机时代 2002.10
[6] 李国徽, 王洪亚, 刘云生. 移动实时数据库系统中的更新分发. 软件学报 2005.3
[7] Y.Koglin, G.Mella, E.Bertino. An Update Protocol For Xml Documents In Distributed And Cooperative Systems. 25th IEEE International Conference on Distributed Computing Systems (ICDCS'05). 2005-6, pp314-323.
[8] E.Bertino, B.Carminati, E.Ferrari. Selective and Authentic Third-Party Distribution of XML Documents. IEEE Transactions on Knowledge and Data Engineering (TKDE), 2004-10, pp1263-1278.
[9] E.Bertino, B.Carminati, E.Ferrari, Secure Third Party Distribution of XML Data. Proceedings of the 21st International Conference on Data Engineering. 2005-4, pp547-548.
[10] 林学练,刘旭东,怀进鹏. XML 数据安全系统的研究与实现 北京航空航天大学学报. 2003.4.
[11] 周永彬,贺也平,刘娟译. XML 安全基础[M]. 北京:清华大学出版社. 2003-01, pp162-265.
[12] 陈赫贝,阮飞. XML 数字签名及其应用研究. 微机发展. 2005-02.
[13] 何永忠,王晓京. 用 XML 实现电子公文的签名和加密[J ] .计算机应用.2002.8, pp85-89.
[14] Phillip Hallam-Baker, Verisign Shivaram, H. Mysore. XML Key Management Specification (XKMS 2.0) [EB/OL]. http://www.w3.org/TR/2005/REC-xkms2-20050628/
[15] Visa International Service Association. 3-D secure protocol specification core functions [EB/OL ]. http//international.visa.com/fb/paytech/secure/main.jsp,2004-01.
[16] V. Cridlig, R. State, O. Festor. An Integrated Security Framework for XML based Management, Integrated Network Management IEEE, 2005-5, pp587-600.
[17] 吴小强, 刘晶. 基于可信第三方的安全支付认证模型及其应用 计算机集成制造系统 2005.5.
[18] 徐晶. XML 数据安全的研究. 微机发展 2005.3.
[19] 李丁山. 企业网络 XML 数据的安全交换. 计算机工程. 2005-03.
[20] 高扬, 张家钰, 吴敏. 利用 RBAC 实现对 XML 文档的安全访问控制. 微机发展 2005.5.
[21] R.Merkle. A Certified Digital Signature. Proc. Conf. Advances in Cryptology (Crypto ’89), 1989.
[22] 杨小龙 基于网闸技术实现 xml 数据交换 计算机网络 2005.1
[23] M. Naor and K. Nissim, Certificate Revocation and Certificate Update, IEEE Journal On Selected Areas In Communications, 2000-4, pp561-570.
[24] P.Devanbu, M.Gertz, C.Martel, S.Stubblebine. Authentic Third-Party Data Publication, Proc. 14th Ann. IFIP WG 11.3 Working Conf.Database Security, 2000-8.
[25] E.Bertino, S.Castano, E. Ferrari. Authorx: A Comprehensive System for Securing XML Documents, IEEE Internet Computing, 2001-6, pp21-31.
[26] Jan Mendling, Mark Strembeck, Gerald Stermsek, and Gustaf Neumann. An Approach to Extract RBAC Models from BPEL4WS Processes, Proceedings of the 13th IEEE International Workshops on Enabling Technologies. 2004.9 pp81-86.
[27] S. Ernest Chang. The Design of a Secure and Pervasive Multimodal Web System, Proceedings of the 19th International Conference on Advanced Information Networking and Applications 2005.3 pp683-688.
[28] David Cunningham, Jonathan Anderson, Brad Medairy. Network-Centric Architecture to Enable Secure Communications and Discovery, IEEE Aerospace Conference Proceedings, 2004.3, pp1686-1692.
[29] Troy J. Ames. XML in an Adaptive Framework for Instrument Control, IEEE Aerospace Conference Proceedings, 2004.3, pp1349-1354.
[30] Varadharajan, V., Calvelli, C. An access control model and its use in representing mental health application access policy, Knowledge and Data Engineering, IEEE, 1996.2 pp81-95.
[31] Junqi Zhang, Vijay Haradharajan, Yi Mu. Secure XML Document Sources and Their Distribution. Proceedings of the 18th International Conference on Advanced Information Networking and Application, 2004.
[32] 王俊红, 郭荷清. J2EE 平台上基于 XML 的数据交换系统的设计与实现. 计算机应用与软件. 2005.03
[33] 唐韶华. XML 的授权与访问控制方法. 小型微型计算机系统. 2005.03.
[34] 李尊朝, 徐颖强, 饶元, 曹博. 基于XML的异构数据库间信息安全交换. 计算机工程与应用. 2005.13. pp163-165
[35] Benny B. Nasution, Elizabeth A. Kendall, Asad I. Khan. Algorithm Exchange of a Security Control System for Web Services Applications. Proceedings of the 38th Hawaii International Conference on System Sciences. 2005