The eXtensible Markup Language (XML) is a widely adopted format for documents
containing structured information. Structured information contains
both the content (words, images etc.) and the ‘markup’ which indicates the
role of the content, e.g. ‘section’ or ‘price’.
XML is the foundation for a huge variety of existing and emerging applications,
including user applications like vector imaging formats, web pages,
enterprise application integration, database interfaces or network protocols.
Parallel to the increasing use of XML, the level of security provisions for these
XML based systems rises. The World Wide Web Consortium (W3C) addressed
these issues by creating the “XML Signature Syntax and Processing” and “XML
Encryption Syntax and Processing” recommendations. These standards define
authentication, integrity and confidentiality mechanisms for XML documents.
The XML Signature recommendation defines a method for digitally signing
arbitrary portions (nodes) of an XML document. XML Signature can sign both
tree structures and arbitrary sets of nodes of an XML document.
The XML Encryption recommendation specifies a method for encrypting tree
structures in an XML document. The XML Encryption recommendation is constrained
to protect full tree structures, i.e. there is no mechanism to protect
the confidentiality of a single node in a document without affecting the
descendants of that node.
The access control community transformed access control models originating
in database systems to be available for XML based databases. These access
control systems offer fine-grained access control enforcement on the node
level, similar to the node level integrity protection of XML Signature. For
example, XML Access Control systems can restrict the read access to a particular
node in an XML tree while allowing access to its child nodes.
This thesis is focused on the development of a cryptography based system
which can protect the confidentiality of arbitrary nodes in an XML tree. This
goal is reached by combining a tree addressing scheme of databases with
cryptographic mechanisms. This system is called “XML Pool Encryption”.
To verify the results of this thesis, XML Pool Encryption has been implemented
using the Java programming language.