A Study on the XML Security of MIS

A Study on the XML Security of MIS

碩士 === 朝陽科技大學 === 資訊管理系碩士班 === 90 === XML has become a standard format for data interchanges over the Internet -- especially in the electronic commerce. Due to its extensibility, XML was widely adopted in various applications.Although it is extremely important to protect XML documents from being ill...

Full description

Bibliographic Details
Main Authors: Rai-Fu Chen, 陳瑞甫
Other Authors: Eric Jui-Lin Lu
Format: Others
Language:en_US
Published: 2002
Online Access:http://ndltd.ncl.edu.tw/handle/32772070050264821417
Description
Summary:碩士 === 朝陽科技大學 === 資訊管理系碩士班 === 90 === XML has become a standard format for data interchanges over the Internet -- especially in the electronic commerce. Due to its extensibility, XML was widely adopted in various applications.Although it is extremely important to protect XML documents from being illegally modified or accessed, the development of XML security is still in its infancy stage. There are three major research topics in this area: XML encryption, XML signature, and XML access control. In this thesis, we focus on the issues related XML signature and XML access control. In the past, conventional multisignature schemes allow participant signers sign on a whole document and thus make the generations of multisignatures become inefficient. To overcome the problem, Wu et al. proposed a delegated multisignature scheme so that participant signers sign only on the subdocuments that they are responsible. However, due to the rich structure of XML, all multisignature schemes proposed so far are not appropriate for XML documents. By utilizing the logical structure of XML and Wu's scheme, we proposed an XML multisignature scheme. In our scheme, it inherits the merits of Wu's scheme, further improves the efficiency in multisignature generation by signing the rules rather than the subdocuments, provides fine-grained control at the element level, and also is compatible with the XML Signature standard. Due to the rapid proliferation of the Interent and the "friendliness" of the web interface, web-based information systems (WISs) have been widely deployed by enterprises to accomplish business tasks. Unfortunately, the current development of security models for WISs is still in its infancy stage. In this thesis, we proposed an access control model for WISs. Also, a prototype had been designed and implemented. The proposed model is flexible and secured and also provides fine-grained control up to element level. The maintenance cost of the proposed model is low. And the proposed model can prevent any unauthorized task.

Similar Items