The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)

Security Mechanisms for Content Distribution Networks


Download PDF Document


Yunhua Koglin

Tech report number

CERIAS TR 2007-02

Entry type



Koglin, Yunhua Ph.D., Purdue University, December, 2006. Security Mechanisms for Content Distribution Networks. Major Professor: Elisa Bertino. Securing data is becoming a crucial need for most internet-based applications. In this research, we investigate security mechanisms for content distribution networks. We address the problem of how to ensure that data, when moving among di erent parties, are modi ed only according to the stated policies. We cast our solution in supporting parallel and distributed secure updates to XML documents. The approach, based on the use of a security region-object parallel ow (S-RPF) graph protocol, allows di erent users to simultaneously update di erent portions of the same document, according to the speci ed access control policies. It ensures data con dentiality and integrity. Additionally, it supports a decentralized management of update operations in that a subject can exercise its privileges and verify the correctness of the operations performed so far on the document without interacting, in most of the cases, with the document server. We then extend our document update application into Byzantine and failure prone systems by removing the trusted party which is responsible for recovery of the document. We have developed an approach which uses a group of delegates for recovering documents. Many optimizations have been provided. We improve previous solutions by proposing a scalable distributed protocol which uses cryptographic techniques to provide dynamic group communications, participating anonymity and completeness, and privacy on access privileges. Other security problems such as con dentiality and availability are also investigated in the application of content-based publish/subscribe (pub/sub) systems. We propose a hierarchical event forwarding scheme which increases system availability by x tolerating some broker failures. Our approach can e ciently determine the subscription groups to which an event must be delivered by exploiting locality. Moreover, we propose an e cient encryption scheme, under which a broker encrypts an event only once. The encryption key can be e ciently derive



Key alpha



Purdue University

Publication Date



LIST OF TABLES LIST OF FIGURES ABSTRACT 1 Introduction 1.1 Objectives of this work 2 An update protocol for XML documents in distributed and cooperative systems 2.1 Preliminaries 2.1.1 Flow and access control policies 2.1.2 Atomic elements and document regions 2.3 S-RPF protocols 2.3.1 Assumptions 2.3.2 Server protocol 2.3.3 S-RPF construction 2.3.4 Control information 2.3.5 Subject protocol 2.3.6 Recovery protocol 2.4 Analysis and discussions 2.4.1 Correctness analysis 2.4.2 Complexity analysis 2.5 Conclusion and future work 3 XML document updates in Byzantine and failure-prone distributed systems 3.1 Motivating example 3.2 Related work 3.3 Speci cation languages 3.4 Control information 3.4.1 Preliminary de nitions 3.4.2 Document control information 3.5 General system overview 3.5.1 Assumptions 3.5.2 Protocol parameters setting 3.6 Distributed and cooperative update process protocols 3.6.1 Terminology and structures 3.6.2 DO protocol 3.6.3 Subject protocol 3.6.4 Delegate protocol 3.7 Recovery 3.8 Performance evaluation 3.8.1 Experimental setup 3.8.2 Results 3.9 Conclusion and future work 4 A cryptographic approach to access control for privacy preserving collaborations 4.1 Introduction 4.2 Model 4.2.1 Threats 4.3 Preliminary 4.4 Secure collaborative document processing 4.4.1 Updating process protocol 4.4.2 Recovery protocol 4.5 Security analysis 4.5.1 Con dentiality 4.5.2 Integrity 4.5.3 Privacy 4.5.4 Participant completeness 5 Timely dissemination of con dential events in content-based publish/subscribe systems 5.1 Introduction 5.2 Model 5.3 Hierarchial event routing scheme 5.3.1 Hierarchy event routing 5.3.2 Discussion 5.4 Con dentiality-preserving event delivery 5.4.1 Discussion 5.4.2 Dynamics and rekeying 5.5 Simulation results 5.5.1 Space Requirements 5.5.2 Time Delay 5.5.3 Broker Involvement 5.6 Related work 5.7 Conclusions and future work LIST OF REFERENCES VITA


A hard-copy of this is in the Papers Cabinet

BibTex-formatted data

To refer to this entry, you may select and copy the text below and paste it into your BibTex document. Note that the text may not contain all macros that BibTex supports.