This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
Chapter 9 Conclusions and future works
This chapter summarizes the outcomes of this research and highlights the contributions in the relevant research topics, which were described in previous chapters. Future works related to XML security are also discussed at the end.
9.1 The summary of contributions
9.1.1 XML data integrity
The major contribution relative to XML data integrity is that analyzes the XML data integrity requirement considering XML data features, and satisfies the requirements with an integrity model for XML data with a higher efficiency. The details is as follows.
- Give a description of XML data integrity requirements related to XML data features under fine-grained XML security. Three aspects considered are content integrity, structure integrity, and context referential integrity.
- Based on presented requirements, an integrity model for XML data has been built based on concatenated hash function.
- Based on a concatenated hash function to generate digest value for XML data, this method has a higher efficiency than the Merkle hash tree-based digest value-generation process.
9.1.2 XML data authentication
In order to alleviate the burden of XKMS for certificate revocation query, the thesis proposes a novel idea to make certificate revocation handling and validation easier by using XML signature technology. Certificate owner's signature is used to provide evidence for revocation information of the certificate. There is no need to query XKMS or CA for revocation information of such certificate, because the certificate already contains the status information. Thus, it improves the efficiency on revocation information checking, and alleviates the burden of XMKS server.
The major contribution related to XML data authentication is that the thesis presents an XML multisignature scheme considering a natural signing process, making signing rules more practicable. The detail is as follows.
- The thesis presents a series-parallel XML multisignature scheme according to a natural signing process. This scheme is compatible with single XML signatures, sequential and broadcast multisignature schemes.
- The thesis presents an XML data integrity-checking pool to provide integrity-checking for decomposed XML data. With XML data integrity-checking pool makes signing rules practicable.
9.1.3 XML data confidentiality
This thesis presents index structure with considering both efficiency of index information update and query processing security.
- A novel approach has been proposed to protect structural information for encrypted XML data. The basic idea is that encrypted nodes is removed from original XML data, and consists of an encrypted XML data pool. Thus, the structural information is protected.
- In order to improve the efficiency of index information updating, especially when XML data changing frequently, the thesis proposes a index structure of number list based interval labeling scheme. Proposed structure index provides spare space for node insert, and makes management of index more efficiency, thus it is easy to update XML data without affecting other nodes.
- Based on presented index information, a scheme for encrypted XML data query processing has been proposed. The proposed scheme not only satisfies the encrypted XML data query, but also has a high efficiency on index information updating.
9.2 Future works
Based on previous research on XML security, future works mainly focus on two aspects. One of them is that improving and extending proposed theories, and another focuses on integrating XML security into native XML database to solve the security issues existing in native XML database system in practice.
9.2.1 Context-related elements selection
The problem of how to select the context-related elements in an XML data has been discussed in chapter 5. As mentioned, with the development of integrity constraints for XML, it is possible to integrate the constraints for XML into context-related elements selection. Integrity constraints for XML are defined to limit the relationship among XML elements. According to existing type of integrity constraints, it has described the XML key constraints, referential constraints, and XML semantic constraints. These constraints is used to protect the integrity when XML data updating or storage. One of the future work is that introduce these constraints into XML data integrity for security requirements.
9.2.2 Integrity management between different XML document
The integrity approach presented in this thesis is based on only one XML document. How to handle the integrity which involve to different XML documents, especially focus on native XML database applications. For example, when XML document in "collections", how to manage the integrity among these XML data is a problem.
9.2.3 Integrate XML security into native XML database system
Native XML database system has been built for several years such as Marklogic, dbXML, Xindice, eXist. However, these systems just provide a mechanism for XML data storage and query, the security problem relative to XML data has not been considered. For example, when an XML data is encrypted, how to execute a query on these data is not taken into account. The future work related to native XML database is as follows.
- Access control model for portions of XML data in native XML database.
- Development a mechanism for encrypted XML data query processing in native XML database
The major advantage of XML is that it provides a fine-grained access. Although native XML database system provided access control mechanism, the access control rules only can be defined on entire XML data. It has not considered the access control for portions of XML data. Based on this fact, the current access control mechanism has not taken XML data feature of fine-grained access into account.
When a user encrypts portions of XML data for security problem, the query processor of native XML database cannot deal with it. Another future work is that deploy the proposed encrypted XML data query processing into native XML database. In other words, research on query processor for encrypted XML data.