Project BriefOpen Competition 1 - Information TechnologyXML Encryption in Native XML DatabaseDevelop a prototype for a new data security model for the Internet, including the management of encryption keys and of user access to the data, that operates at the level of individual data elements within a database, which may be permanently encrypted in transit and in storage in the database. Sponsor: Conclusive Technology Inc1593 Spring Hill Rd.Suite 605 Vienna, VA 22181
Conclusive Technology will develop a "content" (as opposed to the current "document-centric") data security model for XML encryption within an XML database that allows for efficient element- and attribute-level operations, such as XQuery, while remaining consistent with the XML encryption standard when XML is transmitted to or from the database. The model will provide a new means to handle many-to-many and one-to-many mapping between users and data encryption keys while keeping the keys secure and allowing encrypted data records to be maintained under a single key. This project will integrate an XML database model and a new XML security model in such areas as query operations and transformations between storage and transit formats. It will define cryptographic operations on XML data at the point of use and develop key translation and mapping capabilities to enforce application-specific data access policies. The project's major technical risk lies in defining a model that will work efficiently across large XML databases from multiple vendors. The challenge is to devise a means of defining the cryptography on XML in a content model that is efficient enough to operate on significant volumes of data requests without unduly increasing the size of the database. Other barriers to success include abstracting the data security XML layer from the underlying XML database so that it will be independent; managing data encryption keys so that data need only be encrypted under one key while still enforcing a data access model that restricts data elements to users with specific privileges; and supporting a heterogeneous user base with different types of token, certificates issued from different trust domains, and devices with different cryptographic capabilities. If successful, the project will enable a broad range of new products and capabilities using the Internet for sensitive transactions and the exchange of information, including securing critical privacy when transferring health care or personal financial data, protecting public utility infrastructures from sabotage by introducing false data into their control systems, and facilitating the exchange of classified information among security agencies concerned with preventing terrorism. The broader diffusion of the technology will be through marketing agreements with vendors of XML data repositories. ATP funding would significantly accelerate the development of this technology.
|
|
ATP website comments: webmaster-atp@nist.gov
Privacy Statement / Security Notice • NIST Disclaimer • NIST Information Quality Standards NIST is an agency of the U.S. Commerce Department |