Assuring Security Properties in Third-party Architectures

Barbara Carminati (Università degli Studi di Milano)

Web-based Third-party architectures for data publishing are today receiving growing attention, due to their scalability and the ability of efficiently managing large numbers of users and great amounts of data. A third-party architecture relies on a distinction between the Owner and the Publisher of information. The Owner is the producer of information, whereas Publisher provides data management services and query processing functions for (a portion of) the Owner's information. In such an architecture, there are important security concerns in that the Publishers may be untrusted. In this talk we explain some proposals providing partial solutions to this problem, and a XML-based comprehensive framework to support all the most important security properties in the presence of an untrusted Publisher.