| With the application of XML digital signature in Web services, E-commerce, cloud computing and other areas has become widely, we attach more importance to the security issues. XML digital signature can protect authentication, data integrity and non-repudiation of signature message. XML digital signature not only can sign the entire document, but also can sign a certain element of the document, realize the fine-grained signature. However, the original senmatic of signature element related to its context element in the fine-grained signature.XML digital signature specification can only protect the content of signature element, failing to protect the data integrity of signature.This led to new security issues, that’s XML rewriting attacks problem. For the attacks problem of modifying signature information, at present, there are several detection schemes. However, for the attacks problem of modifying semantically related elements of XML signature element, at present, there is no effective scheme.For the lack of protection of context-sensitive information of XML signature element, this paper proposes context-referential integrity of signature element, defining the semantic relevance among the elements, and the relevance of context is protected. Realizing the protection of relevance between signature elements and semantic related elements, by protecting the integrity of semantically related elements of signature element. The semantically related elements of signature element is defined as context-referential integrity in this paper. Therefore, this paper builds a rule to get the context-sensitive elements of signature element, to get the elements which are regarded as semantic related in the common sense of people. The rule can decide the semantic relevance between signature element and any other element in the same document. Based on the rule and take the character of XML into consideration, a acquisition algorithm of context-sensitive elements is constructed. In order to test whether the context-sensitive element changes, verification scheme of context-referential integrity is constructed in this paper, and combine context-referential integrity and the fine-grained XML digital signature, strengthen the security of XML digital signature.The study results showed that, through the rule and algorithm, the context-sensitive elements of signature element can be screened out automatically, thereby protecting the integrity of the context-sensitive elements, realizing context-referential integrity of signature element.Since the fine-grained XML digital signature is combined with verification scheme of context-referential integrity, thus, realizing the relevance between signature element and context-sensitive element, protecting the relevance relationship between them. And strengthening the protection of original semantics of signature element, increasing the security of XML digital signature. |
PDF Full Text Request