Abstract
XML access control policies involving updates may contain security flaws, here called inconsistencies, in which a forbidden operation may be simulated by performing a sequence of allowed operations. This paper investigates the problem of deciding whether a policy is consistent, and if not, how its inconsistencies can be repaired. We consider policies expressed in terms of annotated DTDs defining which operations are allowed or denied for the XML trees that are instances of the DTD. We show that consistency is decidable in ptime for such policies and that consistent partial policies can be extended to unique “least-privilege” consistent total policies. We also consider repair problems based on deleting privileges to restore consistency, show that finding minimal repairs is np-complete, and give heuristics for finding repairs.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Arenas, M., Bertossi, L., Chomicki, J.: Consistent Query Answers in Inconsistent Databases. In: PODS, pp. 68–79. ACM Press, New York (1999)
Bertino, E., Ferrari, E.: Secure and Selective Dissemination of XML Documents. ACM TISSEC 5(3), 290–331 (2002)
Bertossi, L., Bravo, L., Franconi, E., Lopatenko, A.: Complexity and Approximation of Fixing Numerical Attributes in Databases Under Integrity Constraints. In: Bierman, G., Koch, C. (eds.) DBPL 2005. LNCS, vol. 3774, pp. 262–278. Springer, Heidelberg (2005)
Bravo, L., Cheney, J., Fundulaki, I.: Repairing Inconsistent XML Write-Access Control Policies (August 2007), http://arxiv.org/abs/0708.2076
Bray, T., Paoli, J., Sperberg-McQueen, C.M., Maler, E., Yergeau, F.: Extensible Markup Language (XML) 1.0 (Fourth Edition) (September 2006), http://www.w3.org/TR/REC-xml/
Cautis, B., Abiteboul, S., Milo, T.: Reasoning about XML Update Constraints. In: PODS, pp. 195–204 (2007)
Centonze, P., Naumovich, G., Fink, S.J., Pistoia, M.: Role-Based Access Control Consistency Validation. In: ISSTA, pp. 121–132. ACM Press, New York (2006)
Chamberlin, D., Florescu, D., Robie, J.: XQuery Update Facility. W3C Working Draft (July 2006), http://www.w3.org/TR/xqupdate/
Chvatal, V.: A Greedy Heuristic for the Set Covering Problem. Mathematics of Operations Research 4, 233–235 (1979)
Damiani, E., De di Capitani, S., Paraboschi, S., Samarati, P.: A Fine-grained Access Control System for XML Documents. ACM TISSEC 5(2), 169–202 (2002)
Fan, W., Chan, C.-Y., Garofalakis, M.: Secure XML Querying with Security Views. In: ACM SIGMOD, pp. 587–598. ACM Press, New York (2004)
Floyd, R.: Algorithm 97: Shortest path. Communications of the ACM 5(6), 345 (1962)
Fundulaki, I., Maneth, S.: Formalizing XML Access Control for Update Operations. In: SACMAT, pp. 169–174 (2007)
Fundulaki, I., Marx, M.: Specifying Access Control Policies for XML Documents with XPath. In: SACMAT, pp. 61–69 (2004)
Kuper, G., Massacci, F., Rassadko, N.: Generalized XML Security Views. In: SACMAT, pp. 77–84 (2005)
Lim, C.-H., Park, S., Son, S.H.: Access control of XML documents considering update operations. In: ACM Workshop on XML Security, pp. 49–59. ACM Press, New York (2003)
Murata, M., Tozawa, A., Kudo, M., Hada, S.: XML Access Control Using Static Analysis. ACM TISSEC 9(3), 290–331 (2006)
Papadimitriou, C.: Computational Complexity. Addison-Wesley, Reading (1994)
Stoica, A., Farkas, C.: Secure XML Views. In: IFIP WG 11.3, vol. 256, pp. 133–146. Kluwer, Dordrecht (2002)
Yannakakis, M.: Edge-Deletion Problems. SIAM Journal on Computing 10(2), 297–309 (1981)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bravo, L., Cheney, J., Fundulaki, I. (2007). Repairing Inconsistent XML Write-Access Control Policies. In: Arenas, M., Schwartzbach, M.I. (eds) Database Programming Languages. DBPL 2007. Lecture Notes in Computer Science, vol 4797. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-75987-4_7
Download citation
DOI: https://doi.org/10.1007/978-3-540-75987-4_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-75986-7
Online ISBN: 978-3-540-75987-4
eBook Packages: Computer ScienceComputer Science (R0)