12,954 research outputs found
Repairing Inconsistent XML Write-Access Control Policies
XML access control policies involving updates may contain security flaws,
here called inconsistencies, in which a forbidden operation may be simulated by
performing a sequence of allowed operations. This paper investigates the
problem of deciding whether a policy is consistent, and if not, how its
inconsistencies can be repaired. We consider policies expressed in terms of
annotated DTDs defining which operations are allowed or denied for the XML
trees that are instances of the DTD. We show that consistency is decidable in
PTIME for such policies and that consistent partial policies can be extended to
unique "least-privilege" consistent total policies. We also consider repair
problems based on deleting privileges to restore consistency, show that finding
minimal repairs is NP-complete, and give heuristics for finding repairs.Comment: 25 pages. To appear in Proceedings of DBPL 200
- ā¦