Consistency and repair for XML write-access control policies

Consistency and repair for XML write-access control policies XML access control policies involving updates may contain security flaws, here called inconsistencies , in which a forbidden operation may be simulated by performing a sequence of allowed operations. This article investigates the problem of deciding whether a policy is consistent, and if not, how its inconsistencies can be repaired. We consider total and partial policies expressed in terms of annotated schemas defining which operations are allowed or denied for the XML trees that are instances of the schema. We show that consistency is decidable in PTIME for such policies and that consistent partial policies can be extended to unique least-privilege consistent total policies. We also consider repair problems based on deleting privileges to restore consistency, show that finding minimal repairs is NP-complete, and give heuristics for finding repairs. Finally, we experimentally evaluate these algorithms in comparison with an exact approach based on answer-set programming. http://www.deepdyve.com/assets/images/DeepDyve-Logo-lg.png The VLDB Journal Springer Journals

Consistency and repair for XML write-access control policies

Loading next page...
 
/lp/springer_journal/consistency-and-repair-for-xml-write-access-control-policies-72cEBIcQqZ
Publisher
Springer-Verlag
Copyright
Copyright © 2012 by Springer-Verlag Berlin Heidelberg
Subject
Computer Science; Database Management
ISSN
1066-8888
eISSN
0949-877X
D.O.I.
10.1007/s00778-012-0273-y
Publisher site
See Article on Publisher Site

Abstract

XML access control policies involving updates may contain security flaws, here called inconsistencies , in which a forbidden operation may be simulated by performing a sequence of allowed operations. This article investigates the problem of deciding whether a policy is consistent, and if not, how its inconsistencies can be repaired. We consider total and partial policies expressed in terms of annotated schemas defining which operations are allowed or denied for the XML trees that are instances of the schema. We show that consistency is decidable in PTIME for such policies and that consistent partial policies can be extended to unique least-privilege consistent total policies. We also consider repair problems based on deleting privileges to restore consistency, show that finding minimal repairs is NP-complete, and give heuristics for finding repairs. Finally, we experimentally evaluate these algorithms in comparison with an exact approach based on answer-set programming.

Journal

The VLDB JournalSpringer Journals

Published: Dec 1, 2012

References

You’re reading a free preview. Subscribe to read the entire article.


DeepDyve is your
personal research library

It’s your single place to instantly
discover and read the research
that matters to you.

Enjoy affordable access to
over 18 million articles from more than
15,000 peer-reviewed journals.

All for just $49/month

Explore the DeepDyve Library

Search

Query the DeepDyve database, plus search all of PubMed and Google Scholar seamlessly

Organize

Save any article or search result from DeepDyve, PubMed, and Google Scholar... all in one place.

Access

Get unlimited, online access to over 18 million full-text articles from more than 15,000 scientific journals.

Your journals are on DeepDyve

Read from thousands of the leading scholarly journals from SpringerNature, Elsevier, Wiley-Blackwell, Oxford University Press and more.

All the latest content is available, no embargo periods.

See the journals in your area

DeepDyve

Freelancer

DeepDyve

Pro

Price

FREE

$49/month
$360/year

Save searches from
Google Scholar,
PubMed

Create lists to
organize your research

Export lists, citations

Read DeepDyve articles

Abstract access only

Unlimited access to over
18 million full-text articles

Print

20 pages / month

PDF Discount

20% off