Repairing Inconsistent XML Write-Access Control Policies
نویسندگان
چکیده
XML access control policies involving updates may contain security flaws, here called inconsistencies, in which a forbidden operation may be simulated by performing a sequence of allowed operations. This paper investigates the problem of deciding whether a policy is consistent, and if not, how its inconsistencies can be repaired. We consider policies expressed in terms of annotated DTDs defining which operations are allowed or denied for the XML trees that are instances of the DTD. We show that consistency is decidable in PTIME for such policies and that consistent partial policies can be extended to unique “leastprivilege” consistent total policies. We also consider repair problems based on deleting privileges to restore consistency, show that finding minimal repairs is NP-complete, and give heuristics for finding repairs.
منابع مشابه
Enforcing RBAC Policies over Data Stored on Untrusted Server (Extended Version)
One of the security issues in data outsourcing is the enforcement of the data owner’s access control policies. This includes some challenges. The first challenge is preserving confidentiality of data and policies. One of the existing solutions is encrypting data before outsourcing which brings new challenges; namely, the number of keys required to access authorized resources, efficient policy u...
متن کاملSimplified Access Control Policies for XML Databases
When defining Access Control Policies for XML Databases administrators need to make sure that they are not inconsistent, this is, that it is not possible to perform a forbidden operation through a sequence of allowed operations. This problem has been studied before for policies defined using authorizations based in insert, delete, replace and replaceVal types to control updates in documents tha...
متن کاملXML access control: mapping XACML policies to relational database tables
Although eXtensible Access Control Markup Language (XACML) is recognized as a precise and a complete policy description language, the structure of the current XACML policy is complex. Hence, users need to understand XACML well and write down the securing policy all by hand, which make it difficult to master and use. On the other hand, RDBMS is easy and simple to use by all users and allows hidi...
متن کاملXML Access Control
Definition XML access control refers to the practice of limiting access to (parts of) XML data to only authorized users. Similar to access control over other types of data and resources, XML access control is centered around two key problems: (i) the development of formal models for the specification of access control policies over XML data; and (ii) techniques for efficient enforcement of acce...
متن کاملAn XML Access Control Model Considering Update Operations
Several researches have been proposed over the past years to specify a selective access control for XML document. However, most of the previous researches only consider read privilege while specifying XML access control when access control policies support update rights is untouched. Therefore, a challenging issue is how to define an XML access control model to handle update operations that inc...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2007