Repairing Inconsistent XML Write-Access Control Policies

Loreto Bravo, James Cheney, Irini Fundulaki

Research output: Chapter in Book/Report/Conference proceedingConference contribution


XML access control policies involving updates may contain security flaws, here called inconsistencies, in which a forbidden operation may be simulated by performing a sequence of allowed operations. This paper investigates the problem of deciding whether a policy is consistent, and if not, how its inconsistencies can be repaired. We consider policies expressed in terms of annotated DTDs defining which operations are allowed or denied for the XML trees that are instances of the DTD. We show that consistency is decidable in ptime for such policies and that consistent partial policies can be extended to unique “least-privilege” consistent total policies. We also consider repair problems based on deleting privileges to restore consistency, show that finding minimal repairs is np-complete, and give heuristics for finding repairs.
Original languageEnglish
Title of host publicationDatabase Programming Languages
Subtitle of host publication11th International Symposium, DBPL 2007, Vienna, Austria, September 23-24, 2007, Revised Selected Papers
EditorsMarcelo Arenas, MichaelI. Schwartzbach
PublisherSpringer Berlin Heidelberg
Number of pages15
ISBN (Electronic)978-3-540-75987-4
ISBN (Print)978-3-540-75986-7
Publication statusPublished - 2007

Publication series

NameLecture Notes in Computer Science
PublisherSpringer Berlin Heidelberg


Dive into the research topics of 'Repairing Inconsistent XML Write-Access Control Policies'. Together they form a unique fingerprint.

Cite this