Static Enforceability of XPath-Based Access Control Policies

Research output: Chapter in Book/Report/Conference proceedingConference contribution


We consider the problem of extending XML databases with fine-grained, high-level access control policies specified using XPath expressions. Most prior work checks individual updates dynamically, which is expensive (requiring worst-case execution time proportional to the size of the database). On the other hand, static enforcement can be performed without accessing the database but may be incomplete, in the sense that it may forbid accesses that dynamic enforcement would allow. We introduce topological characterizations of XPath fragments in order to study the problem of determining when an access control policy can be enforced statically without loss of precision. We introduce the notion of fair policies that are statically enforceable, and study the complexity of determining fairness and of static enforcement itself.
Original languageEnglish
Title of host publicationProceedings of the 14th International Symposium on Database Programming Languages (DBPL 2013), August 30, 2013, Riva del Garda, Trento, Italy
Publication statusPublished - 2013


Dive into the research topics of 'Static Enforceability of XPath-Based Access Control Policies'. Together they form a unique fingerprint.

Cite this