Repairing Inconsistent XML Write-Access Control Policies
Loreto Bravo, James Cheney, Irini Fundulaki
TL;DR
This paper addresses the problem of detecting and repairing inconsistencies in XML access control policies, providing algorithms for deciding policy consistency and methods for minimal privilege removal repairs.
Contribution
It introduces a polynomial-time decision procedure for policy consistency and presents heuristics for minimal privilege removal repairs.
Findings
Consistency is decidable in PTIME for annotated DTD policies.
Consistent partial policies can be extended to unique least-privilege total policies.
Finding minimal privilege repairs is NP-complete.
Abstract
XML access control policies involving updates may contain security flaws, here called inconsistencies, in which a forbidden operation may be simulated by performing a sequence of allowed operations. This paper investigates the problem of deciding whether a policy is consistent, and if not, how its inconsistencies can be repaired. We consider policies expressed in terms of annotated DTDs defining which operations are allowed or denied for the XML trees that are instances of the DTD. We show that consistency is decidable in PTIME for such policies and that consistent partial policies can be extended to unique "least-privilege" consistent total policies. We also consider repair problems based on deleting privileges to restore consistency, show that finding minimal repairs is NP-complete, and give heuristics for finding repairs.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAccess Control and Trust · Security and Verification in Computing · Distributed systems and fault tolerance