Introduction To Automata Theory, Languages, And Computation
Introduction To Automata Theory, Languages, And Computation
A logical framework for reasoning about access control models
ACM Transactions on Information and System Security (TISSEC)
EDBT '00 Proceedings of the 7th International Conference on Extending Database Technology: Advances in Database Technology
Author-X: A Java-Based System for XML Data Protection
Proceedings of the IFIP TC11/ WG11.3 Fourteenth Annual Working Conference on Database Security: Data and Application Security, Development and Directions
Containment and equivalence for a fragment of XPath
Journal of the ACM (JACM)
Access control of XML documents considering update operations
Proceedings of the 2003 ACM workshop on XML security
Specifying access control policies for XML documents with XPath
Proceedings of the ninth ACM symposium on Access control models and technologies
QFilter: fine-grained run-time XML access control via NFA-based query rewriting
Proceedings of the thirteenth ACM international conference on Information and knowledge management
Efficient algorithms for processing XPath queries
ACM Transactions on Database Systems (TODS)
Reasoning about XML update constraints
Proceedings of the twenty-sixth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems
Formalizing XML access control for update operations
Proceedings of the 12th ACM symposium on Access control models and technologies
Optimizing the secure evaluation of twig queries
VLDB '02 Proceedings of the 28th international conference on Very Large Data Bases
ACCOn: checking consistency of XML write-access control policies
EDBT '08 Proceedings of the 11th international conference on Extending database technology: Advances in database technology
The Halting Problem and Undecidability of Document Generation under Access Control for Tree Updates
LATA '09 Proceedings of the 3rd International Conference on Language and Automata Theory and Applications
Controlling Access to XML Documents over XML Native and Relational Databases
SDM '09 Proceedings of the 6th VLDB Workshop on Secure Data Management
KES'07/WIRN'07 Proceedings of the 11th international conference, KES 2007 and XVII Italian workshop on neural networks conference on Knowledge-based intelligent information and engineering systems: Part III
Repairing inconsistent XML write-access control policies
DBPL'07 Proceedings of the 11th international conference on Database programming languages
Consistency and repair for XML write-access control policies
The VLDB Journal — The International Journal on Very Large Data Bases
| Hi-index | 0.00 |
We consider the problem of deciding whether a fine-grained access control policy for tree updates allows a particular document to be constructed. This problem arises from a number of natural questions related to document security, authenticity, and verifiability. Fine-grained access control is the problem of specifying the set of operations that may be performed on a complex structure. For tree-structured databases and documents, particularly XML, a rule-based approach is most common. In this model, access control policies consist of rules that select the allowed or disallowed targets of queries or updates based on their hierarchical relationships to other nodes. We show that, for a typical form of rule-based fine-grained access control policies based on a simple fragment of XPath, this problem is undecidable. We also prove lower bounds on the complexity of various restrictions of this problem, and demonstrate deterministic and nondeterministic polynomial-time algorithms for two restrictions in particular. These results show that, for sufficiently complex access control languages, certain forms of analysis are very difficult or even impossible, limiting the ability to verify documents, audit existing policies, and evaluate new policies. Thus rule-based access control policies based on XPath are, in some sense, too powerful, demonstrating the need for a model of access control of tree updates that bridges the gap between expressive and analyzable policies.