Consistent query answers in inconsistent databases
PODS '99 Proceedings of the eighteenth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems
Communications of the ACM
Introduction to algorithms
Node-and edge-deletion NP-complete problems
STOC '78 Proceedings of the tenth annual ACM symposium on Theory of computing
Access control of XML documents considering update operations
Proceedings of the 2003 ACM workshop on XML security
A compressed accessibility map for XML
ACM Transactions on Database Systems (TODS)
Secure XML querying with security views
SIGMOD '04 Proceedings of the 2004 ACM SIGMOD international conference on Management of data
Generalized XML security views
Proceedings of the tenth ACM symposium on Access control models and technologies
Integration and Efficient Lookup of Compressed XML Accessibility Maps
IEEE Transactions on Knowledge and Data Engineering
The DLV system for knowledge representation and reasoning
ACM Transactions on Computational Logic (TOCL)
Expressiveness and complexity of XML Schema
ACM Transactions on Database Systems (TODS)
XML access control using static analysis
ACM Transactions on Information and System Security (TISSEC)
Formalizing XML access control for update operations
Proceedings of the 12th ACM symposium on Access control models and technologies
XMark: a benchmark for XML data management
VLDB '02 Proceedings of the 28th international conference on Very Large Data Bases
ACCOn: checking consistency of XML write-access control policies
EDBT '08 Proceedings of the 11th international conference on Extending database technology: Advances in database technology
Reasoning about XML update constraints
Journal of Computer and System Sciences
Controlling Access to XML Documents over XML Native and Relational Databases
SDM '09 Proceedings of the 6th VLDB Workshop on Secure Data Management
Inference of concise regular expressions and DTDs
ACM Transactions on Database Systems (TODS)
Repairing inconsistent XML write-access control policies
DBPL'07 Proceedings of the 11th international conference on Database programming languages
Rewrite-based verification of XML updates
Proceedings of the 12th international ACM SIGPLAN symposium on Principles and practice of declarative programming
View update translation for XML
Proceedings of the 14th International Conference on Database Theory
Information and Computation
QFilter: rewriting insecure XML queries to secure ones using non-deterministic finite automata
The VLDB Journal — The International Journal on Very Large Data Bases
| Hi-index | 0.00 |
XML access control policies involving updates may contain security flaws, here called inconsistencies, in which a forbidden operation may be simulated by performing a sequence of allowed operations. This article investigates the problem of deciding whether a policy is consistent, and if not, how its inconsistencies can be repaired. We consider total and partial policies expressed in terms of annotated schemas defining which operations are allowed or denied for the XML trees that are instances of the schema. We show that consistency is decidable in PTIME for such policies and that consistent partial policies can be extended to unique least-privilege consistent total policies. We also consider repair problems based on deleting privileges to restore consistency, show that finding minimal repairs is NP-complete, and give heuristics for finding repairs. Finally, we experimentally evaluate these algorithms in comparison with an exact approach based on answer-set programming.