TY - GEN
T1 - The halting problem and undecidability of document generation under access control for tree updates
AU - Moore, Neil
PY - 2009
Y1 - 2009
N2 - We show by reduction from the halting problem for Turing machines that typical rule-based models of fine-grained access control of trees make impossible certain forms of analysis, limiting the ability to audit existing policies and evaluate new ones. Fine-grained access control is the problem of specifying the set of operations that may be performed on a complex structure. For tree-structured databases and documents, particularly XML, a rule-based approach is most common. In this model, access control policies consist of rules that select the allowed or disallowed targets of queries based on their hierarchical relationships to other nodes. We consider the problem of determining whether a given document (that is, a rooted vertex-labelled tree) could have been produced in accordance with a particular access control policy for updates. We show that, for rule-based policies based on a simple fragment of XPath, this problem is undecidable. This result shows that rule-based access control policies based on XPath languages are, in some sense, too powerful, demonstrating the need for a model of access control of tree updates that bridges the gap between expressive and analyzable policies.
AB - We show by reduction from the halting problem for Turing machines that typical rule-based models of fine-grained access control of trees make impossible certain forms of analysis, limiting the ability to audit existing policies and evaluate new ones. Fine-grained access control is the problem of specifying the set of operations that may be performed on a complex structure. For tree-structured databases and documents, particularly XML, a rule-based approach is most common. In this model, access control policies consist of rules that select the allowed or disallowed targets of queries based on their hierarchical relationships to other nodes. We consider the problem of determining whether a given document (that is, a rooted vertex-labelled tree) could have been produced in accordance with a particular access control policy for updates. We show that, for rule-based policies based on a simple fragment of XPath, this problem is undecidable. This result shows that rule-based access control policies based on XPath languages are, in some sense, too powerful, demonstrating the need for a model of access control of tree updates that bridges the gap between expressive and analyzable policies.
UR - http://www.scopus.com/inward/record.url?scp=67649949175&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=67649949175&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-00982-2_51
DO - 10.1007/978-3-642-00982-2_51
M3 - Conference contribution
AN - SCOPUS:67649949175
SN - 9783642009815
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 601
EP - 613
BT - Language and Automata Theory and Applications - Third International Conference, LATA 2009, Proceedings
T2 - 3rd International Conference on Language and Automata Theory and Applications, LATA 2009
Y2 - 2 April 2009 through 8 April 2009
ER -