ACCOn: Checking Consistency of XML Write-Access Control Policies

Abstract

XML access control policies involving updates may contain security flaws, here called inconsistencies, in which a forbidden operation may be simulated by performing a sequence of allowed operations. ACCOn implements i) consistency checking algorithms that examine whether a write-access control policy defined over a DTD is inconsistent and ii) repair algorithms that propose repairs to an inconsistent policy to obtain a consistent one.