nach oben

Erschienen in:

2022 | OriginalPaper | Buchkapitel

A Comprehensive Framework Integrating Attribute-Based Access Control and Privacy Protection Models

verfasst von : Anh Tuan Truong

Erschienen in: Advances in Engineering Research and Application

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

NoSQL databases have recently become increasingly popular as data platforms for big data and real-time web applications. Due to the simplicity in design but effectiveness in horizontal scaling and performance, NoSQL databases can be a better alternative approach in comparison with traditional relational databases. However, the lack of a fine-grained access control system together with a data privacy protection mechanism is one of the most important issues in NoSQL databases. In this paper, we investigate the attribute based access control model (ABAC) and use it as the main access control system in NoSQL databases. Moreover, we propose and implement a comprehensive framework for enforcing attribute-based security policies stored in JSON document together with a data privacy protection mechanism in the fine-grained level. We use Polish notation for modeling conditional expressions (i.e., the combination of subject, resource, and environment attributes) so that ABAC policies can be flexible, dynamic and fine grained. Moreover, for data privacy protection, privacy rules of the policies are constrained not only by access and intended purpose but also by subject, resource, and environment attributes as well as data disclosure level. The experiment is carried out to show the relationship between the processing time for access decision together with the privacy protection mechanism and the complexity of access and privacy policies.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel A Comparison of Methods on Building Empirical Model of Milling Working Status Based on Vibration

Nächstes Kapitel A Force Model for Controlling the Destemming Process of the Fresh Chilli Fruit

Thi, Q.N.T., Dang, T.K., Van, H.L., Son, H.X.: Using JSON to specify privacy preserving-enabled attribute-based access control policies. In: Wang, G., Atiquzzaman, M., Yan, Z., Choo, K.-K. (eds.) SpaCCS 2017. LNCS, vol. 10656, pp. 561–570. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-72389-1_44CrossRef

Bertino, E., Ghinita, G., Kamra, A.: Access Control for Databases: Concepts and Systems

Hu, V.C., et al.: Now Publishers, Hanover (2011)

Sandlin, K., Miller, R., Scarfone, K.: Guide to attribute-based access control (ABAC) definition and considerations (draft). NIST Spec. Publ. 800, 162 (2013)

Byun, J.W., Li, N.: Purpose-based access control for privacy protection in relational database systems. VLDB J. 17(4), 603–619 (2008)CrossRef

Colombo, P., Ferrari, E.: Enforcement of purpose-based access control within relational database management systems. IEEE Trans. Knowl. Data Eng. 26(11), 2703–2716 (2014)CrossRef

Rissanen, E.: eXtensible Access Control Markup Language (XACML) Version 3.0

(committee specification 01): Technical Report. OASIS (2010). http://docs.oasisopen.org/xacml/3.0/xacml-3.0-core-spec-cd-03-en.Pdf

Hua, L.S., Varadharajan, V.: Purpose-based access control policies and conflicting analysis. Security and Privacy – Silver Linings in the Cloud. 217–228 (2010)

10.

Colombo, P., Ferrari, E.: Fine-grained access control within NoSQL document-oriented datastores. Data Sci. Eng. 1(3), 127–138 (2016). https://doi.org/10.1007/s41019-016-0015-zCrossRef

11.

InterNational Committee for Information Technology Standards: Information technology – Next Generation Access Control – Generic Operations and Data Structures (2015)

12.

Biswas, P., Sandhu, R., Krishnan, R.: An Attribute-Based Protection Model for JSON Documents. In: Chen, J., Piuri, V., Su, C., Yung, M. (eds.) NSS 2016. LNCS, vol. 9955, pp. 303–317. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-46298-1_20CrossRef

13.

Gartner: Gartner says “By 2020, 70% of businesses will use attribute-based access control (ABAC) to protect critical assets”. [Online] Available at https://www.avatier.com/products/identity-management/resources/gartner-iam-2020-predictions/. (2016) Accessed 3 March 2017

14.

Information Commissioner’s Office: Data Protection Principles. [Online] Available at https://ico.org.uk/for-organisations/guide-to-data-protection/data-protection-principles/

15.

Enterprise Privacy Authorization Language: [Online] Available at https://www.w3.org/2003/p3p-ws/pp/ibm3.html

16.

Sandhu, R., Coyne, E., Feinstein, H., Youmann, C.: Role-based access control models. IEEE Computer 2(29), 38–47 (1996)CrossRef

17.

ISO/IEC DIS 10181–3: Information Technology, OSI Security Model, Security Frameworks, Part 3: Access Control (1993)

18.

Hu, V.C., et al.: Guide to Attribute-Based Access Control (ABAC) Definition and Considerations (draft). NIST Special Publication. 800(162) (2013)

19.

Hu, V.C., Kuhn, D.R., Ferraiolo, D.F.: Attribute-based access control. IEEE Computer 48(2), 85–88 (2015)CrossRef

20.

Huang, J., Nicol, D.M., Bobba, R., Huh, J.H.: A framework integrating attribute-based policies into role-based access control. In: Proceedings of the 17^th ACM symposium on access control models and technologies, pp. 187–196. ACM (2012)

21.

Jin, X., Krishnan, R., Sandhu, R.: A unified attribute-based access control model covering DAC, MAC, and RBAC. In: IFIP Annual Conference on Data and Applications Security and Privacy, pp. 41–55. Springer (2012)

22.

Westin, A.F.: Privacy and Freedom, vol 7. Atheneum, New York (1967)

23.

Byun, J.W., Bertino, E., Li, N.: Purpose based access control of complex data for privacy protection. In: Proceedings of the Tenth ACM Symposium on Access Control Models and Technologies, pp. 102–110. ACM (2005)

24.

Byun, J.W., Li, N.: Purpose based access control for privacy protection in relational database systems. VLDB J. 17(4), 603–619 (2008)CrossRef

25.

Kabir, M.E., Wang, H.: Conditional purpose based access control model for privacy protection. In: Proceedings of the twentieth australasian conference on australasian database, vol 92, pp 135–142. Australian Computer Society Inc. (2009)

26.

Wang, H., Sun, L., Bertino, E.: Building access control policy model for privacy-preserving and testing policy connecting problems. J. Comput. Syst. Sci. 80(8), 1493–1503 (2014)CrossRef

27.

Kabir, M.E., Wang, H., Bertino, E.: A role-involved conditional purpose-based access control model. In: E-Government, E-Services and Global Processes, pp. 167–180. Springer (2010)

Titel: A Comprehensive Framework Integrating Attribute-Based Access Control and Privacy Protection Models
verfasst von: Anh Tuan Truong
Verlag: Springer International Publishing
Buch: Advances in Engineering Research and Application
Print ISBN: 978-3-030-92573-4

Electronic ISBN: 978-3-030-92574-1

Copyright-Jahr: 2022
DOI: https://doi.org/10.1007/978-3-030-92574-1_5

Premium Partner

Marktübersichten

Die im Laufe eines Jahres in der „adhäsion“ veröffentlichten Marktübersichten helfen Anwendern verschiedenster Branchen, sich einen gezielten Überblick über Lieferantenangebote zu verschaffen.

Zur Marktübersicht