nach oben

Erschienen in:

2020 | OriginalPaper | Buchkapitel

Authorization Policy Extension for Graph Databases

verfasst von : Aya Mohamed, Dagmar Auer, Daniel Hofer, Josef Küng

Erschienen in: Future Data and Security Engineering

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

The high increase in the use of graph databases also for business- and privacy-critical applications demands for a sophisticated, flexible, fine-grained authorization and access control approach. Attribute-based access control (ABAC) supports a fine-grained definition of authorization rules and policies. Attributes can be associated with the subject, the requested resource and action, but also the environment. Thus, this is a promising starting point. However, specific characteristics of graph-structured data such as attributes on vertices and edges along a path to the resource, are not yet considered. The well-established eXtensible Access Control Markup Language (XACML), which defines a declarative language for fine-grained, attribute-based authorization policies, is the basis for our proposed approach - XACML for Graph-structured data (XACML4G). The additional path-specific constraints, described in graph patterns, demand for specialized processing of the rules and policies as well as adapted enforcement and decision making in the access control process. To demonstrate XACML4G and its enforcement process, we present a scenario from the university domain. Due to the project’s environment, the prototype is built with the multi-model database ArangoDB. The results are promising and further studies concerning performance and use in practice are planned.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Data Quality for Medical Data Lakelands

Nächstes Kapitel A Model-Driven Approach for Enforcing Fine-Grained Access Control for SQL Queries

https://www.forbes.com/sites/cognitiveworld/2019/07/18/graph-databases-go-mainstream/#79c0f5d5179d.

https://neo4j.com/docs/operations-manual/current/authentication-authorization/access-control/index.html.

https://docs.microsoft.com/en-us/azure/cosmos-db/role-based-access-control.

https://www.arangodb.com/docs/stable/oasis/access-control.html.

Organization for the Advancement of Structured Information Standards, www.oasisopen.org.

https://www.omg.org/spec/BPMN/2.0/PDF http://www.bpmb.de/images/BPMN2_0_Poster_EN.pdf.

Cypher is the declarative query language used to work with graphs in Neo4j (https://neo4j.com/docs/cypher-manual/current/introduction/).

https://db-engines.com/en/ranking/graph+dbms.

https://neo4j.com/blog/role-based-access-control-neo4j-enterprise/, https://neo4j.com/docs/operations-manual/current/authentication-authorization/access-control/.

A Brief Introduction to XACML. https://www.oasis-open.org/committees/download.php/2713/Brief_Introduction_to_XACML.html. Accessed July 2020

Foxx Microservices. https://www.arangodb.com/docs/stable/foxx.html. Accessed July 2020

Scaling XACML architecture deployment. https://www.axiomatics.com/blog/scaling-xacml-architecture-deployment/. Accessed July 2020

eXtensible Access Control Markup Language (XACML) Version 3.0 - OASIS Standard, 22 January 2013. http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.html. Accessed July 2020

Ahmadi, H., Small, D.: Graph model implementation of attribute-based access control policies. arXiv preprint arXiv:1909.09904 (2019)

Anderson, A.: Extensible access control markup language (XACML). Technology report (2003)

Axiomatics: What is attribute-based access control? White Paper (2016). https://ma.axiomatics.com/acton/ct/10529/s-02c9-1707/Bct/l-0586/l-0586:3307/ct7_0/1?sid=TV2%3AmFBxh9FWI

Bertino, E., Sandhu, R.: Database security-concepts, approaches, and challenges. IEEE Trans. Dependable Secur. Comput. 2(1), 2–19 (2005)CrossRef

Brossard, D.: Understanding XACML Combining Algorithms, 15 June 2014. https://www.axiomatics.com/blog/understanding-xacml-combining-algorithms/. Accessed July 2020

10.

Browder, K., Davidson, M.A.: The virtual private database in oracle9ir2. Oracle Technical White Paper, Oracle Corporation 500, 280 (2002)

11.

Cheng, Y., Park, J., Sandhu, R.: Relationship-based access control for online social networks: beyond user-to-user relationships. In: 2012 International Conference on Privacy, Security, Risk and Trust and 2012 International Conference on Social Computing, pp. 646–655. IEEE (2012)

12.

Cheng, Y., Park, J., Sandhu, R.: A user-to-user relationship-based access control model for online social networks. In: Cuppens-Boulahia, N., Cuppens, F., Garcia-Alfaro, J. (eds.) DBSec 2012. LNCS, vol. 7371, pp. 8–24. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-31540-4_2CrossRef

13.

Diez, F.P., Vasu, A.C., Touceda, D.S., Cámara, J.M.S.: Modeling XACML security policies using graph databases. IT Prof. 19(6), 52–57 (2017)CrossRef

14.

Fletcher, G., Hidders, J., Larriba-Pey, J.L.: Graph Data Management - Fundamental Issues and Recent Developments. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96193-4. ISBN 978-3-319-96192-7CrossRef

15.

Fong, P.W.: Relationship-based access control: protection model and policy language. In: Proceedings of the First ACM Conference on Data and Application Security and Privacy, pp. 191–202 (2011)

16.

Giunchiglia, F., Zhang, R., Crispo, B.: RelBAC: relation based access control. In: 2008 Fourth International Conference on Semantics, Knowledge and Grid, pp. 3–11. IEEE (2008)

17.

Hu, V.C., et al.: Guide to attribute based access control (ABAC) definition and considerations. NIST Special Publication 800(162) (2019). https://doi.org/10.6028/NIST.SP.800-162

18.

Hu, V.C., Ferraiolo, D.F., Chandramouli, R., Kuhn, D.R.: Attribute-Based Access Control. Artech House, Norwood (2018)

19.

Jin, Y., Kaja, K.: XACML implementation based on graph database. In: Proceedings of 34th International Conference on Computers and Their Applications, vol. 58, pp. 65–74 (2019)

20.

Mohan, A.: Design and implementation of an attribute-based authorization management system. Ph.D. thesis, Georgia Institute of Technology (2011)

21.

Reinsel, D., Gantz, J., Rydning, J.: Data age 2025: the digitization of the world - from edge to core (2018). https://www.seagate.com/files/www-content/our-story/trends/files/idc-seagate-dataage-whitepaper.pdf

22.

Rizvi, S., Mendelzon, A., Sudarshan, S., Roy, P.: Extending query rewriting techniques for fine-grained access control. In: Proceedings of the 2004 ACM SIGMOD international conference on Management of data, pp. 551–562 (2004)

Titel: Authorization Policy Extension for Graph Databases
verfasst von: Aya Mohamed
Dagmar Auer
Daniel Hofer
Josef Küng
Verlag: Springer International Publishing
Buch: Future Data and Security Engineering
Print ISBN: 978-3-030-63923-5

Electronic ISBN: 978-3-030-63924-2

Copyright-Jahr: 2020
DOI: https://doi.org/10.1007/978-3-030-63924-2_3

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"