Abstract
AbstractThe high increase in the use of graph databases also for business- and privacy-critical applications demands for a sophisticated, flexible, fine-grained authorization and access control (AC) approach. Attribute-based access control (ABAC) supports a fine-grained definition of authorization rules and policies. Attributes can be associated with the subject, the requested resource and action, but also the environment. Thus, this is a promising starting point. However, specific characteristics of graph-structured data, such as attributes on vertices and edges along a path from a given subject to the resource to be accessed, are not yet considered. The well-established eXtensible Access Control Markup Language (XACML), which defines a declarative language for fine-grained, attribute-based authorization policies, is the basis for our proposed approach—XACML for Graph-structured data (XACML4G). The additional path-specific constraints, described in graph patterns, demand for specialized processing of the rules and policies as well as adapted enforcement and decision-making in the access control process. To demonstrate XACML4G and its enforcement process, we present a scenario from the university domain. Due to the project’s environment, the prototype is built with the multi-model database ArangoDB. Finally, compliance of XACML4G with quality standards for access control systems administration and enforcement is assessed. The results are promising and further studies concerning performance and use in practice are planned.
Funder
Österreichische Forschungsförderungsgesellschaft
LIT Secure and Correct Systems Lab funded by the State of Upper Austria
Johannes Kepler University Linz
Publisher
Springer Science and Business Media LLC
Reference38 articles.
1. Reinsel D, Gantz J, Rydning J. Data age 2025: The digitization of the world—from edge to core. 2018; https://www.seagate.com/files/www-content/our-story/trends/files/idc-seagate-dataage-whitepaper.pdf.
2. Graph databases go mainstream. 2019; https://www.forbes.com/sites/cognitiveworld/2019/07/18/graph-databases-go-mainstream/#79c0f5d5179d. Accessed in 03.2021.
3. Fine-grained access control. https://neo4j.com/docs/operations-manual/current/authentication-authorization/access-control/index.html. Accessed in 03.2021.
4. Azure role-based access control in azure cosmos db. 2020; https://docs.microsoft.com/en-us/azure/cosmos-db/role-based-access-control. Accessed in 03.2021.
5. Access control in arangodb oasis. https://www.arangodb.com/docs/stable/oasis/access-control.html. Accessed in 03.2021.
Cited by
7 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献