Extended Authorization Policy for Graph-Structured Data

Author:

Mohamed AyaORCID,Auer DagmarORCID,Hofer DanielORCID,Küng Josef

Abstract

AbstractThe high increase in the use of graph databases also for business- and privacy-critical applications demands for a sophisticated, flexible, fine-grained authorization and access control (AC) approach. Attribute-based access control (ABAC) supports a fine-grained definition of authorization rules and policies. Attributes can be associated with the subject, the requested resource and action, but also the environment. Thus, this is a promising starting point. However, specific characteristics of graph-structured data, such as attributes on vertices and edges along a path from a given subject to the resource to be accessed, are not yet considered. The well-established eXtensible Access Control Markup Language (XACML), which defines a declarative language for fine-grained, attribute-based authorization policies, is the basis for our proposed approach—XACML for Graph-structured data (XACML4G). The additional path-specific constraints, described in graph patterns, demand for specialized processing of the rules and policies as well as adapted enforcement and decision-making in the access control process. To demonstrate XACML4G and its enforcement process, we present a scenario from the university domain. Due to the project’s environment, the prototype is built with the multi-model database ArangoDB. Finally, compliance of XACML4G with quality standards for access control systems administration and enforcement is assessed. The results are promising and further studies concerning performance and use in practice are planned.

Funder

Österreichische Forschungsförderungsgesellschaft

LIT Secure and Correct Systems Lab funded by the State of Upper Austria

Johannes Kepler University Linz

Publisher

Springer Science and Business Media LLC

Reference38 articles.

1. Reinsel D, Gantz J, Rydning J. Data age 2025: The digitization of the world—from edge to core. 2018; https://www.seagate.com/files/www-content/our-story/trends/files/idc-seagate-dataage-whitepaper.pdf.

2. Graph databases go mainstream. 2019; https://www.forbes.com/sites/cognitiveworld/2019/07/18/graph-databases-go-mainstream/#79c0f5d5179d. Accessed in 03.2021.

3. Fine-grained access control. https://neo4j.com/docs/operations-manual/current/authentication-authorization/access-control/index.html. Accessed in 03.2021.

4. Azure role-based access control in azure cosmos db. 2020; https://docs.microsoft.com/en-us/azure/cosmos-db/role-based-access-control. Accessed in 03.2021.

5. Access control in arangodb oasis. https://www.arangodb.com/docs/stable/oasis/access-control.html. Accessed in 03.2021.

Cited by 7 articles. 订阅此论文施引文献 订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献

1. Blockchain-Based Authorization Mechanism for Educational Social Internet of Things;IEEE Access;2024

2. A Graph-Based Framework for ABAC Policy Enforcement and Analysis;Lecture Notes in Computer Science;2024

3. Towards an Effective Attribute-Based Access Control Model for Neo4j;Model and Data Engineering;2023-12-22

4. An extended model-based characterization of fine-grained access control for SQL queries;2023 ACM/IEEE 26th International Conference on Model Driven Engineering Languages and Systems (MODELS);2023-10-01

5. Rewriting Graph-DB Queries to Enforce Attribute-Based Access Control;Lecture Notes in Computer Science;2023

同舟云学术

1.学者识别学者识别

2.学术分析学术分析

3.人才评估人才评估

"同舟云学术"是以全球学者为主线,采集、加工和组织学术论文而形成的新型学术文献查询和分析系统,可以对全球学者进行文献检索和人才价值评估。用户可以通过关注某些学科领域的顶尖人物而持续追踪该领域的学科进展和研究前沿。经过近期的数据扩容,当前同舟云学术共收录了国内外主流学术期刊6万余种,收集的期刊论文及会议论文总量共计约1.5亿篇,并以每天添加12000余篇中外论文的速度递增。我们也可以为用户提供个性化、定制化的学者数据。欢迎来电咨询!咨询电话:010-8811{复制后删除}0370

www.globalauthorid.com

TOP

Copyright © 2019-2024 北京同舟云网络信息技术有限公司
京公网安备11010802033243号  京ICP备18003416号-3