Extended XACML Language and Architecture for Access Control in Graph-structured Data

Mohamed, Aya; Auer, Dagmar; Hofer, Dominik; Küng, Josef

doi:10.1145/3487664.3487789

Cited by 1 publication

(2 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Mohamed et al (2021) coupled ABAC with a new declarative language for fine-grained, attribute-based authorization policy, named XACML for Graph-structured data (XACML4G) . The same authors proposed an extension to the XACML language and architecture in Mohamed et al (2022) to specify and enforce fine-grained constraints on graph paths. Even though additional path-specific constraints in terms of graph patterns can be described, the policy rules require specialized processing and the enforcement mechanism needs to be adapted to work in a specific graph datastore (Sicari et al , 2022).…”

Section: Graph Databasesmentioning

confidence: 99%

“…The established policy language and access control model eXtensible Access Control Markup Language (XACML) [2], for example, supports separation of concerns. In addition, in research prototypes like the ones presented by Bertino et al (2001), Colombo and Ferrari (2017), Kacimi and Benhlima (2017), Bogaerts et al (2017) and Mohamed et al (2022), authorization policy management and enforcement are also independent of the application and the underlying datastore. However, there are still many integrated and platform-dependent approaches.…”

Section: Separation Of Concerns (R5)mentioning

confidence: 99%

See 1 more Smart Citation

A systematic literature review of authorization and access control requirements and current state of the art for different database models

Mohamed,

Auer,

Hofer

et al. 2023

IJWIS

Self Cite

View full text Add to dashboard Cite

Purpose Data protection requirements heavily increased due to the rising awareness of data security, legal requirements and technological developments. Today, NoSQL databases are increasingly used in security-critical domains. Current survey works on databases and data security only consider authorization and access control in a very general way and do not regard most of today’s sophisticated requirements. Accordingly, the purpose of this paper is to discuss authorization and access control for relational and NoSQL database models in detail with respect to requirements and current state of the art. Design/methodology/approach This paper follows a systematic literature review approach to study authorization and access control for different database models. Starting with a research on survey works on authorization and access control in databases, the study continues with the identification and definition of advanced authorization and access control requirements, which are generally applicable to any database model. This paper then discusses and compares current database models based on these requirements. Findings As no survey works consider requirements for authorization and access control in different database models so far, the authors define their requirements. Furthermore, the authors discuss the current state of the art for the relational, key-value, column-oriented, document-based and graph database models in comparison to the defined requirements. Originality/value This paper focuses on authorization and access control for various database models, not concrete products. This paper identifies today’s sophisticated – yet general – requirements from the literature and compares them with research results and access control features of current products for the relational and NoSQL database models.

show abstract

Section: Graph Databasesmentioning

confidence: 99%