SEQUOIA: Scalable Policy-Based Access Control for Search Operations in Data-Driven Applications

Bogaerts, Jasper; Lagaisse, Bert; Joosen, Wouter

doi:10.1007/978-3-319-62105-0_1

Cited by 3 publications

(4 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The established policy language and access control model eXtensible Access Control Markup Language (XACML) [2], for example, supports separation of concerns. In addition, in research prototypes like the ones presented by Bertino et al (2001), Colombo and Ferrari (2017), Kacimi and Benhlima (2017), Bogaerts et al (2017) and Mohamed et al (2022), authorization policy management and enforcement are also independent of the application and the underlying datastore. However, there are still many integrated and platform-dependent approaches.…”

Section: Separation Of Concerns (R5)mentioning

confidence: 99%

A systematic literature review of authorization and access control requirements and current state of the art for different database models

Mohamed,

Auer,

Hofer

et al. 2023

IJWIS

View full text Add to dashboard Cite

Purpose Data protection requirements heavily increased due to the rising awareness of data security, legal requirements and technological developments. Today, NoSQL databases are increasingly used in security-critical domains. Current survey works on databases and data security only consider authorization and access control in a very general way and do not regard most of today’s sophisticated requirements. Accordingly, the purpose of this paper is to discuss authorization and access control for relational and NoSQL database models in detail with respect to requirements and current state of the art. Design/methodology/approach This paper follows a systematic literature review approach to study authorization and access control for different database models. Starting with a research on survey works on authorization and access control in databases, the study continues with the identification and definition of advanced authorization and access control requirements, which are generally applicable to any database model. This paper then discusses and compares current database models based on these requirements. Findings As no survey works consider requirements for authorization and access control in different database models so far, the authors define their requirements. Furthermore, the authors discuss the current state of the art for the relational, key-value, column-oriented, document-based and graph database models in comparison to the defined requirements. Originality/value This paper focuses on authorization and access control for various database models, not concrete products. This paper identifies today’s sophisticated – yet general – requirements from the literature and compares them with research results and access control features of current products for the relational and NoSQL database models.

show abstract

Section: Separation Of Concerns (R5)mentioning

confidence: 99%

A systematic literature review of authorization and access control requirements and current state of the art for different database models

Mohamed,

Auer,

Hofer

et al. 2023

IJWIS

View full text Add to dashboard Cite

show abstract

“…Let us now focus on the key requirements that we have considered in defining an approach to evaluate the impact of access control policies on data handled by NoSQL systems. These requirements have been derived from the literature on access control (e.g., [13,4]), existing enforcement monitors (e.g., Apache Ranger 5 ), and features of NoSQL datastores.…”

Section: Requirementsmentioning

confidence: 99%

“…delField (du, oid); end (4) for oid ∈ π tbp (du) do (5) delField (du, oid); end (6) delField (du, "tbs"); (7) delField (du, "tbp"); (8) return du; end Algorithm 5), field tbs of du collects all the placeholders for which a substitution is required. In the considered scenario, tbs only includes the string 53da, which represents the identifier of a field of du specifying as value an object characterized by the fields Date, From, Cc, To, and Subject.…”

Section: Return Du Endmentioning

confidence: 99%

“…(3) else (4) if st=open then dec =permit; else dec =deny; end (5) if dec =deny then push (unauthCGR, cgl1 ); (6) if cgl2 =⊥ then (7) dec =handleSP (dec, dcgl2, ppc, crs, st); (8) if dec =deny then push (unauthCGR, cgl2 ); end (9) return dec end sages, included in the database emailDB, 2) no policy has been specified for messages, and 3) the policies specified for emailDB, evaluated during the mapping phase of projector grant the access. Let us suppose that the system is closed, and the analysis is performed considering denials take precedence as conflict resolution strategy, and most specific overrides as propagation criterion.…”

Section: J O U R N a L P R E -P R O O Fmentioning

confidence: 99%

See 1 more Smart Citation

Evaluating the effects of access control policies within NoSQL systems

Colombo

Ferrari

2021

Future Generation Computer Systems

View full text Add to dashboard Cite

This is a PDF file of an article that has undergone enhancements after acceptance, such as the addition of a cover page and metadata, and formatting for readability, but it is not yet the definitive version of record. This version will undergo additional copyediting, typesetting and review before it is published in its final form, but we are providing this version to give early visibility of the article. Please note that, during the production process, errors may be discovered which could affect the content, and all legal disclaimers that apply to the journal pertain.

show abstract