Rewriting Graph-DB Queries to Enforce Attribute-Based Access Control

Daniel Hofer (Speaker)

Activity: Talk or presentation › Contributed talk › science-to-science

Description

To provide Attribute-Based Access Control (ABAC) in a data-store, we can either rely on built-in features or, especially if they are not present, implement access control as a service (ACaaS) on top of the database. We address the latter, in particular for graph databases, by rewriting queries which are violating access control conditions. We intercept the insecure queries right before sending them to the database to add additional filters. Thus, the database returns only authorized data and implicitly enforces ABAC beyond its own access control features. Our contributions are an authorization policy model influenced by XACML and a query rewriting algorithm for enforcing the defined authorizations with respect to this model. Our concept is application- and database-independent and operates on simple freely formulated queries, i.e. the queries do not have to follow a predefined structure. A proof-of-concept prototype has been implemented for Neo4j and its query language Cypher.

Period	29 Aug 2023
Event title	The 34th International Conference on Database and Expert Systems Applications
Event type	Conference
Location	MalaysiaShow on map

Fields of science

102 Computer Sciences

JKU Focus areas

Digital Transformation
Sustainable Development: Responsible Technologies and Management

Documents & Links

https://www.dexa.org/previous/dexa2023/www.dexa.org/index.html