Towards Virtual Private NoSQL datastores

Colombo, Pietro; Ferrari, Elena

doi:10.1109/icde.2016.7498240

Cited by 21 publications

(25 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…As far as document-oriented datastores, efficient solutions to the integration of fine-grained purpose-based access control into MongoDB have been proposed in Colombo and Ferrari (2016) and (2017a). In Colombo and Ferrari (2017a) the RBAC model natively integrated in MongoDB has been enhanced with the support for the specification and enforcement of purpose-based policies (Byun and Li 2008) regulating the access up to document level.…”

Section: Nosql Datastoresmentioning

confidence: 99%

“…In Colombo and Ferrari (2016), the framework presented in Colombo and Ferrari (2017a) has been significantly extended, introducing the support for access control policies regulating the access up to field level, and providing support to specification and enforcement of content and context based policies. The proposed enforcement monitor, denoted ConfinedMem, applies the same logic as Mem, but it operates according to a twostep process, which consists of: 1) the derivation of the authorized views of all documents to be accessed by a submitted query q included in a message m requiring the access to data resources, 2) the rewriting of m as m' in such a way that m' specifies a query q' which can only access the authorized views of the documents to be accessed by q.…”

Section: Nosql Datastoresmentioning

confidence: 99%

“…The ability to represent data resources is a fundamental requirement for binding access control policies to the protected data, as well as for the specification of policies regulating the access on the basis of the protected objects' attributes. Indeed, in the literature on access control, multiple models allow enforcing content-based access constraints (e.g., Kulkarni (2013); Colombo and Ferrari (2016)), as well as access control rules that refer to various security metadata related to the protected data resources (e.g., Colombo and Ferrari (2015a)).…”

Section: Unifying Access Control Models and Mechanismsmentioning

confidence: 99%

See 2 more Smart Citations

Access control technologies for Big Data management systems: literature review and future trends

Colombo

Ferrari

2019

Cybersecur

Self Cite

View full text Add to dashboard Cite

Data security and privacy issues are magnified by the volume, the variety, and the velocity of Big Data and by the lack, up to now, of a reference data model and related data manipulation languages. In this paper, we focus on one of the key data security services, that is, access control, by highlighting the differences with traditional data management systems and describing a set of requirements that any access control solution for Big Data platforms may fulfill. We then describe the state of the art and discuss open research issues.

show abstract

Section: Nosql Datastoresmentioning

confidence: 99%

Section: Nosql Datastoresmentioning

confidence: 99%

Section: Unifying Access Control Models and Mechanismsmentioning

confidence: 99%

See 1 more Smart Citation

Access control technologies for Big Data management systems: literature review and future trends

Colombo

Ferrari

2019

Cybersecur

Self Cite

View full text Add to dashboard Cite

show abstract

“…Research efforts have also been recently focused on the integration of FGAC into NoSQL datastores (e.g., [10,12,16]) and map-reduce analytics platforms (e.g., [22]). For instance, Kulkarni [16] has proposed a finegrained access control model for key-value systems denoted K-VAC, which has been first designed to operate with Cassandra, 11 and then extended for the integration into HBase.…”

Section: Related Workmentioning

confidence: 99%

“…The analysis of the literature lead us to identify possible strategies to address issues related to the definition of policy specification criteria, enforcement strategies, the implementation of the proposed mechanisms by an enforcement monitor, and aspects related to integration of the monitor into existing document-oriented datastores. The analysis described in this paper is partially based on early research experiences on NoSQL datastores that we did with MongoDB [10,12], as well as on ongoing research activities finalized to the generalization of the approach in [10,12].…”

Section: Introductionmentioning

confidence: 99%

Fine-Grained Access Control Within NoSQL Document-Oriented Datastores

Colombo

Ferrari

2016

Data Sci. Eng.

Self Cite

View full text Add to dashboard Cite

The recent years have seen the birth of several NoSQL datastores, which are getting more and more popularity for their ability to handle high volumes of heterogeneous and unstructured data in a very efficient way. In several cases, NoSQL databases proved to outclass in terms of performance, scalability, and ease of use relational database management systems, meeting the requirements of a variety of today ICT applications. However, recent surveys reveal that, despite their undoubted popularity, NoSQL datastores suffer from some weaknesses, among which the lack of effective support for data protection appears among the most serious ones. Proper data protection mechanisms are therefore required to fill this void. In this work, we start to address this issue by focusing on access control and discussing the definition of a fine-grained access control framework for documentoriented NoSQL datastores. More precisely, we first focus on issues and challenges related to the definition of such a framework, considering theoretical, implementation, and integration aspects. Then, we discuss the reasons for which state-of-the-art fine-grained access control solutions proposed for relational database management systems cannot be used within the NoSQL scenario. We then introduce possible strategies to address the identified issues, which are at the basis of the framework development. Finally, we shortly report the outcome of an experience where the proposed framework has been used to enhance the data protection features of a popular NoSQL database.

show abstract

Dynamic Transitions of States for Context-Sensitive Access Control Decision

Kayes

Rahayu

Dillon

et al. 2018

Web Information Systems Engineering – WISE 2018

View full text Add to dashboard Cite

Due to the proliferation of data and services in everyday life, we face challenges to ascertain all the necessary contexts and associated contextual conditions and enable applications to utilize relevant information about the contexts. The ability to control context-sensitive access to data resources has become ever more important as the form of the data varies and evolves rapidly, particularly with the development of smart Internet of Things (IoTs). This frequently results in dynamically evolving contexts. An effective way of addressing these issues is to model the dynamically changing nature of the contextual conditions and the transitions between these different dynamically evolving contexts. These contexts can be considered as different states and the transitions represented as state transitions. In this paper, we present a new framework for context-sensitive access control, to represent the dynamic changes to the contexts in real time. We introduce a state transition mechanism to model context changes that lead the transitions from initial states to target states. The mechanism is used to decide whether an access control decision is granted or denied according to the associated contextual conditions and controls data access accordingly. We introduce a Petri net model to specify the control flows for the transitions of states according to the contextual changes. A software prototype has been implemented employing our Petri net model for detection of such changes and making access control decisions accordingly. The advantages of our context-sensitive access control framework along with a Petri net model have been evaluated through two sets of experiments, especially by looking for re-evaluation of access control decisions when context changes. The experimental results show that having a state transition mechanism alongside the context-sensitive access control increases the efficiency of decision making capabilities compared to earlier approaches.

show abstract

Towards Virtual Private NoSQL datastores

Cited by 21 publications

References 15 publications

Access control technologies for Big Data management systems: literature review and future trends

Access control technologies for Big Data management systems: literature review and future trends

Fine-Grained Access Control Within NoSQL Document-Oriented Datastores

Dynamic Transitions of States for Context-Sensitive Access Control Decision

Contact Info

Product

Resources

About