Enabling Attribute-Based Access Control in NoSQL Databases

IF 5.1 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

IEEE Transactions on Emerging Topics in Computing Pub Date : 2022-07-29 DOI:10.1109/TETC.2022.3193577

Eeshan Gupta;Shamik Sural;Jaideep Vaidya;Vijayalakshmi Atluri

{"title":"Enabling Attribute-Based Access Control in NoSQL Databases","authors":"Eeshan Gupta;Shamik Sural;Jaideep Vaidya;Vijayalakshmi Atluri","doi":"10.1109/TETC.2022.3193577","DOIUrl":null,"url":null,"abstract":"NoSQL databases are being increasingly used for efficient management of high volumes of unstructured data in applications like information retrieval, natural language processing, social computing, etc. However, unlike traditional databases, data protection measures such as access control for these databases are still in their infancy, which could lead to significant vulnerabilities and security/privacy issues as their adoption increases. Attribute-based Access Control (ABAC), which provides a flexible and dynamic solution to access control, can be effective for mediating accesses in typical usage scenarios for NoSQL databases. In this paper, we propose a novel methodology for enabling ABAC in NoSQL databases. Specifically we consider MongoDB, which is one of the most popular NoSQL databases in use today. We present an approach to both specify ABAC access control policies and to enforce them when an actual access request has been made. MongoDB Wire Protocol is used for extracting and processing appropriate information from the requests. We also present a method for supporting dynamic access decisions using environmental attributes and handling of ad-hoc access requests through digitally signed user attributes. Results from an extensive set of experiments on the Enron corpus as well as on synthetically generated data demonstrate the scalability of our approach. Finally, we provide details of our implementation on MongoDB and share a Github repository so that any organization can download and deploy the same for enabling ABAC in their own MongoDB installations.","PeriodicalId":13156,"journal":{"name":"IEEE Transactions on Emerging Topics in Computing","volume":"11 1","pages":"208-223"},"PeriodicalIF":5.1000,"publicationDate":"2022-07-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=9844984","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Transactions on Emerging Topics in Computing","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/9844984/","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 1

Abstract

NoSQL databases are being increasingly used for efficient management of high volumes of unstructured data in applications like information retrieval, natural language processing, social computing, etc. However, unlike traditional databases, data protection measures such as access control for these databases are still in their infancy, which could lead to significant vulnerabilities and security/privacy issues as their adoption increases. Attribute-based Access Control (ABAC), which provides a flexible and dynamic solution to access control, can be effective for mediating accesses in typical usage scenarios for NoSQL databases. In this paper, we propose a novel methodology for enabling ABAC in NoSQL databases. Specifically we consider MongoDB, which is one of the most popular NoSQL databases in use today. We present an approach to both specify ABAC access control policies and to enforce them when an actual access request has been made. MongoDB Wire Protocol is used for extracting and processing appropriate information from the requests. We also present a method for supporting dynamic access decisions using environmental attributes and handling of ad-hoc access requests through digitally signed user attributes. Results from an extensive set of experiments on the Enron corpus as well as on synthetically generated data demonstrate the scalability of our approach. Finally, we provide details of our implementation on MongoDB and share a Github repository so that any organization can download and deploy the same for enabling ABAC in their own MongoDB installations.

查看原文本刊更多论文

在NoSQL数据库中实现基于属性的访问控制

NoSQL数据库在信息检索、自然语言处理、社交计算等应用中越来越多地用于高效管理大量非结构化数据。然而，与传统数据库不同，这些数据库的数据保护措施（如访问控制）仍处于初级阶段，随着采用率的增加，这可能会导致严重的漏洞和安全/隐私问题。基于属性的访问控制（ABAC）为访问控制提供了灵活而动态的解决方案，在NoSQL数据库的典型使用场景中，它可以有效地中介访问。在本文中，我们提出了一种在NoSQL数据库中启用ABAC的新方法。我们特别考虑MongoDB，它是目前使用的最流行的NoSQL数据库之一。我们提出了一种方法来指定ABAC访问控制策略，并在发出实际访问请求时强制执行这些策略。MongoDB Wire Protocol用于从请求中提取和处理适当的信息。我们还提出了一种使用环境属性支持动态访问决策的方法，以及通过数字签名的用户属性处理自组织访问请求的方法。在安然语料库以及综合生成的数据上进行的大量实验结果证明了我们方法的可扩展性。最后，我们提供了我们在MongoDB上实现的详细信息，并共享一个Github存储库，以便任何组织都可以下载和部署它，以便在自己的MongoDB安装中启用ABAC。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

IEEE Transactions on Emerging Topics in Computing Computer Science-Computer Science (miscellaneous)

CiteScore

12.10

自引率

5.10%

发文量

113

期刊介绍： IEEE Transactions on Emerging Topics in Computing publishes papers on emerging aspects of computer science, computing technology, and computing applications not currently covered by other IEEE Computer Society Transactions. Some examples of emerging topics in computing include: IT for Green, Synthetic and organic computing structures and systems, Advanced analytics, Social/occupational computing, Location-based/client computer systems, Morphic computer design, Electronic game systems, & Health-care IT.