XACML Extension for Graphs: Flexible Authorization Policy Specification and Datastore-Independent Enforcement

Aya Mohamed; Aya Mohamed; Dagmar Auer; Dagmar Auer; Daniel Hofer; Daniel Hofer; Josef Küng; Josef Küng

Research.Publish.Connect.

*Please fill out at least one Field. *Value must be an number!

Title:
ISBN:
Year:
Acronym:
Subject:

Advanced Search Proceedings Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Title:
Author:
Affiliation:
Subject:

Advanced Search Papers Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Name:
Affiliation:
Country:
Conference:
Subject:

Advanced Search Authors Search

If you're looking for an exact phrase use quotation marks on text fields.

*Please fill out at least one Field.

Name:
Country:
Subject:

Advanced Search Affiliations Search

If you're looking for an exact phrase use quotation marks on text fields.

Proceedings

Proceedings Search *Please fill out at least one Field. *Value must be an number!

Title:
ISBN:
Year:
Acronym:
Subject:

Advanced Search Proceedings Search

If you're looking for an exact phrase use quotation marks on text fields.

Papers

Papers Search *Please fill out at least one Field.

Title:
Author:
Affiliation:
Subject:

Advanced Search Papers Search

If you're looking for an exact phrase use quotation marks on text fields.

Authors

Authors Search *Please fill out at least one Field.

Name:
Affiliation:
Country:
Conference:
Subject:

Advanced Search Authors Search

If you're looking for an exact phrase use quotation marks on text fields.

Advanced Search

Paper

XACML Extension for Graphs: Flexible Authorization Policy Specification and Datastore-Independent Enforcement

Topics: Access Control; Data Protection; Database Security and Privacy; Security and Privacy Policies

In Proceedings of the 20th International Conference on Security and Cryptography SECRYPT - Volume 1, 442-449, 2023 , Rome, Italy

Authors: Aya Mohamed ^{1

;

2} ; Dagmar Auer ^{1

;

2} ; Daniel Hofer ^{1

;

2} and Josef Küng ^{1

;

2}

Affiliations: ¹ Institute of Application-oriented Knowledge Processing, Johannes Kepler University Linz, Linz, Austria ; ² LIT Secure and Correct Systems Lab, Johannes Kepler University Linz, Linz, Austria

Keyword(s): Access Control, Authorization Policy, Graph-Structured Data, Graph Database, Cypher, Neo4j, XACML.

Abstract: The increasing use of graph-structured data for business- and privacy-critical applications requires sophisticated, flexible and fine-grained authorization and access control. Currently, role-based access control is supported in graph databases, where access to objects is restricted via roles. This does not take special properties of graphs into account, such as vertices and edges along the path between a given subject and resource. In our previous research iterations, we started to design an authorization policy language and access control model, which considers the specification of graph paths and enforces them in the multi-model database ArangoDB. Since this approach is promising to consider graph characteristics in data protection, we improve the language in this work to provide flexible path definitions and specifying edges as protected resources. Furthermore, we introduce a method for a datastore-independent policy enforcement. Besides discussing the latest work in our XACML4G model, which is an extension to the Extensible Access Control Markup Language (XACML), we demonstrate our prototypical implementation with a real case giving an outlook on performance. (More)

CC BY-NC-ND 4.0

Guest: Register as new SciTePress user now for free.

SciTePress user: please login.

My Papers

You are not signed in, therefore limits apply to your IP address 3.16.218.208

In the current month:

Recent papers: 100 available of 100 total

2⁺ years older papers: 200 available of 200 total

Paper citation in several formats:

Mohamed, A.; Auer, D.; Hofer, D. and Küng, J. (2023). XACML Extension for Graphs: Flexible Authorization Policy Specification and Datastore-Independent Enforcement. In Proceedings of the 20th International Conference on Security and Cryptography - SECRYPT; ISBN 978-989-758-666-8; ISSN 2184-7711, SciTePress, pages 442-449. DOI: 10.5220/0012090000003555

@conference{secrypt23,
author={Aya Mohamed. and Dagmar Auer. and Daniel Hofer. and Josef Küng.},
title={XACML Extension for Graphs: Flexible Authorization Policy Specification and Datastore-Independent Enforcement},
booktitle={Proceedings of the 20th International Conference on Security and Cryptography - SECRYPT},
year={2023},
pages={442-449},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0012090000003555},
isbn={978-989-758-666-8},
issn={2184-7711},
}

TY - CONF

JO - Proceedings of the 20th International Conference on Security and Cryptography - SECRYPT
TI - XACML Extension for Graphs: Flexible Authorization Policy Specification and Datastore-Independent Enforcement
SN - 978-989-758-666-8
IS - 2184-7711
AU - Mohamed, A.
AU - Auer, D.
AU - Hofer, D.
AU - Küng, J.
PY - 2023
SP - 442
EP - 449
DO - 10.5220/0012090000003555
PB - SciTePress