Enabling Attribute-Based Access Control in NoSQL Databases

Eeshan Gupta; Shamik Sural; Jaideep Vaidya; Vijayalakshmi Atluri

doi:https://doi.org/10.1109/TETC.2022.3193577

Enabling Attribute-Based Access Control in NoSQL Databases

Eeshan Gupta, Shamik Sural, Jaideep Vaidya, Vijayalakshmi Atluri

Rutgers Business School, Management & Information Systems

Rutgers, The State University

Research output: Contribution to journal › Article › peer-review

Abstract

NoSQL databases are being increasingly used for efficient management of high volumes of unstructured data in applications like information retrieval, natural language processing, social computing, etc. However, unlike traditional databases, data protection measures such as access control for these databases are still in their infancy, which could lead to significant vulnerabilities and security/privacy issues as their adoption increases. Attribute-based Access Control (ABAC), which provides a flexible and dynamic solution to access control, can be effective for mediating accesses in typical usage scenarios for NoSQL databases. In this paper, we propose a novel methodology for enabling ABAC in NoSQL databases. Specifically we consider MongoDB, which is one of the most popular NoSQL databases in use today. We present an approach to both specify ABAC access control policies and to enforce them when an actual access request has been made. MongoDB Wire Protocol is used for extracting and processing appropriate information from the requests. We also present a method for supporting dynamic access decisions using environmental attributes and handling of ad-hoc access requests through digitally signed user attributes. Results from an extensive set of experiments on the Enron corpus as well as on synthetically generated data demonstrate the scalability of our approach. Finally, we provide details of our implementation on MongoDB and share a Github repository so that any organization can download and deploy the same for enabling ABAC in their own MongoDB installations.

Original language	American English
Pages (from-to)	208-223
Number of pages	16
Journal	IEEE Transactions on Emerging Topics in Computing
Volume	11
Issue number	1
DOIs	https://doi.org/10.1109/TETC.2022.3193577
State	Published - Jan 1 2023

ASJC Scopus subject areas

Computer Science (miscellaneous)
Information Systems
Human-Computer Interaction
Computer Science Applications

Keywords

Attribute-based access control
MongoDB
NoSQL datastores

Access to Document

https://doi.org/10.1109/TETC.2022.3193577

Cite this

@article{32387e17be9246af942becd927032b81,

title = "Enabling Attribute-Based Access Control in NoSQL Databases",

abstract = "NoSQL databases are being increasingly used for efficient management of high volumes of unstructured data in applications like information retrieval, natural language processing, social computing, etc. However, unlike traditional databases, data protection measures such as access control for these databases are still in their infancy, which could lead to significant vulnerabilities and security/privacy issues as their adoption increases. Attribute-based Access Control (ABAC), which provides a flexible and dynamic solution to access control, can be effective for mediating accesses in typical usage scenarios for NoSQL databases. In this paper, we propose a novel methodology for enabling ABAC in NoSQL databases. Specifically we consider MongoDB, which is one of the most popular NoSQL databases in use today. We present an approach to both specify ABAC access control policies and to enforce them when an actual access request has been made. MongoDB Wire Protocol is used for extracting and processing appropriate information from the requests. We also present a method for supporting dynamic access decisions using environmental attributes and handling of ad-hoc access requests through digitally signed user attributes. Results from an extensive set of experiments on the Enron corpus as well as on synthetically generated data demonstrate the scalability of our approach. Finally, we provide details of our implementation on MongoDB and share a Github repository so that any organization can download and deploy the same for enabling ABAC in their own MongoDB installations.",

keywords = "Attribute-based access control, MongoDB, NoSQL datastores",

author = "Eeshan Gupta and Shamik Sural and Jaideep Vaidya and Vijayalakshmi Atluri",

note = "Funding Information: This work was supported in part by National Science Foundation under Grants CNS-1564034, CNS-1624503, and CNS-1747728, in part by the National Institutes of Health under Grant R35GM134927, and in part by a research gift received from Cisco University Research. The work of Shamik Sural was supported in part by CISCO University Research Program Fund, Silicon Valley Community Foundation under Grant 2020-220329 (3696). Publisher Copyright: {\textcopyright} 2013 IEEE.",

year = "2023",

month = jan,

day = "1",

doi = "https://doi.org/10.1109/TETC.2022.3193577",

language = "American English",

volume = "11",

pages = "208--223",

journal = "IEEE Transactions on Emerging Topics in Computing",

issn = "2168-6750",

publisher = "IEEE Computer Society",

number = "1",

}

TY - JOUR

T1 - Enabling Attribute-Based Access Control in NoSQL Databases

AU - Gupta, Eeshan

AU - Sural, Shamik

AU - Vaidya, Jaideep

AU - Atluri, Vijayalakshmi

N1 - Funding Information: This work was supported in part by National Science Foundation under Grants CNS-1564034, CNS-1624503, and CNS-1747728, in part by the National Institutes of Health under Grant R35GM134927, and in part by a research gift received from Cisco University Research. The work of Shamik Sural was supported in part by CISCO University Research Program Fund, Silicon Valley Community Foundation under Grant 2020-220329 (3696). Publisher Copyright: © 2013 IEEE.

PY - 2023/1/1

Y1 - 2023/1/1

N2 - NoSQL databases are being increasingly used for efficient management of high volumes of unstructured data in applications like information retrieval, natural language processing, social computing, etc. However, unlike traditional databases, data protection measures such as access control for these databases are still in their infancy, which could lead to significant vulnerabilities and security/privacy issues as their adoption increases. Attribute-based Access Control (ABAC), which provides a flexible and dynamic solution to access control, can be effective for mediating accesses in typical usage scenarios for NoSQL databases. In this paper, we propose a novel methodology for enabling ABAC in NoSQL databases. Specifically we consider MongoDB, which is one of the most popular NoSQL databases in use today. We present an approach to both specify ABAC access control policies and to enforce them when an actual access request has been made. MongoDB Wire Protocol is used for extracting and processing appropriate information from the requests. We also present a method for supporting dynamic access decisions using environmental attributes and handling of ad-hoc access requests through digitally signed user attributes. Results from an extensive set of experiments on the Enron corpus as well as on synthetically generated data demonstrate the scalability of our approach. Finally, we provide details of our implementation on MongoDB and share a Github repository so that any organization can download and deploy the same for enabling ABAC in their own MongoDB installations.

AB - NoSQL databases are being increasingly used for efficient management of high volumes of unstructured data in applications like information retrieval, natural language processing, social computing, etc. However, unlike traditional databases, data protection measures such as access control for these databases are still in their infancy, which could lead to significant vulnerabilities and security/privacy issues as their adoption increases. Attribute-based Access Control (ABAC), which provides a flexible and dynamic solution to access control, can be effective for mediating accesses in typical usage scenarios for NoSQL databases. In this paper, we propose a novel methodology for enabling ABAC in NoSQL databases. Specifically we consider MongoDB, which is one of the most popular NoSQL databases in use today. We present an approach to both specify ABAC access control policies and to enforce them when an actual access request has been made. MongoDB Wire Protocol is used for extracting and processing appropriate information from the requests. We also present a method for supporting dynamic access decisions using environmental attributes and handling of ad-hoc access requests through digitally signed user attributes. Results from an extensive set of experiments on the Enron corpus as well as on synthetically generated data demonstrate the scalability of our approach. Finally, we provide details of our implementation on MongoDB and share a Github repository so that any organization can download and deploy the same for enabling ABAC in their own MongoDB installations.

KW - Attribute-based access control

KW - MongoDB

KW - NoSQL datastores

UR - http://www.scopus.com/inward/record.url?scp=85135744804&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85135744804&partnerID=8YFLogxK

U2 - https://doi.org/10.1109/TETC.2022.3193577

DO - https://doi.org/10.1109/TETC.2022.3193577

M3 - Article

SN - 2168-6750

VL - 11

SP - 208

EP - 223

JO - IEEE Transactions on Emerging Topics in Computing

JF - IEEE Transactions on Emerging Topics in Computing

IS - 1

ER -

Enabling Attribute-Based Access Control in NoSQL Databases

Abstract

ASJC Scopus subject areas

Keywords

Access to Document

Other files and links

Fingerprint

Cite this