Skip to main content
SpringerLink
Log in

ReLOG: A Unified Framework for Relationship-Based Access Control over Graph Databases

  • Conference paper
  • First Online:
Book cover Data and Applications Security and Privacy XXXVI (DBSec 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13383))

Included in the following conference series:

Abstract

Relationship-Based Access Control (ReBAC) is a paradigm to specify access constraints in terms of interpersonal relationships. To express these graph-like constraints, a variety of ReBAC models with varying features and ad-hoc implementations have been proposed. In this work, we investigate the theoretical feasibility of realising ReBAC systems using off-the-shelf graph database technology and propose a unified framework through which we characterise and compare existing ReBAC models. To this end, we formalise a ReBAC specific query language, ReLOG, an extension to regular graph queries over property graphs. We show that existing ReBAC models are instantiations of queries over property graphs, laying a foundation for the design of ReBAC mechanisms based on graph database technology.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Ahmed, T., Sandhu, R.S., Park, J.: Classifying and comparing attribute-based and relationship-based access control. In: CODASPY, pp. 59–70. ACM (2017)

    Google Scholar 

  2. Aktoudianakis, E., Crampton, J., Schneider, S.A., Treharne, H., Waller, A.: Policy templates for relationship-based access control. In: PST, pp. 221–228. IEEE (2013)

    Google Scholar 

  3. Bertolissi, C., den Hartog, J., Zannone, N.: Using provenance for secure data fusion in cooperative systems. In: SACMAT, pp. 185–194. ACM (2019)

    Google Scholar 

  4. Bonifati, A., Fletcher, G.H.L., Voigt, H., Yakovets, N.: Querying Graphs. Synthesis Lectures on Data Management, Morgan & Claypool Publishers, San Rafael (2018)

    Book  Google Scholar 

  5. Bruns, G., Fong, P., Siahaan, I., Huth, M.: Relationship-based access control: its expression and enforcement through hybrid logic. In: CODASPY, pp. 117–124. ACM (2012)

    Google Scholar 

  6. Cadenhead, T., Khadilkar, V., Kantarcioglu, M., Thuraisingham, B.: A language for provenance access control. In: CODASPY, pp. 133–144. ACM (2011)

    Google Scholar 

  7. Carminati, B., Ferrari, E., Perego, A.: Enforcing access control in Web-based social networks. ACM Trans. Inf. Syst. Secur. 13(1), 6:1–6:38 (2009)

    Google Scholar 

  8. Cheng, Y., Bijon, K., Sandhu, R.: Extended ReBAC administrative models with cascading revocation and provenance support. In: SACMAT, pp. 161–170. ACM (2016)

    Google Scholar 

  9. Cheng, Y., Park, J., Sandhu, R.S.: An access control model for online social networks using user-to-user relationships. IEEE Trans. Dependable Secur. Comput. 13(4), 424–436 (2016)

    Article  Google Scholar 

  10. Clark, S., Yakovets, N., Fletcher, G., Zannone, N.: A Unified Framework for Relationship-Based Access Control over Graph Databases (2022). https://gitlab.tue.nl/stanrogo/relog-framework/-/blob/main/Unified_ReBAC_Framework_Full.pdf

  11. Crampton, J., Sellwood, J.: Path conditions and principal matching: a new approach to access control. In: SACMAT, pp. 187–198. ACM (2014)

    Google Scholar 

  12. Fong, P.W.L., Siahaan, I.S.R.: Relationship-based access control policies and their policy languages. In: SACMAT, pp. 51–60. ACM (2011)

    Google Scholar 

  13. Kaluvuri, S.P., Egner, A.I., den Hartog, J., Zannone, N.: SAFAX - an extensible authorization service for cloud environments. Frontiers ICT 2, 9 (2015)

    Article  Google Scholar 

  14. Lobo, J.: Relationship-based access control: more than a social network access control model. Wiley Interdiscip. Rev. Data Mining Knowl. Discov. 9(2), e1282 (2019)

    Article  Google Scholar 

  15. Paci, F., Squicciarini, A.C., Zannone, N.: Survey on access control for community-centered collaborative systems. ACM Comput. Surv. 51(1), 6:1–6:38 (2018)

    Google Scholar 

  16. Pasarella, E., Lobo, J.: A datalog framework for modeling relationship-based access control policies. In: SACMAT, pp. 91–102. ACM (2017)

    Google Scholar 

  17. Rizvi, S.Z.R., Fong, P.W.L.: Efficient authorization of graph-database queries in an attribute-supporting ReBAC model. ACM Trans. Priv. Secur. 23(4), 18:1–18:33 (2020)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Eindhoven University of Technology, 5600 MB, Eindhoven, The Netherlands

    Stanley Clark, Nikolay Yakovets, George Fletcher & Nicola Zannone

Authors
  1. Stanley Clark
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Nikolay Yakovets
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. George Fletcher
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Nicola Zannone
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Nicola Zannone .

Editor information

Editors and Affiliations

  1. Department of Computer Science and Engineering, Indian Institute of Technology Kharagpur, Kharagpur, West Bengal, India

    Shamik Sural

  2. Department of Information Systems and Analytics, Santa Clara University, Santa Clara, CA, USA

    Haibing Lu

Rights and permissions

Reprints and permissions

Copyright information

© 2022 IFIP International Federation for Information Processing

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Clark, S., Yakovets, N., Fletcher, G., Zannone, N. (2022). ReLOG: A Unified Framework for Relationship-Based Access Control over Graph Databases. In: Sural, S., Lu, H. (eds) Data and Applications Security and Privacy XXXVI. DBSec 2022. Lecture Notes in Computer Science, vol 13383. Springer, Cham. https://doi.org/10.1007/978-3-031-10684-2_17

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-10684-2_17

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-10683-5

  • Online ISBN: 978-3-031-10684-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation