Skip to main content
SpringerLink
Log in

Towards an Effective Attribute-Based Access Control Model for Neo4j

  • Conference paper
  • First Online:
Model and Data Engineering (MEDI 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14396))

Included in the following conference series:

  • 188 Accesses

Abstract

The graph data model is increasingly used in practice due to its flexibility in modeling complex real-life data. However, some security features (e.g., access control) are not receiving sufficient attention from researchers since that graph databases are still in their infancy. Existing access control models do not rise to the finest granularity level of data, use expensive methods for data filtering or explicitly enforce access control rules in application code which may lead to several data security breaches. Based on the most popular graph database system Neo4j and its query language Cypher, this paper provides an Attribute-based Access Control (ABAC) support to Neo4j which makes the model more fine-grained and allows to specify more expressive access policies. Next, we provide a rewriting algorithm that transforms an arbitrary Cypher query into a safe one that enforces the underlying access control policy by returning only authorized data. Contrary to most existing solutions that use non-practical query languages, the proposed solution can be integrated easily within the Neo4j database system.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 59.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 74.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://neo4j.com/.

  2. 2.

    https://github.com/adil-ber/AC-for-Graph-DB.

  3. 3.

    It is worth noting that our findings can be extended to cover other features of the language as well.

  4. 4.

    An attribute A is accessible depending to the value of an attribute B and vice versa.

  5. 5.

    I.e. node or relationship with no variable attached to it.

  6. 6.

    According to our Cypher syntax, a subquery is any Match statement appearing inside an Exists call.

  7. 7.

    https://archive.org/details/stackexchange.

References

  1. Neo4j access control. https://neo4j.com/docs/cypher-manual/current/administration/access-control/. Accessed 10 June 2023

  2. Chabin, J., Ciferri, C.D., Halfeld-Ferrari, M., Hara, C.S., Penteado, R.R.: Role-based access control on graph databases. In: SOFSEM, pp. 519–534 (2021)

    Google Scholar 

  3. Clark, S., Yakovets, N., Fletcher, G., Zannone, N.: Relog: a unified framework for relationship-based access control over graph databases. In: IFIP, pp. 303–315 (2022)

    Google Scholar 

  4. Colombo, P., Ferrari, E.: Efficient enforcement of action-aware purpose-based access control within relational database management systems. IEEE Trans. Knowl. Data Eng. 27, 2134–2147 (2015)

    Article  Google Scholar 

  5. Colombo, P., Ferrari, E.: Towards virtual private NoSQL datastores. In: ICDE, pp. 193–204 (2016)

    Google Scholar 

  6. Elliott, A., Knight, S.: Role explosion: acknowledging the problem. In: Software Engineering Research and Practice, pp. 349–355 (2010)

    Google Scholar 

  7. Fan, W., Chan, C.Y., Garofalakis, M.: Secure xml querying with security views. In: SIGMOD, pp. 587–598 (2004)

    Google Scholar 

  8. Francis, N., et al.: Cypher: an evolving query language for property graphs. In: Proceedings of the 2018 International Conference on Management of Data, pp. 1433–1445 (2018)

    Google Scholar 

  9. Hofer, D., Mohamed, A., Küng, J.: Modifying neo4j’s object graph mapper queries for access control. In: Pardede, E., Delir Haghighi, P., Khalil, I., Kotsis, G. (eds.) Information Integration and Web Intelligence. iiWAS 2022. LNCS, vol. 13635, pp. 421–426. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-21047-1_37

  10. Jin, Y., Kaja, K.: XACML implementation based on graph databases. In: CATA, pp. 65–74 (2019)

    Google Scholar 

  11. Mohamed, A., Auer, D., Hofer, D., Küng, J.: Extended authorization policy for graph-structured data. SN Comput. Sci. 2, 351–369 (2021)

    Article  Google Scholar 

  12. Morgado, C., Baioco, G.B., Basso, T., Moraes, R.: A security model for access control in graph-oriented databases. In: QRS, pp. 135–142 (2018)

    Google Scholar 

  13. Rizvi, S., Mendelzon, A., Sudarshan, S., Roy, P.: Extending query rewriting techniques for fine-grained access control. In: SIGMOD, pp. 551–562 (2004)

    Google Scholar 

  14. Rizvi, S.Z.R., Fong, P.W.: Efficient authorization of graph-database queries in an attribute-supporting rebac model. ACM Trans. Priv. Secur. (TOPS) 1–33 (2020)

    Google Scholar 

  15. Valzelli, M., Maurino, A., Palmonari, M.: A fine-grained access control model for knowledge graphs. knowledge graphs. In: ICETE, vol. 2, pp. 595–601 (2020)

    Google Scholar 

  16. You, M., et al.: A knowledge graph empowered online learning framework for access control decision-making. World Wide Web, pp. 827–848 (2023)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Abou-Bekr Belkaid University & LRIT Laboratory, Tlemcen, Algeria

    Adil Achraf Bereksi Reguig & Houari Mahfoud

  2. Université de Lorraine & Loria-Cnrs-Inria, Nancy, France

    Abdessamad Imine

Authors
  1. Adil Achraf Bereksi Reguig
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Houari Mahfoud
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Abdessamad Imine
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Adil Achraf Bereksi Reguig .

Editor information

Editors and Affiliations

  1. Bordeaux INP, Talence, France

    Mohamed Mosbah

  2. Dublin City University, Dublin, Ireland

    Tahar Kechadi

  3. ENSMA, Poitiers, France

    Ladjel Bellatreche

  4. University of Sfax, Sfax, Tunisia

    Faiez Gargouri

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Bereksi Reguig, A.A., Mahfoud, H., Imine, A. (2024). Towards an Effective Attribute-Based Access Control Model for Neo4j. In: Mosbah, M., Kechadi, T., Bellatreche, L., Gargouri, F. (eds) Model and Data Engineering. MEDI 2023. Lecture Notes in Computer Science, vol 14396. Springer, Cham. https://doi.org/10.1007/978-3-031-49333-1_25

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-49333-1_25

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-49332-4

  • Online ISBN: 978-3-031-49333-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation