Skip to main content
SpringerLink
Log in

ChRelBAC data access control model for large-scale interactive informational-analytical systems

  • Original Paper
  • Published:
Journal of Computer Virology and Hacking Techniques Aims and scope Submit manuscript

Abstract

Information systems providing interactive access for a huge number of users worldwide are exposed to numerous security threats. One of the most significant threats to this sort of systems is the threat of unauthorized access to system resources, leading to the breach of data confidentiality (privacy), data integrity and to the denial of service. The design and implementation of models and algorithms to reduce the risks of realizing such threats and to ensure the prompt response to the incidents is an important problem. In this article we introduce the chain-relational model of access control (ChRelBAC), which was designed and implemented for a large scientometric system. We describe two software tools for supporting the model. Visualization tool presents access control rules in a user-friendly way. Verification tool for the processes of the model integration with the target information system source code identifies the entry points of the system that are not covered by the model. Finally, we discuss the problem of testing the relational model on the real data sets.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6

Similar content being viewed by others

References

  1. Nalimov V.V., Mulchenko Z.M.: Scientometrics: study of the scientific advancement as the information process. (In Russian: Naukometriya. Izuchenie razvitiya nauki kak informatsionnogo processa), 192 p. Nauka, Moscow, Russia (1969)

  2. Sadovnichiy, V.A., Vasenin, V.A.: Intellectual system of thematic investigation of scientometrical data: background of creation and methodology of development. Programmnaya Ingeneria 9, 51–58 (2018). (In Russian)

    Article  Google Scholar 

  3. Afonin, S.A., et al.: Intellectual system of thematic investigation of scientific and technical information. (In Russian: Intellektualnaya sistema tematicheskogo analiza nauchno-tekhnicheskoi informatsii), 262 p. Moscow University Press, Moscow, Russia (2014)

  4. Lazouski, Aliaksandr, Martinelli, Fabio, Mori, Paolo: Usage control in computer security: a survey. Comput. Sci. Rev. 4(2), 81–99 (2010). https://doi.org/10.1016/j.cosrev.2010.02.002

    Article  Google Scholar 

  5. Karin Höne, J.H.P.: Eloff Information security policy—what do international information security standards say? Comput. Secur. 21(5), 402–409 (2002). https://doi.org/10.1016/S0167-4048(02)00504-7

    Article  Google Scholar 

  6. Vasenin, V., Itkes, A., Shapchenko, K.: On the application of social networking access control models to one class of multi-user content management systems. Programmnaya Ingeneria 4, 10–19 (2015)

    Google Scholar 

  7. Vasenin, V.A., Itkes, A.A., Bukhonov, VYu., Galatenko, A.V.: Access Control Models in Multiuser Scientometric Content Management Systems. Programmnaya Ingeneria 7, 547–558 (2016)

    Article  Google Scholar 

  8. Hicks, D., Wouters, P., Waltman, L., et al.: Bibliometrics: the leiden manifesto for research metrics. Nature 520, 429–431 (2015)

    Article  Google Scholar 

  9. Vasenin, V.A., Itkes, A.A.: Using relation-based access control model within django-based web applications. Programmnaya Ingeneria 9, 195–208 (2018)

    Article  Google Scholar 

  10. Hu V. et.al.: Guide to Attribute Based Access Control (ABAC) Definition and Considerations. NIST Special publication 800-162 https://www.nist.gov/publications/guide-attribute-based-access-control-abac-definition-and-considerations (2014). Accessed 15 April 2020

  11. Bogaerts J. et al.: Entity-Based Access Control: supporting more expressive access control policies, In Proc. of the 31st Annual Computer Security Applications Conference (ACSAC 2015), 291-300 (2015)

  12. Giunchiglia F., Zhang R., Crispo B.: RelBAC: relation based access control. In: 2008 Fourth International Conference on Semantics, Knowledge and Grids, pp. 3–11 (2008)

  13. Alexandrov, D.E., Galatenko, A.V.: On the Complexity of Access Control Checking in RelBAC-policies. Intellektualniye sistemy. Teoriya i prilozheniya 20, 189–193 (2016). (In Russian)

    Google Scholar 

  14. Zhang X., Edwards A., Jaeger T.: Using CQUAL for static analysis of authorization hook placement. In: Proceedings of the 11th USENIX Security Symposium, pp. 33–48 (2002)

  15. Naumovich, G., Centonze, P.: Static analysis of role-based access control in J2EE applications. SIGSOFT Softw. Eng. Notes 29(5), 1–10 (2004). https://doi.org/10.1145/1022494.1022530

    Article  Google Scholar 

  16. Sun, F., Xu, L. and Su, Z.: Static detection of access control vulnerabilities in web applications. In: SEC’11: Proceeding of the 20th USENIX Conference on Security (2011)

  17. Centonze P., Flynn R.J., Pistoia M.: Combining static and dynamic analysis for automatic identification of precise access-control policies. In: 23rd Annual Computer Security Applications Conference (ACSAC 2007), pp. 292–303 (2007)

  18. Zhu, J., Chu, B., Lipford, H., Thomas, T.: Mitigating access control vulnerabilities through interactive static analysis. In: Proceedings of the 20th ACM Symposium on Access Control Models and Technologies (SACMAT ’15), pp. 199–209 (2015). https://doi.org/10.1145/2752952.2752976

  19. Kasyanov, V., Kasyanova, E.: Information visualization on the base of graph models. Sci. Vis. 6(1), 31–50 (2014)

    Google Scholar 

  20. Plaksiy Kirill V., Nikiforov Andrey A., Miloslavskaya Natalia G.: Investigation of graph databases suitable for work with big data while detecting money laundering and terrorism financing cases, IT Security (Russia) pp. 3–6, 103–116 (2019)

  21. Kasyanov, V.N., Lisitsyn, I.A.: Hierarchical graph models and visual processing. In: Proceedings of 16th IFIP Congress, pp. 179–182 (2000)

  22. Di Battista, G., Eades, P., Tamassia, R., Tollis, I.G.: Graph Drawing: Algorithms for Vizualization of Graphs. Prentice Hall, Cambridge (1999)

    MATH  Google Scholar 

  23. Vaniea, K., Ni, Q., Cranor, L., Bertino, E.: Access control policy analysis and visualization tools for security professionals. In: USM’08: Workshop on Usable IT Security Management (2008)

  24. Anwar, M., Fong, P.W.L.: A visualization tool for evaluating access control policies in facebook-style social network systems. In: Proceedings of the 27th Annual ACM Symposium on Applied Computing, pp. 1443–1450 (2012)

  25. Reeder, R.W., Bauer, L., Cranor, L.F., Reiter, M.K., Bacon, K., How, K., Strong, H.: Expandable grids for visualizing and authoring computer security policies. In: CHI ’08, pp. 1473–1482 (2008)

  26. Montemayor, J., Freeman, A., Gersh, J., Llanso, T., Patrone, D.: Information visualization for rule-based resource access control. In: Proceedings of International Symposium on Usable Privacy and Security (2006)

  27. Tamassia, R., Palazzi, B., Papamanthou, C.: Graph drawing for security visualization. LNCS 5417, 2–13 (2009)

    MathSciNet  Google Scholar 

  28. Xu, W., Shehab, M., Ahn, G.: Visualization based policy analysis: case study in SELinux. In: Proceedings of the 13th ACM Symposium on Access Control Models and Technologies, pp. 165–174 (2008)

  29. Vasenin, V.A., Krivchikov, M.A.: Intermediate representation of programs with type specification based on pattern matching. Program. Comput. Soft 46, 57–66 (2020). https://doi.org/10.1134/S0361768820010077

    Article  MathSciNet  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institute of Mechanics, Lomonosov Moscow State University, Moscow, Russia

    Valery Vasenin, Alexander Itkes, Maxim Krivchikov & Evgeniya Yavtushenko

Authors
  1. Valery Vasenin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Alexander Itkes
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Maxim Krivchikov
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Evgeniya Yavtushenko
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Maxim Krivchikov.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Vasenin, V., Itkes, A., Krivchikov, M. et al. ChRelBAC data access control model for large-scale interactive informational-analytical systems. J Comput Virol Hack Tech 16, 313–331 (2020). https://doi.org/10.1007/s11416-020-00365-9

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11416-020-00365-9

Keywords

Search

Navigation