TY - GEN
T1 - Cryptographically enforced role-based access control for NoSQL distributed databases
AU - Shalabi, Yossif
AU - Gudes, Ehud
N1 - Publisher Copyright:
© IFIP International Federation for Information Processing 2017.
PY - 2017/1/1
Y1 - 2017/1/1
N2 - The support for Role-Based Access Control (RBAC) using cryptography for NOSQL distributed databases is investigated. Cassandra is a NoSQL DBMS that efficiently supports very large databases, but provides rather simple security measures (an agent having physical access to a Cassandra cluster is usually assumed to have access to all data therein). Support for RBAC had been added almost as an afterthought, with the Node Coordinator having to mediate all requests to read and write data, in order to ensure that only the requests allowed by the Access Control Policy (ACP) are allowed through. In this paper, we propose a model and protocols for cryptographic enforcement of an ACP in a cassandra like system, which would ease the load on the Node Coordinator, thereby taking the bottleneck out of the existing security implementation. We allow any client to read the data from any storage node(s) – provided that only the clients whom the ACP grants access to a datum, would hold the encryption keys that enable these clients to decrypt the data.
AB - The support for Role-Based Access Control (RBAC) using cryptography for NOSQL distributed databases is investigated. Cassandra is a NoSQL DBMS that efficiently supports very large databases, but provides rather simple security measures (an agent having physical access to a Cassandra cluster is usually assumed to have access to all data therein). Support for RBAC had been added almost as an afterthought, with the Node Coordinator having to mediate all requests to read and write data, in order to ensure that only the requests allowed by the Access Control Policy (ACP) are allowed through. In this paper, we propose a model and protocols for cryptographic enforcement of an ACP in a cassandra like system, which would ease the load on the Node Coordinator, thereby taking the bottleneck out of the existing security implementation. We allow any client to read the data from any storage node(s) – provided that only the clients whom the ACP grants access to a datum, would hold the encryption keys that enable these clients to decrypt the data.
UR - http://www.scopus.com/inward/record.url?scp=85022001625&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-61176-1_1
DO - 10.1007/978-3-319-61176-1_1
M3 - Conference contribution
AN - SCOPUS:85022001625
SN - 9783319611754
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 3
EP - 19
BT - Data and Applications Security and Privacy XXXI - 31st Annual IFIP WG 11.3 Conference, DBSec 2017, Proceedings
A2 - Zhu, Sencun
A2 - Livraga, Giovanni
PB - Springer Verlag
T2 - 31st Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy, DBSec 2017
Y2 - 19 July 2017 through 21 July 2017
ER -