Cryptographically enforced role-based access control for NoSQL distributed databases

Yossif Shalabi, Ehud Gudes

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

9 Scopus citations


The support for Role-Based Access Control (RBAC) using cryptography for NOSQL distributed databases is investigated. Cassandra is a NoSQL DBMS that efficiently supports very large databases, but provides rather simple security measures (an agent having physical access to a Cassandra cluster is usually assumed to have access to all data therein). Support for RBAC had been added almost as an afterthought, with the Node Coordinator having to mediate all requests to read and write data, in order to ensure that only the requests allowed by the Access Control Policy (ACP) are allowed through. In this paper, we propose a model and protocols for cryptographic enforcement of an ACP in a cassandra like system, which would ease the load on the Node Coordinator, thereby taking the bottleneck out of the existing security implementation. We allow any client to read the data from any storage node(s) – provided that only the clients whom the ACP grants access to a datum, would hold the encryption keys that enable these clients to decrypt the data.

Original languageEnglish
Title of host publicationData and Applications Security and Privacy XXXI - 31st Annual IFIP WG 11.3 Conference, DBSec 2017, Proceedings
EditorsSencun Zhu, Giovanni Livraga
PublisherSpringer Verlag
Number of pages17
ISBN (Print)9783319611754
StatePublished - 1 Jan 2017
Event31st Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy, DBSec 2017 - Philadelphia, United States
Duration: 19 Jul 201721 Jul 2017

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume10359 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Conference31st Annual IFIP WG 11.3 Conference on Data and Applications Security and Privacy, DBSec 2017
Country/TerritoryUnited States

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science


Dive into the research topics of 'Cryptographically enforced role-based access control for NoSQL distributed databases'. Together they form a unique fingerprint.

Cite this