Comparison of Access Control Approaches for Graph-Structured Data
- URL: http://arxiv.org/abs/2405.20762v1
- Date: Fri, 31 May 2024 12:31:05 GMT
- Title: Comparison of Access Control Approaches for Graph-Structured Data
- Authors: Aya Mohamed, Dagmar Auer, Daniel Hofer, Josef Kueng,
- Abstract summary: Graph-structured data requires advanced, flexible, and fine-grained access control due to its complex structure.
Several research works focus on protecting property graph-structured data, enforcing fine-grained access control, and proving the feasibility and applicability of their concept.
We select works from our systematic literature review on authorization and access control for different database models in addition to recent ones.
- Score: 0.0
- License: http://creativecommons.org/licenses/by-nc-nd/4.0/
- Abstract: Access control is the enforcement of the authorization policy, which defines subjects, resources, and access rights. Graph-structured data requires advanced, flexible, and fine-grained access control due to its complex structure as sequences of alternating vertices and edges. Several research works focus on protecting property graph-structured data, enforcing fine-grained access control, and proving the feasibility and applicability of their concept. However, they differ conceptually and technically. We select works from our systematic literature review on authorization and access control for different database models in addition to recent ones. Based on defined criteria, we exclude research works with different objectives, such as no protection of graph-structured data, graph models other than the property graph, coarse-grained access control approaches, or no application in a graph datastore (i.e., no proof-of-concept implementation). The latest version of the remaining works are discussed in detail in terms of their access control approach as well as authorization policy definition and enforcement. Finally, we analyze the strengths and limitations of the selected works and provide a comparison with respect to different aspects, including the base access control model, open/closed policy, negative permission support, and datastore-independent enforcement.
Related papers
- Extracting Database Access-control Policies From Web Applications [5.193592261722995]
It is difficult to divine what policy is embedded in application code and what data the application may access.
This paper tackles policy extraction: the task of extracting the access-control policy.
Ote is a policy extractor for Ruby-on-Rails web applications.
arXiv Detail & Related papers (2024-11-18T08:58:11Z) - RAGent: Retrieval-based Access Control Policy Generation [1.2016264781280588]
RAGent is a novel retrieval-based access control policy generation framework based on language models.
RAGent identifies access requirements from high-level requirement specifications with an average state-of-the-art F1 score of 87.9%.
Unlike existing frameworks, RAGent generates policies with complex components like purposes and conditions, in addition to subjects, actions, and resources.
arXiv Detail & Related papers (2024-09-08T00:23:37Z) - Doc2SoarGraph: Discrete Reasoning over Visually-Rich Table-Text
Documents via Semantic-Oriented Hierarchical Graphs [79.0426838808629]
We propose TAT-DQA, i.e. to answer the question over a visually-rich table-text document.
Specifically, we propose a novel Doc2SoarGraph framework with enhanced discrete reasoning capability.
We conduct extensive experiments on TAT-DQA dataset, and the results show that our proposed framework outperforms the best baseline model by 17.73% and 16.91% in terms of Exact Match (EM) and F1 score respectively on the test set.
arXiv Detail & Related papers (2023-05-03T07:30:32Z) - Neural Graph Reasoning: Complex Logical Query Answering Meets Graph
Databases [63.96793270418793]
Complex logical query answering (CLQA) is a recently emerged task of graph machine learning.
We introduce the concept of Neural Graph Database (NGDBs)
NGDB consists of a Neural Graph Storage and a Neural Graph Engine.
arXiv Detail & Related papers (2023-03-26T04:03:37Z) - Sparsity-Aware Intelligent Massive Random Access Control in Open RAN: A
Reinforcement Learning Based Approach [61.74489383629319]
Massive random access of devices in the emerging Open Radio Access Network (O-RAN) brings great challenge to the access control and management.
reinforcement-learning (RL)-assisted scheme of closed-loop access control is proposed to preserve sparsity of access requests.
Deep-RL-assisted SAUD is proposed to resolve highly complex environments with continuous and high-dimensional state and action spaces.
arXiv Detail & Related papers (2023-03-05T12:25:49Z) - Relational Action Bases: Formalization, Effective Safety Verification,
and Invariants (Extended Version) [67.99023219822564]
We introduce the general framework of relational action bases (RABs)
RABs generalize existing models by lifting both restrictions.
We demonstrate the effectiveness of this approach on a benchmark of data-aware business processes.
arXiv Detail & Related papers (2022-08-12T17:03:50Z) - Toward Deep Learning Based Access Control [3.2511618464944547]
This paper proposes Deep Learning Based Access Control (DLBAC) by leveraging significant advances in deep learning technology.
DLBAC could complement and, in the long-term, has the potential to even replace, classical access control models with a neural network.
We demonstrate the feasibility of the proposed approach by addressing issues related to accuracy, generalization, and explainability.
arXiv Detail & Related papers (2022-03-28T22:05:11Z) - Learning to Limit Data Collection via Scaling Laws: Data Minimization
Compliance in Practice [62.44110411199835]
We build on literature in machine learning law to propose framework for limiting collection based on data interpretation that ties data to system performance.
We formalize a data minimization criterion based on performance curve derivatives and provide an effective and interpretable piecewise power law technique.
arXiv Detail & Related papers (2021-07-16T19:59:01Z) - Learning Attribute-Based and Relationship-Based Access Control Policies
with Unknown Values [0.6662800021628273]
This paper presents the first algorithms for mining ABAC and ReBAC policies from access control lists (ACLs) and incomplete information about entities.
We show that the core of this problem can be viewed as learning a concise three-valued logic formula from a set of labeled feature vectors containing unknowns.
arXiv Detail & Related papers (2020-08-19T13:56:29Z) - Towards Inheritable Models for Open-Set Domain Adaptation [56.930641754944915]
We introduce a practical Domain Adaptation paradigm where a source-trained model is used to facilitate adaptation in the absence of the source dataset in future.
We present an objective way to quantify inheritability to enable the selection of the most suitable source model for a given target domain, even in the absence of the source data.
arXiv Detail & Related papers (2020-04-09T07:16:30Z) - An Automatic Attribute Based Access Control Policy Extraction from
Access Logs [5.142415132534397]
An attribute-based access control (ABAC) model provides a more flexible approach for addressing the authorization needs of complex and dynamic systems.
We present a methodology for automatically learning ABAC policy rules from access logs of a system to simplify the policy development process.
arXiv Detail & Related papers (2020-03-16T15:08:54Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.