A Security Model for Access Control in Graph-Oriented Databases

Authors: Claudia Morgadoy, Gisele Busichia Baioco, Tania Basso, Regina Moraes - University of Campinas, Limeira, Brazil

Nowadays, organizations collect vast amounts of data for future analysis. Motivated by this amount of data and requirements of Web2.0, a plethora of non-relational databases (NoSQL) emerged in recent years. However, several security features in relational databases (e.g., access control) have been left in non-relational management systems to be developed by the application, which can raise security breaches. This paper proposes a security model, based on the use of metadata, to provide access control for NoSQL graph-oriented database management system. The goal is to support the development of applications that use graph-oriented database in preserving the integrity of stored data and protect them from non-authorized access. A case study was performed as proof of concept,
where the model was instantiated and implemented for Neo4j database. Results showed that access restrictions were applied correctly, avoiding unauthorized access. A schema for Neo4j was provided, once it does not have a native one.


Where: QRS2018,  Software Quality, Reliability and Security (QRS) Conference, July 2018, Lisbon (Portugal)