Attribute Based Access Control for Big Data Applications by Query Modification

Jonathan Longstaff, Joanne Noble

    Research output: Contribution to conferencePaperpeer-review

    324 Downloads (Pure)

    Abstract

    We present concepts which can be used for the efficient implementation of Attribute Based Access Control (ABAC) in large applications using maybe several data storage technologies, including Hadoop, NoSQL and relational database systems. The ABAC authorization process takes place in two main stages. Firstly a sequence of permissions is derived which specifies permitted data to be retrieved for the user's transaction. Secondly, query modification is used to augment the user's transaction with code which implements the ABAC controls. This requires the storage technologies to support a high-level language such as SQL or similar. The modified user transactions are then optimized and processed using the full functionality of the underlying storage systems. We use an extended ABAC model (TCM2) which handles negative permissions and overrides in a single permissions processing mechanism. We illustrate these concepts using a compelling electronic health records scenario.
    Original languageEnglish
    DOIs
    Publication statusPublished - 29 Mar 2016
    Event2nd IEEE International Conference on Big Data Computing Service and Applications - Oxford University, Oxford, United Kingdom
    Duration: 29 Mar 20161 Apr 2016

    Conference

    Conference2nd IEEE International Conference on Big Data Computing Service and Applications
    Abbreviated titleBigDataService 2016
    Country/TerritoryUnited Kingdom
    CityOxford
    Period29/03/161/04/16

    Fingerprint

    Dive into the research topics of 'Attribute Based Access Control for Big Data Applications by Query Modification'. Together they form a unique fingerprint.

    Cite this