Evaluating the effects of access control policies within NoSQL systems

摘要

Access control is a key service of any data management system. It allows regulating the access to data resources at different granularity levels on the basis of access control models which vary on the protection options they offer. The more powerful is the access control model in terms of protection requirements, the more difficult is for security administrators to understand the effect of a set of access control policies on the protected resources. This is further complicated within schemaless systems, like NoSQL datastores, when fine grained access control policies are specified for data resources characterized by heterogeneous structures. The lack of a reference data model and related manipulation languages exacerbates this issue. To the best of our knowledge, a general approach to evaluate the impact of access control policies on the protected resources within NoSQL systems is still missing. In this paper, we start to fill this void, by proposing a data model agnostic approach, which, starting from schemaless datasets protected by different discretionary access control models, derives a view of the protected resources that points out authorized and unauthorized contents. Experimental results show the approach efficiency even with large datasets.