Policy-based access control is a technology that achieves separation of concerns through evaluating an externalized policy at each access attempt. While this approach has been well-established for request-response applications, it is not supported for database queries of data-driven applications, especially for attribute-based policies. In particular, search operations for such applications involve poor scalability with regard to the data set size for this approach, because they are influenced by dynamic runtime conditions. This paper proposes a scalable application-level middleware solution that performs runtime injection of the appropriate rules into the original search query, so that the result set of the search includes only items to which the subject is entitled. Our evaluation shows that our method scales far better than current state of practice approach that supports policy-based access control.
CITATION STYLE
Bogaerts, J., Lagaisse, B., & Joosen, W. (2017). SEQUOIA: Scalable policy-based access control for search operations in data-driven applications. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 10379 LNCS, pp. 1–18). Springer Verlag. https://doi.org/10.1007/978-3-319-62105-0_1
Mendeley helps you to discover research relevant for your work.