XACML Implementation Based on Graph Databases

Mapping Intimacies ◽

10.29007/rf56 ◽

2019 ◽

Author(s):

Ying Jin ◽

Krishna Kaja

Keyword(s):

Access Control ◽

Security Policy ◽

Markup Language ◽

Graph Database ◽

Graph Databases ◽

Query Result ◽

Policy Specification ◽

Conflict Resolution Strategies ◽

Control Decision ◽

High Level

Extensible Access Control Markup Language (XACML) is an OASIS standard for security policy specification. It consists of a policy language to define security authorizations and an access control decision language for requests and responses. The high-level policy specification is independent of underlying implementation. Different from existing approaches, this research uses a graph database for XACML implementation. Once a policy is specified, it will be parsed and the parsing results will be processed by eliminating duplicates and resolving conflicts. The final results are saved as graphs in the persistent storage. When a XACML request is submitted, the request is processed as a query to the graph database. Based on this query result, a XACML response will be produced to permit or deny the user’s request. This paper describes the architecture, implementation details, and conflict resolution strategies of our system to implement XACML.

Download Full-text

A Framework for Translating a High Level Security Policy into Low Level Security Mechanisms

Journal of Electrical Engineering ◽

10.2478/v10187-010-0003-x ◽

2010 ◽

Vol 61 (1) ◽

pp. 20-28 ◽

Cited By ~ 2

Author(s):

Ahmed Hassan ◽

Waleed Bahgat

Keyword(s):

Network Security ◽

Access Control ◽

Security Policy ◽

Security Policies ◽

Second Phase ◽

Security Model ◽

Intermediate Model ◽

Low Level ◽

Proposed Model ◽

High Level

A Framework for Translating a High Level Security Policy into Low Level Security MechanismsSecurity policies have different components; firewall, active directory, and IDS are some examples of these components. Enforcement of network security policies to low level security mechanisms faces some essential difficulties. Consistency, verification, and maintenance are the major ones of these difficulties. One approach to overcome these difficulties is to automate the process of translation of high level security policy into low level security mechanisms. This paper introduces a framework of an automation process that translates a high level security policy into low level security mechanisms. The framework is described in terms of three phases; in the first phase all network assets are categorized according to their roles in the network security and relations between them are identified to constitute the network security model. This proposed model is based on organization based access control (OrBAC). However, the proposed model extend the OrBAC model to include not only access control policy but also some other administrative security policies like auditing policy. Besides, the proposed model enables matching of each rule of the high level security policy with the corresponding ones of the low level security policy. Through the second phase of the proposed framework, the high level security policy is mapped into the network security model. The second phase could be considered as a translation of the high level security policy into an intermediate model level. Finally, the intermediate model level is translated automatically into low level security mechanism. The paper illustrates the applicability of proposed approach through an application example.

Download Full-text

Advantages of using graph databases to explore chromatin conformation capture experiments

BMC Bioinformatics ◽

10.1186/s12859-020-03937-0 ◽

2021 ◽

Vol 22 (S2) ◽

Author(s):

Daniele D’Agostino ◽

Pietro Liò ◽

Marco Aldinucci ◽

Ivan Merelli

Keyword(s):

Web Application ◽

High Throughput Sequencing ◽

Cell Types ◽

Graph Database ◽

Graph Databases ◽

Sources Of Information ◽

Chromosome Conformation ◽

Wide Scale ◽

User Friendly ◽

Different Cell Types

Abstract Background High-throughput sequencing Chromosome Conformation Capture (Hi-C) allows the study of DNA interactions and 3D chromosome folding at the genome-wide scale. Usually, these data are represented as matrices describing the binary contacts among the different chromosome regions. On the other hand, a graph-based representation can be advantageous to describe the complex topology achieved by the DNA in the nucleus of eukaryotic cells. Methods Here we discuss the use of a graph database for storing and analysing data achieved by performing Hi-C experiments. The main issue is the size of the produced data and, working with a graph-based representation, the consequent necessity of adequately managing a large number of edges (contacts) connecting nodes (genes), which represents the sources of information. For this, currently available graph visualisation tools and libraries fall short with Hi-C data. The use of graph databases, instead, supports both the analysis and the visualisation of the spatial pattern present in Hi-C data, in particular for comparing different experiments or for re-mapping omics data in a space-aware context efficiently. In particular, the possibility of describing graphs through statistical indicators and, even more, the capability of correlating them through statistical distributions allows highlighting similarities and differences among different Hi-C experiments, in different cell conditions or different cell types. Results These concepts have been implemented in NeoHiC, an open-source and user-friendly web application for the progressive visualisation and analysis of Hi-C networks based on the use of the Neo4j graph database (version 3.5). Conclusion With the accumulation of more experiments, the tool will provide invaluable support to compare neighbours of genes across experiments and conditions, helping in highlighting changes in functional domains and identifying new co-organised genomic compartments.

Download Full-text

Applying graph database technology for analyzing perturbed co-expression networks in cancer

Database ◽

10.1093/database/baaa110 ◽

2020 ◽

Vol 2020 ◽

Author(s):

Claire M Simpson ◽

Florian Gnad

Keyword(s):

Relational Databases ◽

Molecular Mechanisms ◽

Biological Data ◽

Database Management System ◽

Graph Database ◽

Graph Databases ◽

Graph Representations ◽

Rnaseq Data ◽

Database Technology ◽

Speed Accuracy

Abstract Graph representations provide an elegant solution to capture and analyze complex molecular mechanisms in the cell. Co-expression networks are undirected graph representations of transcriptional co-behavior indicating (co-)regulations, functional modules or even physical interactions between the corresponding gene products. The growing avalanche of available RNA sequencing (RNAseq) data fuels the construction of such networks, which are usually stored in relational databases like most other biological data. Inferring linkage by recursive multiple-join statements, however, is computationally expensive and complex to design in relational databases. In contrast, graph databases store and represent complex interconnected data as nodes, edges and properties, making it fast and intuitive to query and analyze relationships. While graph-based database technologies are on their way from a fringe domain to going mainstream, there are only a few studies reporting their application to biological data. We used the graph database management system Neo4j to store and analyze co-expression networks derived from RNAseq data from The Cancer Genome Atlas. Comparing co-expression in tumors versus healthy tissues in six cancer types revealed significant perturbation tracing back to erroneous or rewired gene regulation. Applying centrality, community detection and pathfinding graph algorithms uncovered the destruction or creation of central nodes, modules and relationships in co-expression networks of tumors. Given the speed, accuracy and straightforwardness of managing these densely connected networks, we conclude that graph databases are ready for entering the arena of biological data.

Download Full-text

Can I Reach You? Do I Need To? New Semantics in Security Policy Specification and Testing

Proceedings of the 26th ACM Symposium on Access Control Models and Technologies ◽

10.1145/3450569.3463558 ◽

2021 ◽

Author(s):

Charalampos Katsis ◽

Fabrizio Cicala ◽

Dan Thomsen ◽

Nathan Ringo ◽

Elisa Bertino

Keyword(s):

Security Policy ◽

Policy Specification

Download Full-text

Extensible access control markup language integrated with Semantic Web technologies

Information Sciences ◽

10.1016/j.ins.2013.02.046 ◽

2013 ◽

Vol 238 ◽

pp. 33-51 ◽

Cited By ~ 6

Author(s):

I. Ching Hsu

Keyword(s):

Access Control ◽

Semantic Web ◽

Markup Language ◽

Semantic Web Technologies ◽

Web Technologies

Download Full-text

High-Granular Micro-Segmentation in Campus Networks based on Downloadable Access Control Lists

PROGRAMMNAYA INGENERIA ◽

10.17587/prin.12.443-449 ◽

2021 ◽

Vol 12 (9) ◽

pp. 443-449

Author(s):

D. S. Khleborodov ◽

Keyword(s):

Access Control ◽

Malicious Code ◽

Cyber Attack ◽

Network Access ◽

Practical Application ◽

Local Networks ◽

Operational Characteristics ◽

Campus Networks ◽

High Level ◽

Access Policies

Micro-segmentation of local networks is an important element of network security. The main goal of micro-segmentation of network is to reduce a risk of compromising hosts during a cyber-attack. In micro-segmented networks, if one of the hosts has been compromised, the malicious code or attacker will be limited in the "horizontal" actions by the micro-segment to which the compromised host belongs. Existing methods of micro-segmentation of networks have operational drawbacks that impede their effective practical application. This article presents a new method of micro-segmentation of local wired and wireless networks based on downloadable and wireless access control lists, which allows to achieve a high level of granularity of network access policies by minimizing the microsegment, along with high operational characteristics.

Download Full-text

A Rule-based Conversion of an EER Schema to Neo4j Schema Constraints

10.5753/sbbd.2021.17876 ◽

2021 ◽

Author(s):

Telmo Henrique Valverde da Silva ◽

Ronaldo dos Santos Mello

Keyword(s):

Data Model ◽

Design Methodology ◽

A Priori ◽

Database Management System ◽

Conversion Process ◽

Graph Database ◽

Graph Databases ◽

Rule Based ◽

Promising Solution ◽

Entity Relationship

Several application domains hold highly connected data, like supply chain and social network. In this context, NoSQL graph databases raise as a promising solution since relationships are first class citizens in their data model. Nevertheless, a traditional database design methodology initially defines a conceptual schema of the domain data, and the Enhanced Entity-Relationship (EER) model is a common tool. This paper presents a rule-based conversion process from an EER schema to Neo4j schema constraints, as Neo4j is the most representative NoSQL graph database management system with an expressive data model. Different from related work, our conversion process deals with all EER model concepts and generates rules for ensuring schema constraints through a set of Cypher instructions ready to run into a Neo4j database instance, as Neo4J is a schemaless system, and it is not possible to create a schema a priori. We also present an experimental evaluation that demonstrates the viability of our process in terms of performance.

Download Full-text

Exploiting NoSQL Graph Databases and in Memory Architectures for Extracting Graph Structural Data Summaries

International Journal of Uncertainty Fuzziness and Knowledge-Based Systems ◽

10.1142/s0218488517500040 ◽

2017 ◽

Vol 25 (01) ◽

pp. 81-109 ◽

Cited By ~ 4

Author(s):

Arnaud Castelltort ◽

Anne Laurent

Keyword(s):

Relational Databases ◽

Structural Data ◽

Scientific Data ◽

Graph Database ◽

Graph Databases ◽

Fuzzy Operators ◽

Data Volume ◽

Novel Method ◽

Memory Architectures ◽

Data Summaries

NoSQL graph databases have been introduced in recent years for dealing with large collections of graph-based data. Scientific data and social networks are among the best examples of the dramatic increase of the use of such structures. NoSQL repositories allow the management of large amounts of data in order to store and query them. Such data are not structured with a predefined schema as relational databases could be. They are rather composed by nodes and relationships of a certain type. For instance, a node can represent a Person and a relationship Friendship. Retrieving the structure of the graph database is thus of great help to users, for example when they must know how to query the data or to identify relevant data sources for recommender systems. For this reason, this paper introduces methods to retrieve structural summaries. Such structural summaries are extracted at different levels of information from the NoSQL graph database. The expression of the mining queries is facilitated by the use of two frame-works: Fuzzy4S allowing to define fuzzy operators and operations with Scala; Cypherf allowing the use of fuzzy operators and operations in the declarative queries over NoSQL graph databases. We show that extracting such summaries can be impossible with the NoSQL query engines because of the data volume and the complexity of the task of automatic knowledge extraction. A novel method based on in memory architectures is thus introduced. This paper provides the definitions of the summaries with the methods to automatically extract them from NoSQL graph databases only and with the help of in-memory architectures. The benefit of our proposition is demonstrated by experimental results.

Download Full-text

Privacy-Aware Organisation-Based Access Control Model (PrivOrBAC)

IT Policy and Ethics ◽

10.4018/978-1-4666-2919-6.ch073 ◽

2013 ◽

pp. 1656-1679

Author(s):

Nabil Ajam ◽

Nora Cuppens-Boulahia ◽

Fréderic Cuppens

Keyword(s):

Access Control ◽

Security Policy ◽

Control Model ◽

Role Based Access Control ◽

Access Control Model ◽

Privacy Requirements ◽

Policy Models ◽

Unique Model ◽

Role Based

In this chapter, the authors propose the expression and the modelling of the most important principles of privacy. They deduce the relevant privacy requirements that should be integrated in existing security policy models, such as RBAC models. They suggest the application of a unique model for both access control and privacy requirements. Thus, an access control model is to be enriched with new access constraints and parameters, namely the privacy contexts, which should implement the consent and the notification concepts. For this purpose, the authors introduce the Privacy-aware Organisation role Based Access Control (PrivOrBAC) model.

Download Full-text

Access Control Models for Online Social Networks

Digital Arts and Entertainment ◽

10.4018/978-1-4666-6114-1.ch021 ◽

2014 ◽

pp. 451-484

Author(s):

Rula Sayaf ◽

Dave Clarke

Keyword(s):

Social Networks ◽

Access Control ◽

Online Social Networks ◽

Personal Data ◽

Security And Privacy ◽

Open Problems ◽

Access Control Models ◽

Control Models ◽

Underlying Mechanisms ◽

High Level

Access control is one of the crucial aspects in information systems security. Authorizing access to resources is a fundamental process to limit potential privacy violations and protect users. The nature of personal data in online social networks (OSNs) requires a high-level of security and privacy protection. Recently, OSN-specific access control models (ACMs) have been proposed to address the particular structure, functionality and the underlying privacy issues of OSNs. In this survey chapter, the essential aspects of access control and review the fundamental classical ACMs are introduced. The specific OSNs features and review the main categories of OSN-specific ACMs are highlighted. Within each category, the most prominent ACMs and their underlying mechanisms that contribute enhancing privacy of OSNs are surveyed. Toward the end, more advanced issues of access control in OSNs are discussed. Throughout the discussion, different models and highlight open problems are contrasted. Based on these problems, the chapter is concluded by proposing requirements for future ACMs.

Download Full-text