Aya Mohamed, Dagmar Auer, Daniel Hofer, Josef Küng,
"A systematic literature review of authorization and access control requirements and current state of the art for different database models"
, in International Journal of Web Information Systems, Emerald Publishing Limited, 10-2023, ISSN: 1744-0084
Original Titel:
A systematic literature review of authorization and access control requirements and current state of the art for different database models
Sprache des Titels:
Englisch
Original Kurzfassung:
Purpose
Data protection requirements heavily increased due to the rising awareness of data security, legal requirements, and technological developments. Today, NoSQL databases are increasingly used in security-critical domains. Current survey works on databases and data security only consider authorization and access control in a very general way and do not regard most of today?s sophisticated requirements.
Design/methodology/approach
We follow a systematic literature review approach to study authorization and access control for different database models. Starting with a research on survey works on authorization and access control in databases, we continue with the identification and definition of advanced authorization and access control requirements, which are generally applicable to any database model. We then discuss and compare current database models
based on these requirements.
Findings
As no survey works consider requirements for authorization and access control in different database models so far, we define our requirements. Furthermore, we discuss the current state of the art for the relational, key-value, column-oriented, document-based and graph database models in comparison to the defined requirements.
Originality
We focus on authorization and access control for various database models, not concrete products. We identify today?s sophisticated - yet general - requirements from the literature and compare them with research results and access control features of current products for the relational and NoSQL database models.