Authorization and Access Control for Different Database Models: Requirements and Current State-of-the-Art
Sprache des Vortragstitels:
Englisch
Original Tagungtitel:
The 9th International Conference on Future Data and Security Engineering
Sprache des Tagungstitel:
Englisch
Original Kurzfassung:
Traditional SQL-based data stores have been the market leaders for decades. However, they have drawbacks with today?s massive and highly connected data due to their low flexibility in terms of data structures. NoSQL database models (i.e., key-value, column, document, and graph) are designed for unstructured data in large quantities. However, they currently lack fine-grained dynamic security support, with respect to authorization and access control, in contrast to relational database management systems. We define advanced authorization and access control requirements which are applicable for any database model regardless of the application and access control scenario. According to our discussion on existing access control features versus the requirements in the context of each database model, we conclude whether the requirements are satisfied or not, and provide a corresponding overview.