An Intermediate Representation for Rewriting Cypher Queries
Sprache des Vortragstitels:
Englisch
Original Tagungtitel:
The 7th International Workshop on Cyber-Security and Functional Safety in Cyber-Physical Systems
Sprache des Tagungstitel:
Englisch
Original Kurzfassung:
Some of the current graph database systems provide built-in authorization and access control features. However, many authorization requirements demand for more sophisticated access control such as fine-grained, attribute-based access control (ABAC). Therefore, we decided for a query rewriting approach to enforce these authorizations. We propose an intermediate representation for the semantics of the query. Based on the Cypher grammar, we build an abstract syntax tree (AST) of the query to be extended (i.e., rewritten). We consider a universal class hierarchy for our AST nodes based on the composite pattern, while the semantics of the nodes is introduced via data components. This provides flexibility with respect to the supported kinds of permissions and complexity of the Cypher queries. Our concept and prototypical implementation rely on ANTLR (ANother Tool for Language Recognition), which generates a parser based on the Cypher grammar to create and traverse concrete syntax trees.