ArticlePublisher preview available

ChRelBAC data access control model for large-scale interactive informational-analytical systems

Authors:
Valery Vasenin
Valery Vasenin
Valery Vasenin
  • This person is not on ResearchGate, or hasn't claimed this research yet.
Alexander Itkes
Alexander Itkes
Alexander Itkes
  • This person is not on ResearchGate, or hasn't claimed this research yet.
Maxim Krivchikov
Maxim Krivchikov
Maxim Krivchikov
  • This person is not on ResearchGate, or hasn't claimed this research yet.
Evgeniya Yavtushenko
Evgeniya Yavtushenko
Evgeniya Yavtushenko
  • This person is not on ResearchGate, or hasn't claimed this research yet.
Read publisher preview
Download citation
To read the full-text of this research, you can request a copy directly from the authors.

Abstract and Figures

Information systems providing interactive access for a huge number of users worldwide are exposed to numerous security threats. One of the most significant threats to this sort of systems is the threat of unauthorized access to system resources, leading to the breach of data confidentiality (privacy), data integrity and to the denial of service. The design and implementation of models and algorithms to reduce the risks of realizing such threats and to ensure the prompt response to the incidents is an important problem. In this article we introduce the chain-relational model of access control (ChRelBAC), which was designed and implemented for a large scientometric system. We describe two software tools for supporting the model. Visualization tool presents access control rules in a user-friendly way. Verification tool for the processes of the model integration with the target information system source code identifies the entry points of the system that are not covered by the model. Finally, we discuss the problem of testing the relational model on the real data sets.
Figures - available from: Journal of Computer Virology and Hacking Techniques
This content is subject to copyright. Terms and conditions apply.
A preview of this full-text is provided by Springer Nature.
Learn more
Content available from Journal of Computer Virology and Hacking Techniques
This content is subject to copyright. Terms and conditions apply.
Journal of Computer Virology and Hacking Techniques (2020) 16:313–331
https://doi.org/10.1007/s11416-020-00365-9
ORIGINAL PAPER
ChRelBAC data access control model for large-scale interactive
informational-analytical systems
Valery Vasenin1·Alexander Itkes1·Maxim Krivchikov1·Evgeniya Yavtushenko1
Received: 30 November 2019 / Accepted: 18 August 2020 / Published online: 31 August 2020
© Springer-Verlag France SAS, part of Springer Nature 2020
Abstract
Information systems providing interactive access for a huge number of users worldwide are exposed to numerous security
threats. One of the most significant threats to this sort of systems is the threat of unauthorized access to system resources,
leading to the breach of data confidentiality (privacy), data integrity and to the denial of service. The design and implementation
of models and algorithms to reduce the risks of realizing such threats and to ensure the prompt response to the incidents is an
important problem. In this article we introduce the chain-relational model of access control (ChRelBAC), which was designed
and implemented for a large scientometric system. We describe two software tools for supporting the model. Visualization
tool presents access control rules in a user-friendly way. Verification tool for the processes of the model integration with the
target information system source code identifies the entry points of the system that are not covered by the model. Finally, we
discuss the problem of testing the relational model on the real data sets.
Keywords Access control ·Information security ·Relation-based access control model ·Web applications ·Visualization ·
Verification ·Static analysis
1 Introduction
In connection with the global trend of recent years, focused
on the digitalization of the economy, approaches to the
development and maintenance of interactive information-
analytical systems in all areas of the national economy
are considered among the most important research direc-
tions. Main purposes of such systems include the significant
improvement of working conditions and increased labor pro-
ductivity of the individual employees and teams in each of
these areas. The achievement of this goal should be facil-
itated by: creating the comfortable working conditions for
subjects; effective mechanisms for its adequate evaluation
BMaxim Krivchikov
maxim.krivchikov@gmail.com
Valery Vasenin
vasenin@msu.ru
Alexander Itkes
itkes@imec.msu.ru
Evgeniya Yavtushenko
evgeniya_40@mail.ru
1Institute of Mechanics, Lomonosov Moscow State University,
Moscow, Russia
and introduction on this basis of mechanisms for stimulating
subjects at all levels of the administrative hierarchy.
The cornerstone, which largely determines the success of
other areas of the national economy of any country, is the
scientific-technological activity and the training of highly
qualified personnel for it. Automation methods in this field
of activity, mechanisms for evaluating its effectiveness and
methods of its stimulation are known for a long time and have
been evolving for many years [1,2]. In its most general form,
this approach is called scientometrics. Within its framework
usual subjects for analysis are the results of scientific, tech-
nological and pedagogical activity for a certain time period.
This approach is applied in practice for many decades. It is
well systematized and permanently (constantly) developing.
However, such a development in the late 20th and early 21st
centuries was constrained by the lack of capabilities (methods
and tools) for working (collection and storage, analysis and
verification) with large volumes of data, which have a high
fluidity (variability) of their characteristic parameter values
– indicators of the evaluation. However, in the context of
the increasing influence of scientific achievements on the
technological potential of society, the need for the practical
implementation of such approaches grew at even faster pace
than the corresponding capabilities. In this regard, the oppor-
123
Content courtesy of Springer Nature, terms of use apply. Rights reserved.
ResearchGate has not been able to resolve any citations for this publication.
Investigation of graph databases suitable for work with big data while detecting money laundering and terrorism financing cases
Article
Full-text available
  • Sep 2019
This paper discusses the currently popular graph database management systems (DBMSs) working with Big Data and can be used to store information obtained while dealing with money laundering and terrorist financing criminal (ML/FT) cases. The aim of this study is to choose a secure graph DBMS suitable for working with Big Data for such financial investigations. The authors consider the existing graph DBMSs, analyze and compare them with each other with special emphasis on the information security protection methods of stored data. The advantages and disadvantages of software products are studied and a comparison with the help of selected parameters characterizing system's ability to keep information secure is made. The results of the comparison are followed by detailed comments. On its basis the most convenient, flexible and up-to-date DBMS was chosen for usage while searching ML/FT cases. It was found that graph DBMSs are suitable for Big data tasks and as a final result JanusGraph was selected as a foreground DBMS in this project according to selected parameters.
View
View
View
View
View
View
View
View
Entity-Based Access Control: supporting more expressive access control policies
Conference Paper
  • Dec 2015
Access control is an important part of security that restricts the actions that users can perform on resources. Policy models specify how these restrictions are formulated in policies. Over the last decades, we have seen several such models, including role-based access control and more recently, attribute-based access control. However, these models do not take into account the relationships between users, resources and entities and their corresponding properties. This limits the expressiveness of these models. In this work, we present Entity-Based Access Control (EBAC). EBAC introduces entities as a primary concept and takes into account both attributes and relationships to evaluate policies. In addition, we present Auctoritas. Auctoritas is a authorization system that provides a practical policy language and evaluation engine for EBAC. We find that EBAC increases the expressiveness of policies and fits the application domain well. Moreover, our evaluation shows that entity-based policies described in Auctoritas can be enforced with a low policy evaluation latency.
View
Mitigating Access Control Vulnerabilities through Interactive Static Analysis
Conference Paper
  • Jun 2015
Access control vulnerabilities due to programming errors have consistently ranked amongst top software vulnerabilities. Previous research efforts have concentrated on using automatic program analysis techniques to detect access control vulnerabilities in applications. We report a comparative study of six open source PHP applications, and find that implicit assumptions of previous research techniques can significantly limit their effectiveness. We propose a more effective hybrid approach to mitigate access control vulnerabilities. Developers are reminded in-situ of potential access control vulnerabilities, where self-review of code can help them discover mistakes. Additionally, developers are prompted for application-specific access control knowledge, providing samples of code that could be thought of as static analysis by example. These examples are turned into code patterns that can be used in performing static analysis to detect additional access control vulnerabilities and alert the developer to take corrective actions. Our evaluation of six open source applications detected 20 zero-day access control vulnerabilities in addition to finding all access control vulnerabilities detected in previous works.
View