SEQUOIA: Scalable Policy-Based Access Control for Search Operations in Data-Driven Applications
Policy-based access control is a technology that achieves separation of concerns through evaluating an externalized policy at each access attempt. While this approach has been well-established for request-response applications, it is not supported for database queries of data-driven applications, es...
Saved in:
| Published in | Engineering Secure Software and Systems Vol. 10379; pp. 1 - 18 |
|---|---|
| Main Authors | , , |
| Format | Book Chapter |
| Language | English |
| Published |
Switzerland
Springer International Publishing AG
2017
Springer International Publishing |
| Series | Lecture Notes in Computer Science |
| Online Access | Get full text |
| ISBN | 3319621041 9783319621043 |
| ISSN | 0302-9743 1611-3349 |
| DOI | 10.1007/978-3-319-62105-0_1 |
Cover
Loading…
| Abstract | Policy-based access control is a technology that achieves separation of concerns through evaluating an externalized policy at each access attempt. While this approach has been well-established for request-response applications, it is not supported for database queries of data-driven applications, especially for attribute-based policies. In particular, search operations for such applications involve poor scalability with regard to the data set size for this approach, because they are influenced by dynamic runtime conditions. This paper proposes a scalable application-level middleware solution that performs runtime injection of the appropriate rules into the original search query, so that the result set of the search includes only items to which the subject is entitled. Our evaluation shows that our method scales far better than current state of practice approach that supports policy-based access control. |
|---|---|
| AbstractList | Policy-based access control is a technology that achieves separation of concerns through evaluating an externalized policy at each access attempt. While this approach has been well-established for request-response applications, it is not supported for database queries of data-driven applications, especially for attribute-based policies. In particular, search operations for such applications involve poor scalability with regard to the data set size for this approach, because they are influenced by dynamic runtime conditions. This paper proposes a scalable application-level middleware solution that performs runtime injection of the appropriate rules into the original search query, so that the result set of the search includes only items to which the subject is entitled. Our evaluation shows that our method scales far better than current state of practice approach that supports policy-based access control. |
| Author | Lagaisse, Bert Bogaerts, Jasper Joosen, Wouter |
| Author_xml | – sequence: 1 givenname: Jasper surname: Bogaerts fullname: Bogaerts, Jasper email: jasper.bogaerts@cs.kuleuven.be organization: imec-DistriNet, KU Leuven, Leuven, Belgium – sequence: 2 givenname: Bert surname: Lagaisse fullname: Lagaisse, Bert email: bert.lagaisse@cs.kuleuven.be organization: imec-DistriNet, KU Leuven, Leuven, Belgium – sequence: 3 givenname: Wouter surname: Joosen fullname: Joosen, Wouter email: wouter.joosen@cs.kuleuven.be organization: imec-DistriNet, KU Leuven, Leuven, Belgium |
| BookMark | eNqNkMFu1DAQhg0UxLbsE3DxCxhmPI4Tc1u2LVSqtKClZ8uxvTQQxcEOSH37ul0Q155G-me-X5rvlJ1MaYqMvUV4hwDte9N2ggShEVoiNAIsPmPrmlLNHiN4zlaoEQWRMi_Y6b-FwhO2AgIpTKvoFVsZI1G3qLvXbF3KDwDATmklzYrZ_cXXm93V5gPfeze6foz8SxoHfyc-uhID33gfS-HbNC05jfyQMt9Hl_0t380xu2VIU-HDxM_d4sR5Hv7EiW_muTYcd2_Yy4MbS1z_nWfs5vLi2_azuN59utpursVMqBZhpJMaDk7FNgQAaqj1PhjZBiTf9dCojkwAhN740EvZ0cOhDF2vjJQQ6IzhsbfMeZi-x2z7lH4Wi1VbtWmrN0u2CrKP6myN_zNzTr9-x7LY-AD5WH91o7918xJzqYDRWna2sfhkptEIpOjI3AOTtoRv |
| ContentType | Book Chapter |
| Copyright | Springer International Publishing AG 2017 |
| Copyright_xml | – notice: Springer International Publishing AG 2017 |
| DBID | FFUUA |
| DEWEY | 005.8 |
| DOI | 10.1007/978-3-319-62105-0_1 |
| DatabaseName | ProQuest Ebook Central - Book Chapters - Demo use only |
| DatabaseTitleList | |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Engineering Computer Science |
| EISBN | 9783319621050 331962105X |
| EISSN | 1611-3349 |
| Editor | Athanasopoulos, Elias Payer, Mathias Bodden, Eric |
| Editor_xml | – sequence: 1 fullname: Payer, Mathias – sequence: 2 fullname: Athanasopoulos, Elias – sequence: 3 fullname: Bodden, Eric |
| EndPage | 18 |
| ExternalDocumentID | EBC6296628_5_11 EBC5610343_5_11 |
| GroupedDBID | 0D6 0DA 38. AABBV AALVI ABBVZ ABHTH ABQUB ACDJR ADCXD AEDXK AEJLV AEKFX AETDV AEZAY AGIGN AGYGE AIODD ALBAV ALMA_UNASSIGNED_HOLDINGS AZZ BATQV BBABE CVWCR CZZ FFUUA I4C IEZ SBO SWYDZ TPJZQ TSXQS Z5O Z7R Z7S Z7U Z7V Z7W Z7X Z7Y Z7Z Z81 Z83 Z84 Z85 Z87 Z88 -DT -~X 29L 2HA 2HV ACGFS EJD F5P LAS LDH P2P RSU ~02 |
| ID | FETCH-LOGICAL-p314t-92a260fa4e7dd003537ccd927d13c8b054839d010b9cdb2283e7dd2d8b49220d3 |
| ISBN | 3319621041 9783319621043 |
| ISSN | 0302-9743 |
| IngestDate | Tue Jul 29 19:44:36 EDT 2025 Thu May 29 00:07:18 EDT 2025 Thu May 29 15:58:38 EDT 2025 |
| IsPeerReviewed | true |
| IsScholarly | true |
| LCCallNum | TK5105.5-5105.9QA76. |
| Language | English |
| LinkModel | OpenURL |
| MergedId | FETCHMERGED-LOGICAL-p314t-92a260fa4e7dd003537ccd927d13c8b054839d010b9cdb2283e7dd2d8b49220d3 |
| OCLC | 992167168 |
| PQID | EBC5610343_5_11 |
| PageCount | 18 |
| ParticipantIDs | springer_books_10_1007_978_3_319_62105_0_1 proquest_ebookcentralchapters_6296628_5_11 proquest_ebookcentralchapters_5610343_5_11 |
| PublicationCentury | 2000 |
| PublicationDate | 2017 20170624 |
| PublicationDateYYYYMMDD | 2017-01-01 2017-06-24 |
| PublicationDate_xml | – year: 2017 text: 2017 |
| PublicationDecade | 2010 |
| PublicationPlace | Switzerland |
| PublicationPlace_xml | – name: Switzerland – name: Cham |
| PublicationSeriesSubtitle | Security and Cryptology |
| PublicationSeriesTitle | Lecture Notes in Computer Science |
| PublicationSeriesTitleAlternate | Lect.Notes Computer |
| PublicationSubtitle | 9th International Symposium, ESSoS 2017, Bonn, Germany, July 3-5, 2017, Proceedings |
| PublicationTitle | Engineering Secure Software and Systems |
| PublicationYear | 2017 |
| Publisher | Springer International Publishing AG Springer International Publishing |
| Publisher_xml | – name: Springer International Publishing AG – name: Springer International Publishing |
| RelatedPersons | Kleinberg, Jon M. Mattern, Friedemann Naor, Moni Mitchell, John C. Terzopoulos, Demetri Steffen, Bernhard Pandu Rangan, C. Kanade, Takeo Kittler, Josef Weikum, Gerhard Hutchison, David Tygar, Doug |
| RelatedPersons_xml | – sequence: 1 givenname: David surname: Hutchison fullname: Hutchison, David organization: Lancaster University, Lancaster, United Kingdom – sequence: 2 givenname: Takeo surname: Kanade fullname: Kanade, Takeo organization: Carnegie Mellon University, Pittsburgh, USA – sequence: 3 givenname: Josef surname: Kittler fullname: Kittler, Josef organization: University of Surrey, Guildford, United Kingdom – sequence: 4 givenname: Jon M. surname: Kleinberg fullname: Kleinberg, Jon M. organization: Cornell University, Ithaca, USA – sequence: 5 givenname: Friedemann surname: Mattern fullname: Mattern, Friedemann organization: CNB H 104.2, ETH Zurich, Zürich, Switzerland – sequence: 6 givenname: John C. surname: Mitchell fullname: Mitchell, John C. organization: Stanford, USA – sequence: 7 givenname: Moni surname: Naor fullname: Naor, Moni organization: Weizmann Institute of Science, Rehovot, Israel – sequence: 8 givenname: C. surname: Pandu Rangan fullname: Pandu Rangan, C. organization: Madras, Indian Institute of Technology, Chennai, India – sequence: 9 givenname: Bernhard surname: Steffen fullname: Steffen, Bernhard organization: Fakultät Informatik, TU Dortmund, Dortmund, Germany – sequence: 10 givenname: Demetri surname: Terzopoulos fullname: Terzopoulos, Demetri organization: University of California, Los Angeles, USA – sequence: 11 givenname: Doug surname: Tygar fullname: Tygar, Doug organization: University of California, Berkeley, USA – sequence: 12 givenname: Gerhard surname: Weikum fullname: Weikum, Gerhard organization: Max Planck Institute for Informatics, Saarbrücken, Germany |
| SSID | ssj0001846429 ssj0002792 |
| Score | 1.8688703 |
| Snippet | Policy-based access control is a technology that achieves separation of concerns through evaluating an externalized policy at each access attempt. While this... |
| SourceID | springer proquest |
| SourceType | Publisher |
| StartPage | 1 |
| Title | SEQUOIA: Scalable Policy-Based Access Control for Search Operations in Data-Driven Applications |
| URI | http://ebookcentral.proquest.com/lib/SITE_ID/reader.action?docID=5610343&ppg=11 http://ebookcentral.proquest.com/lib/SITE_ID/reader.action?docID=6296628&ppg=11 http://link.springer.com/10.1007/978-3-319-62105-0_1 |
| Volume | 10379 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwnV1Lj9MwELa65QIcgAXEWz5wogpKbDcPJA6wW7RUy67QbmFvkWO7Ky7NKk2FxE_h1zLjR5J2kdByiSrLTVPPZDyPbz4T8jrT8NJUWRotmcKWnDSPZJrFUaJSXUyzWOcWTfjlJD1aiPnF9GI0-j1ALW3a6q369de-kv-RKoyBXLFL9gaS7W4KA_AZ5AtXkDBcd5zf7TSrL-d3TIIua24mZ2BTf0pfERhykVs84KU0TevEJpEfvMPiyEuJVXkratN0OJh5Xfv0zPd606F4fQPJ7Ovi9LNNzp-BlG3_laMYjj7CvqjxFAq0oQceCY9gRodsnpxemaZHsB_KVkaHDdpc5xEPU4i4iGb9_tjXOU7q1sLHJuEoimCZhqmLxOLs2PXU5U7ys8-_bcW6HI0FBKiO1Sn0fIE9h4jIDRlnwlMkZuSOCNWb5WSwvztzf23nGIJFsLELf2oaQYS0R_ayXIzJrQ-z-fG3Pn8HjptA19Lv-kjE6CpW7omwjyg8ceKYnvp_0NFfOYbjnV_cCnZ26vPW7Tm_T-5iKwzFHhVYugdkZFb75F5YfepXf5_cGejiQ1J65XhHg2rQoWpQpxrUqwYF1aBONWivGvTHig5Ugw5V4xFZfJqdHxxF_hyP6Ionoo0KJiFqXkphMq2xdM0zpXTBMp1wlVcQNICXruMkrgqlK-RjwolM55UoGIs1f0zGq3plnhCqVQ4-cSUUHqNgKvgaTBJwb871UrDlU_ImLF1p0QYe4qzcQq1LDBe44OUUQt9_Tk5ZkaYsD5ODJEqcuy4D4TdIsOQlSLC0Eixh-NlNJj8nt_uX4wUZt83GvARPt61eeaX7A4DGoeY |
| linkProvider | Library Specific Holdings |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.title=Engineering+Secure+Software+and+Systems&rft.au=Bogaerts%2C+Jasper&rft.au=Lagaisse%2C+Bert&rft.au=Joosen%2C+Wouter&rft.atitle=SEQUOIA%3A+Scalable+Policy-Based+Access+Control+for+Search+Operations+in+Data-Driven+Applications&rft.series=Lecture+Notes+in+Computer+Science&rft.date=2017-06-24&rft.pub=Springer+International+Publishing&rft.isbn=9783319621043&rft.issn=0302-9743&rft.eissn=1611-3349&rft.spage=1&rft.epage=18&rft_id=info:doi/10.1007%2F978-3-319-62105-0_1 |
| thumbnail_s | http://utb.summon.serialssolutions.com/2.0.0/image/custom?url=https%3A%2F%2Febookcentral.proquest.com%2Fcovers%2F5610343-l.jpg http://utb.summon.serialssolutions.com/2.0.0/image/custom?url=https%3A%2F%2Febookcentral.proquest.com%2Fcovers%2F6296628-l.jpg |