Lightweight implementation of ABAC mechanism on Database Firewall

D. N. Kolegov; N. O. Tkachenko

Geodesic

Parcourir par

Lightweight implementation of ABAC mechanism on Database Firewall

D. N. Kolegov ; N. O. Tkachenko

Prikladnaya Diskretnaya Matematika. Supplement, no. 9 (2016), pp. 93-95.

Voir la notice de l'article provenant de la source Math-Net.Ru

Résumé

We propose a lightweight non-invasive method for implementing attribute based access control for RDBMS $MySQL$ on $Database Firewall$. Implemented access control mechanism consists of two parts. According to NIST ABAC terminology, the first part is Policy Enforcement Point (PEP) and the second one is Policy Decision Point (PDP). PDP and PEP communicate using HTTP protocol. PEP is handling SQL queries from client, parsing it and sending to PDP via HTTP. PDP implements lightweight core of ABAC. The main purpose of this part is taking a decision to permit or deny access based on stored policies. After the decision is made, PDP sends it to PEP. We developed a new role view mechanism to combine RBAC and ABAC. This mechanism is used to translate privileges from RBAC roles to ABAC rules. ABAC rules are configured using a special language named AF Rules and specified in JSON format. These rules are translated to PDP code, which implements access control checks.

Keywords: access control, ABAC, RBAC, Database Firewall.

@article{PDMA_2016_9_a35,
     author = {D. N. Kolegov and N. O. Tkachenko},
     title = {Lightweight implementation of {ABAC} mechanism on {Database} {Firewall}},
     journal = {Prikladnaya Diskretnaya Matematika. Supplement},
     pages = {93--95},
     publisher = {mathdoc},
     number = {9},
     year = {2016},
     language = {ru},
     url = {http://geodesic.mathdoc.fr/item/PDMA_2016_9_a35/}
}

TY  - JOUR
AU  - D. N. Kolegov
AU  - N. O. Tkachenko
TI  - Lightweight implementation of ABAC mechanism on Database Firewall
JO  - Prikladnaya Diskretnaya Matematika. Supplement
PY  - 2016
SP  - 93
EP  - 95
IS  - 9
PB  - mathdoc
UR  - http://geodesic.mathdoc.fr/item/PDMA_2016_9_a35/
LA  - ru
ID  - PDMA_2016_9_a35
ER  -

%0 Journal Article
%A D. N. Kolegov
%A N. O. Tkachenko
%T Lightweight implementation of ABAC mechanism on Database Firewall
%J Prikladnaya Diskretnaya Matematika. Supplement
%D 2016
%P 93-95
%N 9
%I mathdoc
%U http://geodesic.mathdoc.fr/item/PDMA_2016_9_a35/
%G ru
%F PDMA_2016_9_a35

D. N. Kolegov; N. O. Tkachenko. Lightweight implementation of ABAC mechanism on Database Firewall. Prikladnaya Diskretnaya Matematika. Supplement, no. 9 (2016), pp. 93-95. http://geodesic.mathdoc.fr/item/PDMA_2016_9_a35/

Bibliographie
Cité par

[1] Hu V. C., Ferraiolo D., Kuhn R., et al., Guide to Attribute Based Access Control (ABAC) Definition and Considerations, [Elektronnyi resurs], http://nvlpubs.nist.gov/nistpubs/specialpublications/NIST.sp.800-162.pdf

[2] Role Based Access Control, , American National Standarts Institute Inc., 2004 http://profsandhu.com/journals/tissec/ANSI+INCITS+359-2004.pdf

[3] Kolegov D. N.,Tkachenko N. O., “Neinvazivnaya realizatsiya mandatnogo upravleniya dostupom v veb-prilozheniyakh na urovne SUBD”, Prikladnaya diskretnaya matematika. Prilozhenie, 2015, no. 8, 89–92

[4] Kolegov D. N., Tkachenko N. O., Neinvazivnoe ustranenie uyazvimostei logicheskogo upravleniya dostupom v veb-prilozheniyakh, [Elektronnyi resurs], https://www.youtube.com/watch?v=SPiY6D3M0yE

[5] Brossard D., Understanding XACML combining algorithms, [Elektronnyi resurs], https://www.axiomatics.com/blog/entry/understanding-xacml-combining-algorithms.html