Issue No. 06 - Nov.-Dec. (2017 vol. 14)
Pietro Colombo , Dipartimento di Scienze Teoriche e Applicate UniversitÓ degli Studi dell?Insubria, Varese, Italy
Elena Ferrari , Dipartimento di Scienze Teoriche e Applicate UniversitÓ degli Studi dell?Insubria, Varese, Italy
Privacy has become a key requirement for data management systems. Nevertheless, NoSQL datastores, namely highly scalable non relational database management systems, which often support data management of Internet scale applications,still do not provide support for privacy policies enforcement. With this work, we begin to address this issue, by proposing an approach for the integration of purpose based policy enforcement capabilities into MongoDB, a popular NoSQL datastore. Our contribution consists of the enhancement of the MongoDB role based access control model with privacy concepts and related enforcement monitor. The proposed monitor is easily integrable into any MongoDB deployment through simple configurations. Experimental results show that our monitor enforces purpose-based access control with low overhead.
Servers, Wires, Databases, Data models, Monitoring, Authorization
P. Colombo and E. Ferrari, "Enhancing MongoDB with Purpose-Based Access Control," in IEEE Transactions on Dependable and Secure Computing, vol. 14, no. 6, pp. 591-604, 2017.