SpringerLink
Log in

Research on Authorization Model of Attribute Access Control Based on Knowledge Graph

  • Conference paper
  • First Online:
Ubiquitous Security (UbiSec 2023)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 2034))

Included in the following conference series:

  • 182 Accesses

Abstract

Knowledge graph is an extended graphical data structure tool that can store interrelated data and visually display the relationships between different objects in large systems. It is widely used in various fields. This paper proposes an attribute-based knowledge graph authorization policy model. This model presents the access control authorization policy between users and resources, and can intuitively display the authorization relationships between various types of nodes, making it easier to understand and implement access control policies. Compared with the traditional text access control policy presentation form, the knowledge graph authorization model presentation form proposed in this article is more intuitive and easy to understand and has strong operability. Finally, this article implemented the knowledge graph authorization strategy model on the NEO4J platform, using Cypher statements to implement the graph traversal algorithm to effectively evaluate the accuracy of the authorization strategy. This experiment implements the access control knowledge graph on the NEO4J platform and combines Cypher statements to search and match access control policies more finely.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or Ebook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free ship** worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Ge, Y.F., Orlowska, M., Cao, J., Wang, H., Zhang, Y.: MDDE: multitasking distributed differential evolution for privacy-preserving database fragmentation. VLDB J. 1–19 (2022). https://doi.org/10.1007/s00778-021-00718-w

  2. Rasool, R.U., Ashraf, U., Ahmed, K., Wang, H., Rafique, W., Anwar, Z.: Cyberpulse: a machine learning based link flooding attack mitigation system for software defined networks. IEEE Access 7, 34885–34899 (2019). https://doi.org/10.1109/ACCESS.2019.2904236

    Article  Google Scholar 

  3. Wang, H., Sun, L.: Trust-involved access control in collaborative open social networks. In: 2010 Fourth International Conference on Network and System Security, pp. 239–246 (2010). https://doi.org/10.1109/nss.2010.13

  4. Chen, Z.G., Zhan, Z., Wang, H., Zhang, J.: Distributed individuals for multiple peaks: a novel differential evolution for multimodal optimization problems. IEEE Trans. Evol. Comput. 24, 708–719 (2020). https://doi.org/10.1109/tevc.2019.2944180

    Article  Google Scholar 

  5. Servos, D., Osborn, S.L.: Current research and open problems in attribute-based access control. ACM Comput. Surv. (CSUR) 49(4), 1–45 (2017). https://doi.org/10.1145/3007204

    Article  Google Scholar 

  6. Verizon: Data Breach Investigations Report. Technical report, Verizon (2020). https://enterprise.verizon.com/resources/reports/2020-data-breach-investigations-report.pdf

  7. Cheng, K., et al.: Secure k-NN query on encrypted cloud data with multiple keys. IEEE Trans. Big Data 7, 689–702 (2021). https://doi.org/10.1109/tbdata.2017.2707552

    Article  Google Scholar 

  8. Zhang, J., et al.: On efficient and robust anonymization for privacy protection on massive streaming categorical information. IEEE Trans. Dependable Secure Comput. 14, 507–520 (2017). https://doi.org/10.1109/tdsc.2015.2483503

    Article  Google Scholar 

  9. Hu, V.C., Ferraiolo, D., Kuhn, R., et al.: Guide to attribute based access control (ABAC) definition and considerations (draft). NIST Spec. Publ. 800(162), 1–54 (2013)

    Google Scholar 

  10. Contu, R., Kavanagh, K.M.: Market Trends: Cloud-Based Security Services Market, Worldwide (2014)

    Google Scholar 

  11. Wng, L., Wijesekera, D., Jajodia, S.: A logic-based framework for attribute based access control. In: Proceedings of the 2004 ACM Workshop on Formal Methods in Security Engineering, pp. 45–55. ACM (2004)

    Google Scholar 

  12. Zhang, X., Li, Y., Nalla, D.: An attribute-based access matrix model. In: Proceedings of the 2005 ACM Symposium on Applied Computing, pp. 359–363. ACM (2005)

    Google Scholar 

  13. Rubio-Medrano, C.E., D’Souza, C., Ahn, G.J.: Supporting secure collaborations with attribute-based access control. In: 9th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing, pp. 525–530. IEEE (2013)

    Google Scholar 

  14. Ferraiolo, D., Gavrila, S., Jansen, W.: Policy Machine: Features, Architecture, and Specification, NIST Interagency/Internal Report (NISTIR), National Institute of Standards and Technology, Gaithersburg, MD (2015). https://doi.org/10.6028/NIST.IR.7987r1

  15. Jahid, S., Gunter, C.A., Hoque, I., Okhravi, H.: MyABDAC: compiling XACML policies for attribute-based database access control. In: Proceedings of the First ACM Conference on Data and Application Security and Privacy, pp. 97–108. ACM (2011)

    Google Scholar 

  16. Li, J.: Research on ontology-based ABAC model modeling and security policy optimization methods. Shanghai Jiao Tong University (2019)

    Google Scholar 

  17. Pina Ros, S., Lischka, M., Gómez Mármol, F.: Graph-based XACML evaluation. In: Proceedings of the 17th ACM Symposium on Access Control Models and Technologies, pp. 83–92. ACM (2012)

    Google Scholar 

  18. **, Y., Kaja, K.: XACML implementation based on graph databases. In: CATA, pp. 65–74 (2019)

    Google Scholar 

  19. Ahmadi, H., Small, D.: Graph model implementation of attribute-based access control policies. ar**v preprint ar**v:1909.09904 (2019)

  20. You, M., Yin, J., Wang, H., et al.: A knowledge graph empowered online learning framework for access control decision-making. World Wide Web 26(2), 827–848 (2023)

    Article  Google Scholar 

Download references

Acknowledgments

This work was supported by grants from the Guangdong Province-Foshan Joint Fund Project No.2022A1515140096.

Author information

Authors and Affiliations

  1. Foshan University, Foshan, 528000, China

    Li Ma, Qidi Lao, Wenyin Yang, Zexian Yang, Dong Yuan & Zhaoxiong Bu

Authors
  1. Li Ma
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Qidi Lao
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Wenyin Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Zexian Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Dong Yuan
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Zhaoxiong Bu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Wenyin Yang .

Editor information

Editors and Affiliations

  1. School of Computer Science and Cyber Engineering, Guangzhou University, Guangzhou, China

    Guojun Wang

  2. Department of Computer Science, University of Exeter, Exeter, UK

    Haozhe Wang

  3. Department of Computer Science, University of Exeter, Exeter, UK

    Geyong Min

  4. Applied Research Department, British Telecom, London, UK

    Nektarios Georgalas

  5. Department of Applied Mathematics and Computer Science, University of Denmark, Copenhagen, Denmark

    Weizhi Meng

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Ma, L., Lao, Q., Yang, W., Yang, Z., Yuan, D., Bu, Z. (2024). Research on Authorization Model of Attribute Access Control Based on Knowledge Graph. In: Wang, G., Wang, H., Min, G., Georgalas, N., Meng, W. (eds) Ubiquitous Security. UbiSec 2023. Communications in Computer and Information Science, vol 2034. Springer, Singapore. https://doi.org/10.1007/978-981-97-1274-8_23

Download citation

  • DOI: https://doi.org/10.1007/978-981-97-1274-8_23

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-97-1273-1

  • Online ISBN: 978-981-97-1274-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation