Project

Neo4j implementation of XACML role-based access control

Project (M.S., Computer Science)--California State University, Sacramento, 2017.

There are various approaches for Extensible access control markup language (XACML) security policies implementation. This project demonstrated a solution to use graph database to implement XACML Role-based access control in Neo4j. The project consists of two parts: the XACML Policy Writer module and User XACML request/response module. These modules have their own steps to define the functionality. The XACML policy writer module first input the XACML role-based access control file to its parser engine to extract all the related data. Then the CQL interface step generates cypher query commands to form users, roles and resources nodes and direct arcs to represent their relationships. The XACML request/response module then inputs the XACML request file to help the user of the system to find if a user have permissions to access its own resources or any other resources of its sub-users. This project used Neo4j to handle complex hierarchical data structure and multiple relationships between nodes in the graph database.

There are various approaches for Extensible access control markup language (XACML) security policies implementation. This project demonstrated a solution to use graph database to implement XACML Role-based access control in Neo4j. The project consists of two parts: the XACML Policy Writer module and User XACML request/response module. These modules have their own steps to define the functionality. The XACML policy writer module first input the XACML role-based access control file to its parser engine to extract all the related data. Then the CQL interface step generates cypher query commands to form users, roles and resources nodes and direct arcs to represent their relationships. The XACML request/response module then inputs the XACML request file to help the user of the system to find if a user have permissions to access its own resources or any other resources of its sub-users. This project used Neo4j to handle complex hierarchical data structure and multiple relationships between nodes in the graph database.

Relationships

Items