Skip to main content
Springer Nature Link
Log in

Modifying Neo4j’s Object Graph Mapper Queries for Access Control

  • Conference paper
  • First Online:
Information Integration and Web Intelligence (iiWAS 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13635))

Included in the following conference series:

  • 828 Accesses

Abstract

A web application without access control is hardly usable. At the same time, we want to avoid boilerplate and use frameworks automating the communication between applications and databases. However, if we use the full potential of the mapper frameworks, the possibilities for access control are getting limited. Consequently, a trade-off between code complexity and mapper functionality must be found. In this work, we use object-graph mapper and at the same time avoid code duplication and entity-type-specific access control implementations. We do so by intercepting and changing the communication between our application code and the mapper framework so it generates queries already containing access-control filters. Thereby, we achieve authorization already on database access. With this approach only entities authorized for the currently active user are loaded, reducing the risk of data leaks. Furthermore, the developers are not required to implement access control on a per-entity-type basis.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    https://github.com/neo4j/neo4j-ogm/blob/230029be650f2b15af99caf10de92fd8387a725d/core/src/main/java/org/neo4j/ogm/session/Session.java.

  2. 2.

    https://research.daho.at/papers/modifying-neo4js-ogm-queries-for-access-control.

References

  1. Bogaerts, J., Decat, M., Lagaisse, B., Joosen, W.: Entity-based access control: supporting more expressive access control policies. In: Proceedings of the 31st Annual Computer Security Applications Conference, pp. 291–300 (2015)

    Google Scholar 

  2. Hofer, D., Nadschläger, S., Mohamed, A., Küng, J.: Extending authorization capabilities of object relational/graph mappers by request manipulation. In: Strauss, C., Cuzzocrea, A., Kotsis, G., Tjoa, A.M., Khalil, I. (eds.) DEXA 2022. LNCS, vol. 13427, pp. 71–83. Springer International Publishing, Cham (2022). https://doi.org/10.1007/978-3-031-12426-6_6

    Chapter  Google Scholar 

  3. Jarman, J., McCart, J.A., Berndt, D., Ligatti, J.: A dynamic query-rewriting mechanism for role-based access control in databases. In: AMCIS Proceedings (2008)

    Google Scholar 

  4. Leão, F., Azevedo, L.G., Baião, F., Cappelli, C.: Enforcing authorization rules in information systems. In: IADIS International Conference Applied Computing (2011)

    Google Scholar 

  5. Lecomte, F.: strategy-spring-security-acl (2016). https://github.com/lordlothar99/strategy-spring-security-acl

  6. Neo4j Inc: Authentication and authorization. https://neo4j.com/docs/operations-manual/current/authentication-authorization/. Accessed 05 July 2022

  7. Neo4j Inc: Reference - OGM Library. https://neo4j.com/docs/ogm-manual/current/reference/#reference:session:configuration. Accessed 08 July 2022

  8. Rizvi, S., Mendelzon, A., Sudarshan, S., Roy, P.: Extending query rewriting techniques for fine-grained access control. In: Proceedings of the 2004 ACM SIGMOD International Conference on Management of Data, SIGMOD 2004, pp. 551–562. Association for Computing Machinery, New York (2004). https://doi.org/10.1145/1007568.1007631

  9. Rosenthal, A., Sciore, E.: View security as the basis for data warehouse security. In: DMDW, p. 8 (2000)

    Google Scholar 

  10. VMware Inc: Spring Security. https://spring.io/projects/spring-security. Accessed 05 July 2022

Download references

Acknowledgements

This research has been partly supported by the LIT Secure and Correct Systems Lab funded by the State of Upper Austria. This work has been supported by the COMET-K2 Center of the Linz Center of Mechatronics (LCM) funded by the Austrian federal government and the federal state of Upper Austria.

Author information

Authors and Affiliations

  1. Institute for Application-Oriented Knowledge Processing (FAW), Faculty of Engineering and Natural Sciences (TNF), Johannes Kepler University (JKU) Linz, Linz, Austria

    Daniel Hofer, Aya Mohamed & Josef Küng

  2. LIT Secure and Correct Systems Lab, Linz Institute of Technology (LIT), Johannes Kepler University (JKU) Linz, Linz, Austria

    Daniel Hofer, Aya Mohamed & Josef Küng

Authors
  1. Daniel Hofer
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Aya Mohamed
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Josef Küng
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Daniel Hofer .

Editor information

Editors and Affiliations

  1. La Trobe University, Melbourne, VIC, Australia

    Eric Pardede

  2. Monash University, Melbourne, VIC, Australia

    Pari Delir Haghighi

  3. Johannes Kepler University Linz, Linz, Austria

    Ismail Khalil

  4. Johannes Kepler University Linz, Linz, Austria

    Gabriele Kotsis

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Hofer, D., Mohamed, A., Küng, J. (2022). Modifying Neo4j’s Object Graph Mapper Queries for Access Control. In: Pardede, E., Delir Haghighi, P., Khalil, I., Kotsis, G. (eds) Information Integration and Web Intelligence. iiWAS 2022. Lecture Notes in Computer Science, vol 13635. Springer, Cham. https://doi.org/10.1007/978-3-031-21047-1_37

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-21047-1_37

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-21046-4

  • Online ISBN: 978-3-031-21047-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy