乐胖代购免代理版

{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,2,21]],"date-time":"2025-02-21T22:38:09Z","timestamp":1740177489509,"version":"3.37.3"},"reference-count":40,"publisher":"Association for Computing Machinery (ACM)","issue":"4","funder":[{"DOI":"10.13039\/501100001804","name":"Canada Research Chair","doi-asserted-by":"crossref","award":["950-229712"],"id":[{"id":"10.13039\/501100001804","id-type":"DOI","asserted-by":"crossref"}]},{"name":"NSERC Discovery Grant","award":["RGPIN-2014-06611"]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Priv. Secur."],"published-print":{"date-parts":[[2020,11,30]]},"abstract":"\n Neo4j is a popular graph database that offers two versions: an\n enterprise edition<\/jats:italic>\n and a\n community edition<\/jats:italic>\n . The enterprise edition offers customizable Role-based Access Control features through custom developed\n procedures<\/jats:italic>\n , while the community edition does not offer any access control support. Being a graph database, Neo4j appears to be a natural application for Relationship-Based Access Control (ReBAC), an access control paradigm where authorization decisions are based on relationships between subjects and resources in the system (i.e., an authorization graph). In this article, we present AReBAC, an attribute-supporting ReBAC model for Neo4j that provides finer-grained access control by operating over resources instead of procedures. AReBAC\u00a0employs Nano-Cypher, a declarative policy language based on Neo4j\u2019s Cypher query language, the result of which allows us to weave database queries with access control policies and evaluate both simultaneously. Evaluating the combined query and policy produces a result that (i) matches the search criteria, and (ii) the requesting subject is authorized to access. AReBAC\u00a0is accompanied by the algorithms and their implementation required for the realization of the presented ideas, including\n GP-Eval,<\/jats:italic>\n a query evaluation algorithm. We also introduce Live-End Backjumping (LBJ), a backtracking scheme that provides a significant performance boost over conflict-directed backjumping for evaluating queries. As demonstrated in our previous work, the original version of\n GP-Eval<\/jats:italic>\n already performs significantly faster than the Neo4j\u2019s Cypher evaluation engine. The optimized version of\n GP-Eval<\/jats:italic>\n , which employs LBJ, further improves the performance significantly, thereby demonstrating the capabilities of the technique.\n <\/jats:p>","DOI":"10.1145\/3401027","type":"journal-article","created":{"date-parts":[[2020,7,6]],"date-time":"2020-07-06T21:29:07Z","timestamp":1594070947000},"page":"1-33","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":10,"title":["Efficient Authorization of Graph-database Queries in an Attribute-supporting ReBAC Model"],"prefix":"10.1145","volume":"23","author":[{"given":"Syed Zain Raza","family":"Rizvi","sequence":"first","affiliation":[{"name":"University of Calgary, Canada"}]},{"given":"Philip W. L.","family":"Fong","sequence":"additional","affiliation":[{"name":"University of Calgary, Canada"}]}],"member":"320","published-online":{"date-parts":[[2020,7,6]]},"reference":[{"key":"e_1_2_1_1_1","unstructured":"[n.d.]. Intro to Cypher. Retrieved from https:\/\/neo4j.com\/developer\/cypher-query-language\/. [n.d.]. Intro to Cypher. Retrieved from https:\/\/neo4j.com\/developer\/cypher-query-language\/."},{"key":"e_1_2_1_2_1","unstructured":"[n.d.]. MySQL. Retrieved from http:\/\/www.mysql.com\/. [n.d.]. MySQL. Retrieved from http:\/\/www.mysql.com\/."},{"key":"e_1_2_1_3_1","unstructured":"[n.d.]. Neo4J. Retrieved from http:\/\/neo4j.com\/. [n.d.]. Neo4J. Retrieved from http:\/\/neo4j.com\/."},{"key":"e_1_2_1_4_1","unstructured":"[n.d.]. OpenMRS. Retrieved from http:\/\/openmrs.org\/. [n.d.]. OpenMRS. Retrieved from http:\/\/openmrs.org\/."},{"key":"e_1_2_1_5_1","unstructured":"Stanford Large Network Dataset Collection. 2014. Retrieved from http:\/\/snap.stanford.edu\/data. Stanford Large Network Dataset Collection. 2014. Retrieved from http:\/\/snap.stanford.edu\/data."},{"key":"e_1_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1007\/BFb0032431"},{"key":"e_1_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/3029806.3029828"},{"key":"e_1_2_1_8_1","volume-title":"Article 1 (Feb.","author":"Angles Renzo","year":"2008","unstructured":"Renzo Angles and Claudio Gutierrez . 2008. Survey of graph database models. ACM Comput. Surv. 40, 1 , Article 1 (Feb. 2008 ), 39 pages. Renzo Angles and Claudio Gutierrez. 2008. Survey of graph database models. ACM Comput. Surv. 40, 1, Article 1 (Feb. 2008), 39 pages."},{"key":"e_1_2_1_9_1","volume-title":"Emergence of scaling in random networks. Science 286, 5439","author":"Barab\u00e1si Albert-L\u00e1szl\u00f3","year":"1999","unstructured":"Albert-L\u00e1szl\u00f3 Barab\u00e1si and R\u00e9ka Albert . 1999. Emergence of scaling in random networks. Science 286, 5439 ( 1999 ), 509--512. DOI:https:\/\/doi.org\/10.1126\/science.286.5439.509 10.1126\/science.286.5439.509 Albert-L\u00e1szl\u00f3 Barab\u00e1si and R\u00e9ka Albert. 1999. Emergence of scaling in random networks. Science 286, 5439 (1999), 509--512. DOI:https:\/\/doi.org\/10.1126\/science.286.5439.509"},{"key":"e_1_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/2133601.2133616"},{"key":"e_1_2_1_11_1","first-page":"1","article-title":"Conflict-directed backjumping revisited","volume":"14","author":"Chen Xinguang","year":"2001","unstructured":"Xinguang Chen and Peter van Beek . 2001 . Conflict-directed backjumping revisited . J. Artif. Int. Res. 14 , 1 (Mar. 2001), 53--81. Retrieved from http:\/\/dl.acm.org\/citation.cfm?id=1622394.1622397. Xinguang Chen and Peter van Beek. 2001. Conflict-directed backjumping revisited. J. Artif. Int. Res. 14, 1 (Mar. 2001), 53--81. Retrieved from http:\/\/dl.acm.org\/citation.cfm?id=1622394.1622397.","journal-title":"J. Artif. Int. Res."},{"key":"e_1_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1109\/SocialCom-PASSAT.2012.57"},{"key":"e_1_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-31540-4_2"},{"key":"e_1_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-43936-4_19"},{"key":"e_1_2_1_15_1","volume-title":"Proceedings of the IEEE 32nd International Conference on Data Engineering (ICDE\u201916)","author":"Colombo P.","year":"2016","unstructured":"P. Colombo and E. Ferrari . 2016. Towards virtual private NoSQL datastores . In Proceedings of the IEEE 32nd International Conference on Data Engineering (ICDE\u201916) . 193--204. DOI:https:\/\/doi.org\/10.1109\/ICDE. 2016 .7498240 10.1109\/ICDE.2016.7498240 P. Colombo and E. Ferrari. 2016. Towards virtual private NoSQL datastores. In Proceedings of the IEEE 32nd International Conference on Data Engineering (ICDE\u201916). 193--204. DOI:https:\/\/doi.org\/10.1109\/ICDE.2016.7498240"},{"key":"e_1_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2015.2497680"},{"key":"e_1_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/2462410.2462419"},{"key":"e_1_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/2613087.2613094"},{"key":"e_1_2_1_19_1","volume-title":"Proceedings of the 6th ACM Conference on Data and Application Security and Privacy (CODASPY\u201916)","author":"Crampton Jason","year":"2016","unstructured":"Jason Crampton and James Sellwood . 2016 . ARPPM: Administration in the RPPM model . In Proceedings of the 6th ACM Conference on Data and Application Security and Privacy (CODASPY\u201916) . ACM, New York, NY, 219--230. DOI:https:\/\/doi.org\/10.1145\/2857705.2857711 10.1145\/2857705.2857711 Jason Crampton and James Sellwood. 2016. ARPPM: Administration in the RPPM model. In Proceedings of the 6th ACM Conference on Data and Application Security and Privacy (CODASPY\u201916). ACM, New York, NY, 219--230. DOI:https:\/\/doi.org\/10.1145\/2857705.2857711"},{"volume-title":"Access Control in Data Management Systems","author":"Ferrari Elena","key":"e_1_2_1_20_1","unstructured":"Elena Ferrari . 2010. Access Control in Data Management Systems . Morgan and Claypool Publishers . Elena Ferrari. 2010. Access Control in Data Management Systems. Morgan and Claypool Publishers."},{"key":"e_1_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/1943513.1943539"},{"key":"e_1_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/2508859.2516720"},{"key":"e_1_2_1_23_1","volume-title":"Guide to attribute based access control (ABAC) definition and considerations. NIST Spec. Pub. (Jan","author":"Hu Vincent C.","year":"2014","unstructured":"Vincent C. Hu , David Ferraiolo , Rick Kuhn , Adam Schnitzer , Kenneth Sandlin , Robert Miller , and Karen Scarfone . 2014. Guide to attribute based access control (ABAC) definition and considerations. NIST Spec. Pub. (Jan . 2014 ). Vincent C. Hu, David Ferraiolo, Rick Kuhn, Adam Schnitzer, Kenneth Sandlin, Robert Miller, and Karen Scarfone. 2014. Guide to attribute based access control (ABAC) definition and considerations. NIST Spec. Pub. (Jan. 2014)."},{"volume-title":"Oracle Database Security Guide 11g Release 1 (1.11)","author":"Huey Patricia","key":"e_1_2_1_24_1","unstructured":"Patricia Huey . 2014. Oracle Database Security Guide 11g Release 1 (1.11) . Oracle Corp . Patricia Huey. 2014. Oracle Database Security Guide 11g Release 1 (1.11). Oracle Corp."},{"key":"e_1_2_1_25_1","volume-title":"Meeting strangers and friends of friends: How random are social networks?Amer. Econ. Rev. 97","author":"Matthew","year":"2007","unstructured":"Matthew O. Jackson and Brian W. Rogers. 2007 . Meeting strangers and friends of friends: How random are social networks?Amer. Econ. Rev. 97 , 3 ( June 2007 ), 890--915. DOI:https:\/\/doi.org\/10.1257\/aer.97.3.890 10.1257\/aer.97.3.890 Matthew O. Jackson and Brian W. Rogers. 2007. Meeting strangers and friends of friends: How random are social networks?Amer. Econ. Rev. 97, 3 (June 2007), 890--915. DOI:https:\/\/doi.org\/10.1257\/aer.97.3.890"},{"key":"e_1_2_1_26_1","volume-title":"Pattern-based approach to the workflow satisfiability problem with user-independent constraints. CoRR abs\/1604.05636","author":"Karapetyan Daniel","year":"2016","unstructured":"Daniel Karapetyan , Andrew J. Parkes , Gregory Gutin , and Andrei Gagarin . 2016. Pattern-based approach to the workflow satisfiability problem with user-independent constraints. CoRR abs\/1604.05636 ( 2016 ). Daniel Karapetyan, Andrew J. Parkes, Gregory Gutin, and Andrei Gagarin. 2016. Pattern-based approach to the workflow satisfiability problem with user-independent constraints. CoRR abs\/1604.05636 (2016)."},{"key":"e_1_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/1401890.1401948"},{"key":"e_1_2_1_28_1","unstructured":"M. Lichman. 2013. UCI Machine Learning Repository. Retrieved from http:\/\/archive.ics.uci.edu\/ml. M. Lichman. 2013. UCI Machine Learning Repository. Retrieved from http:\/\/archive.ics.uci.edu\/ml."},{"key":"e_1_2_1_29_1","unstructured":"Jakob Nielsen. 2009. Powers of 10: Time Scales in User Experience. Retrieved from https:\/\/www.nngroup.com\/articles\/powers-of-10-time-scales-in-ux\/. Jakob Nielsen. 2009. Powers of 10: Time Scales in User Experience. Retrieved from https:\/\/www.nngroup.com\/articles\/powers-of-10-time-scales-in-ux\/."},{"key":"e_1_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/3078861.3078871"},{"key":"e_1_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1111\/j.1467-8640.1993.tb00310.x"},{"key":"e_1_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/1007568.1007631"},{"key":"e_1_2_1_33_1","unstructured":"Syed Zain R. Rizvi. 2018. Attribute-Supporting ReBAC Model. Retrieved from http:\/\/pages.cpsc.ucalgary.ca\/ szrrizvi\/projectAReBAC\/. Syed Zain R. Rizvi. 2018. Attribute-Supporting ReBAC Model. Retrieved from http:\/\/pages.cpsc.ucalgary.ca\/ szrrizvi\/projectAReBAC\/."},{"volume-title":"Proceedings of the 6th ACM Conference on Data and Application Security and Privacy (CODASPY\u201916)","author":"Syed Zain","key":"e_1_2_1_34_1","unstructured":"Syed Zain R. Rizvi and Philip W. L. Fong. 2016. Interoperability of relationship- and role-based access control . In Proceedings of the 6th ACM Conference on Data and Application Security and Privacy (CODASPY\u201916) . ACM, New York, NY, 231--242. Syed Zain R. Rizvi and Philip W. L. Fong. 2016. Interoperability of relationship- and role-based access control. In Proceedings of the 6th ACM Conference on Data and Application Security and Privacy (CODASPY\u201916). ACM, New York, NY, 231--242."},{"volume-title":"Proceedings of the 8th ACM Conference on Data and Application Security and Privacy (CODASPY\u201918)","author":"Syed Zain","key":"e_1_2_1_35_1","unstructured":"Syed Zain R. Rizvi and Philip W. L. Fong. 2018. Efficient authorization of graph database queries in an attribute-supporting ReBAC model . In Proceedings of the 8th ACM Conference on Data and Application Security and Privacy (CODASPY\u201918) . ACM, New York, NY, 204--211. DOI:https:\/\/doi.org\/10.1145\/3176258.3176331 10.1145\/3176258.3176331 Syed Zain R. Rizvi and Philip W. L. Fong. 2018. Efficient authorization of graph database queries in an attribute-supporting ReBAC model. In Proceedings of the 8th ACM Conference on Data and Application Security and Privacy (CODASPY\u201918). ACM, New York, NY, 204--211. DOI:https:\/\/doi.org\/10.1145\/3176258.3176331"},{"key":"e_1_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/2752952.2752962"},{"key":"e_1_2_1_37_1","volume-title":"Peter Van Beek, and Toby Walsh","author":"Rossi Francesca","year":"2007","unstructured":"Francesca Rossi , Peter Van Beek, and Toby Walsh . 2007 . Handbook of Constraint Programming. Elsevier . Francesca Rossi, Peter Van Beek, and Toby Walsh. 2007. Handbook of Constraint Programming. Elsevier."},{"volume-title":"Proceedings of the 19th ACM Symposium on Access Control Models and Technologies (SACMAT\u201914)","author":"Tarameshloo Ebrahim","key":"e_1_2_1_38_1","unstructured":"Ebrahim Tarameshloo and Philip W. L. Fong . 2014. Access control models for geo-social computing systems . In Proceedings of the 19th ACM Symposium on Access Control Models and Technologies (SACMAT\u201914) . ACM, New York, NY, 115--126. DOI:https:\/\/doi.org\/10.1145\/2613087.2613098 10.1145\/2613087.2613098 Ebrahim Tarameshloo and Philip W. L. Fong. 2014. Access control models for geo-social computing systems. In Proceedings of the 19th ACM Symposium on Access Control Models and Technologies (SACMAT\u201914). ACM, New York, NY, 115--126. DOI:https:\/\/doi.org\/10.1145\/2613087.2613098"},{"volume-title":"Handbook of Constraint Programming","author":"van Beek Peter","key":"e_1_2_1_39_1","unstructured":"Peter van Beek . 2006. Backtracking search algorithms . In Handbook of Constraint Programming . Elsevier , 85--134. Peter van Beek. 2006. Backtracking search algorithms. In Handbook of Constraint Programming. Elsevier, 85--134."},{"key":"e_1_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/1900008.1900067"}],"container-title":["ACM Transactions on Privacy and Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3401027","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2023,1,1]],"date-time":"2023-01-01T11:45:35Z","timestamp":1672573535000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3401027"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2020,7,6]]},"references-count":40,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2020,11,30]]}},"alternative-id":["10.1145\/3401027"],"URL":"https:\/\/doi.org\/10.1145\/3401027","relation":{},"ISSN":["2471-2566","2471-2574"],"issn-type":[{"type":"print","value":"2471-2566"},{"type":"electronic","value":"2471-2574"}],"subject":[],"published":{"date-parts":[[2020,7,6]]},"assertion":[{"value":"2019-08-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2020-05-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2020-07-06","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}