Abstract
Some of the current graph database systems provide built-in authorization and access control features. However, many authorization requirements demand for more sophisticated access control such as fine-grained, attribute-based access control (ABAC). Therefore, we decided for a query rewriting approach to enforce these authorizations. We propose an intermediate representation for the semantics of the query. Based on the Cypher grammar, we build an abstract syntax tree (AST) of the query to be extended (i.e., rewritten). We consider a universal class hierarchy for our AST nodes based on the composite pattern, while the semantics of the nodes is introduced via data components. This provides flexibility with respect to the supported kinds of permissions and complexity of the Cypher queries. Our concept and prototypical implementation rely on ANTLR (ANother Tool for Language Recognition), which generates a parser based on the Cypher grammar to create and traverse concrete syntax trees.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Arusoaie, A., Vicol, D.I.: Automating abstract syntax tree construction for context free grammars. In: 2012 14th International Symposium on Symbolic and Numeric Algorithms for Scientific Computing, pp. 152–159 (2012). https://doi.org/10.1109/SYNASC.2012.8
Van den Brand, M., Moreau, P.E., Vinju, J.: Generator of efficient strongly typed abstract syntax trees in java. IEE Proc.-Softw. 152(2), 70–78 (2005)
Clark, C.: Uniform abstract syntax trees. ACM SIGPLAN Notices 35(2), 11–16 (2000)
Hofer, D., Nadschläger, S., Mohamed, A., Küng, J.: Extending authorization capabilities of object relational/graph mappers by request manipulation. In: Strauss, C., Cuzzocrea, A., Kotsis, G., Tjoa, A.M., Khalil, I. (eds.) Database and Expert Systems Applications, pp. 71–83. Springer International Publishing, Cham (2022). https://doi.org/10.1007/978-3-031-12426-6_6
Mohamed, A., Auer, D., Hofer, D., Küng, J.: Authorization and access control for different database models: Requirements and current state of the art. In: Dang, T.K., Küng, J., Chung, T.M. (eds.) Future Data and Security Engineering. Big Data, Security and Privacy, Smart City and Industry 4.0 Applications, pp. 225–239. Springer Nature Singapore, Singapore (2022). https://doi.org/10.1007/978-981-19-8069-5_15
Neo4j Inc: openCypher. https://opencypher.org/. Accessed 13 Feb 2023
Riehle, D.: Composite design patterns. In: Proceedings of the 12th ACM SIGPLAN Conference on Object-oriented Programming, Systems, Languages, and Applications, pp. 218–228 (1997)
Sicari, S., Rizzardi, A., Coen-Porisini, A.: Security &privacy issues and challenges in NOSQL databases. Comput. Netw. 206, 108828 (2022). https://doi.org/10.1016/j.comnet.2022.108828, https://www.sciencedirect.com/science/article/pii/S1389128622000470
Wadler, P., et al.: The expression problem. Posted on the Java Genericity mailing list (1998). https://homepages.inf.ed.ac.uk/wadler/papers/expression/expression.txt
Acknowledgements
This research has been partly supported by the LIT Secure and Correct Systems Lab funded by the State of Upper Austria and by the COMET-K2 Center of the Linz Center of Mechatronics (LCM) funded by the Austrian federal government and the federal state of Upper Austria.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Hofer, D., Mohamed, A., Nadschläger, S., Auer, D. (2023). An Intermediate Representation for Rewriting Cypher Queries. In: Kotsis, G., et al. Database and Expert Systems Applications - DEXA 2023 Workshops. DEXA 2023. Communications in Computer and Information Science, vol 1872. Springer, Cham. https://doi.org/10.1007/978-3-031-39689-2_9
Download citation
DOI: https://doi.org/10.1007/978-3-031-39689-2_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-39688-5
Online ISBN: 978-3-031-39689-2
eBook Packages: Computer ScienceComputer Science (R0)