Cryptographically Enforced Role-Based Access Control for NoSQL Distributed Databases

  • Yossif Shalabi
  • Ehud GudesEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10359)


The support for Role-Based Access Control (RBAC) using cryptography for NOSQL distributed databases is investigated. Cassandra is a NoSQL DBMS that efficiently supports very large databases, but provides rather simple security measures (an agent having physical access to a Cassandra cluster is usually assumed to have access to all data therein). Support for RBAC had been added almost as an afterthought, with the Node Coordinator having to mediate all requests to read and write data, in order to ensure that only the requests allowed by the Access Control Policy (ACP) are allowed through.

In this paper, we propose a model and protocols for cryptographic enforcement of an ACP in a cassandra like system, which would ease the load on the Node Coordinator, thereby taking the bottleneck out of the existing security implementation. We allow any client to read the data from any storage node(s) – provided that only the clients whom the ACP grants access to a datum, would hold the encryption keys that enable these clients to decrypt the data.


  1. 1.
  2. 2.
    Davis, M.A.: Why NoSQL equals NoSecurity. InformationWeek (2012)Google Scholar
  3. 3.
    Ferrara, A.L., Fuchsbauer, G., Warinschi, B.: Cryptographically enforced RBAC. In: 2013 IEEE 26th Computer Security Foundations Symposium (CSF), pp. 115–129. IEEE (2013)Google Scholar
  4. 4.
    Ferrara, A.L., Madhusudan, P., Nguyen, T.L., Parlato, G.: Vac - verifier of administrative role-based access control policies. In: Biere, A., Bloem, R. (eds.) CAV 2014. LNCS, vol. 8559, pp. 184–191. Springer, Cham (2014). doi: 10.1007/978-3-319-08867-9_12 Google Scholar
  5. 5.
    Foresti, S.: Data security and privacy in the cloud. In: 29th Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy (2015)Google Scholar
  6. 6.
    Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, CCS 2006, Alexandria, VA, USA, 30 October–3 November 2006, pp. 89–98 (2006)Google Scholar
  7. 7.
    Gudes, E.: The design of a cryptography based secure file system. IEEE Trans. Softw. Eng. 5, 411–420 (1980)CrossRefGoogle Scholar
  8. 8.
    Iii, W.C.G., Shull, A., Myers, S., Lee, A.J.: On the practicality of cryptographically enforcing dynamic access control policies in the cloud. In: IEEE Symposium on Security and Privacy, SP 2016, San Jose, CA, USA, 22–26 May 2016, pp. 819–838 (2016)Google Scholar
  9. 9.
    Katz, J., Sahai, A., Waters, B.: Predicate encryption supporting disjunctions, polynomial equations, and inner products. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 146–162. Springer, Heidelberg (2008). doi: 10.1007/978-3-540-78967-3_9 CrossRefGoogle Scholar
  10. 10.
    Lakshman, A., Malik, P.: Cassandra: a decentralized structured storage system. Oper. Syst. Rev. 44(2), 35–40 (2010)CrossRefGoogle Scholar
  11. 11.
    Nabeel, M., Bertino, E.: Privacy preserving delegated access control in public clouds. IEEE Trans. Knowl. Data Eng. 26(9), 2268–2280 (2014)CrossRefGoogle Scholar
  12. 12.
    Pilkington, M.: Blockchain technology: principles and applications. In: Research Handbook on Digital Transformations (2015)Google Scholar
  13. 13.
    MIT Csail Computer Systems Security Group: Crypto tutorial (2010).
  14. 14.
    Tunnicliffe, S.: Role based access control in Cassandra (2015).
  15. 15.
    Vimercati, S.D.C.D., Foresti, S., Jajodia, S., Paraboschi, S., Samarati, P.: Encryption policies for regulating access to outsourced data. ACM Trans. Database Syst. (TODS) 35(2), 12 (2010)CrossRefGoogle Scholar

Copyright information

© IFIP International Federation for Information Processing 2017

Authors and Affiliations

  1. 1.Ben-Gurion UniversityBeer-ShevaIsrael

Personalised recommendations