SEQUOIA: A Middleware Supporting Policy-Based Access Control for Search and Aggregation in Data-Driven Applications

Abstract

Application-level access control is a top priority when hardening software applications. In particular, run-time customization of access control policies and separation for concerns are becoming increasingly important. While these requirements are generally well-supported for request-response applications, there is a lack of support for data-focused operations, such as search or data aggregation, in a multi-tier architecture. Moreover, an ability to specify fine-grained access control policies is generally lacking for such applications. This puts at risk the security of organizations that employ existing and emerging database technologies and requires solutions that alleviate this issue. This paper approaches this issue through query rewriting. We present Sequoia , a data access middleware that enables attribute-based, application-level access control in data-driven applications. The middleware enforces external access control policies on data-focused operations such as search and aggregation queries by means of query rewriting based on dynamic run-time conditions. Sequoia provides run-time enforcement of policies that is scalable with regard to the database size. This paper presents an extensible architecture for both relational databases and document stores. It discusses the rewriting approach, and provides a formal verification of equivalencyand an extensive evaluation that shows that this approach scales better than the current state of practice and is an important track for future research.