Date Published: January 30, 2024
Comments Due:
Email Questions to:
Author(s)
Vincent Hu (NIST)
Announcement
NoSQL (i.e., “not only SQL” or “non-SQL”) database systems and data stores often outperform traditional relational database management systems (RDBMSs) in various aspects, such as data analysis efficiency, system performance, ease of deployment, flexibility/scalability of data management, and users’ availability. However, with an increasing number of people storing sensitive data in NoSQL databases, access control issues have become a fundamental data protection requirement for database management systems.
This document discusses access control on NoSQL database systems by illustrating the NoSQL database types and their support for access control models. It operates under the assumption that the access control system stores and manages access control data (e.g., subjects, objects, and attributes) in the NoSQL database and describes considerations from the perspective of access control in general.
A public comment period is open through March 15, 2024.
NOTE: A call for patent claims is included on page ii of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy – Inclusion of Patents in ITL Publications.
NoSQL database systems and data stores often outperform traditional RDBMS in various aspects, such as data analysis efficiency, system performance, ease of deployment, flexibility/scalability of data management, and users’ availability. However, with an increasing number of people storing sensitive data in NoSQL databases, security issues have become critical concerns. NoSQL databases suffer from vulnerabilities, particularly due to the lack of effective support for data protection, including weak authorization mechanisms. As access control is a fundamental data protection requirement of any database management system DBMS, this document focuses on access control on NoSQL database systems.
NoSQL database systems and data stores often outperform traditional RDBMS in various aspects, such as data analysis efficiency, system performance, ease of deployment, flexibility/scalability of data management, and users’ availability. However, with an increasing number of people storing sensitive...
See full abstract
NoSQL database systems and data stores often outperform traditional RDBMS in various aspects, such as data analysis efficiency, system performance, ease of deployment, flexibility/scalability of data management, and users’ availability. However, with an increasing number of people storing sensitive data in NoSQL databases, security issues have become critical concerns. NoSQL databases suffer from vulnerabilities, particularly due to the lack of effective support for data protection, including weak authorization mechanisms. As access control is a fundamental data protection requirement of any database management system DBMS, this document focuses on access control on NoSQL database systems.
Hide full abstract
Keywords
access control; attribute-based access control; authorization; database systems; No-SQL; SQL
Control Families
None selected
