Abstract

Nowadays, organizations collect vast amounts of data for future analysis. Motivated by this amount of data and requirements of Web2.0, a plethora of non-relational databases (NoSQL) emerged in recent years. However, several security features in relational databases (e.g., access control) have been left in non-relational management systems to be developed by the application, which can raise security breaches. This paper proposes a security model, based on the use of metadata, to provide access control for NoSQL graph-oriented database management system. The goal is to support the development of applications that use graph-oriented database in preserving the integrity of stored data and protect them from non-authorized access. A case study was performed as proof of concept, where the model was instantiated and implemented for Neo4j database. Results showed that access restrictions were applied correctly, avoiding unauthorized access. A schema for Neo4j was provided, once it does not have a native one.