Fine-Grained Access Control Within NoSQL Document-Oriented Datastores

The recent years have seen the birth of several NoSQL datastores, which are getting more and more popularity for their ability to handle high volumes of heterogeneous and unstructured data in a very efficient way. In several cases, NoSQL databases proved to outclass in terms of performance, scalability, and ease of use relational database management systems, meeting the requirements of a variety of today ICT applications. However, recent surveys reveal that, despite their undoubted popularity, NoSQL datastores suffer from some weaknesses, among which the lack of effective support for data protection appears among the most serious ones. Proper data protection mechanisms are therefore required to fill this void. In this work, we start to address this issue by focusing on access control and discussing the definition of a fine-grained access control framework for document-oriented NoSQL datastores. More precisely, we first focus on issues and challenges related to the definition of such a framework, considering theoretical, implementation, and integration aspects. Then, we discuss the reasons for which state-of-the-art fine-grained access control solutions proposed for relational database management systems cannot be used within the NoSQL scenario. We then introduce possible strategies to address the identified issues, which are at the basis of the framework development. Finally, we shortly report the outcome of an experience where the proposed framework has been used to enhance the data protection features of a popular NoSQL database.