PANACEA - Policy Analysis and NoSQL Access Control Evaluation Approach
This repository contains an implementation of an Access Control View System in Python. The system aims to provide fine-grained access control for data units by applying policies and generating views based on access request contexts.
The Access Control View System consists of the following main components:
- Data Mapping: The system maps data units to a unified model, representing them as Unifying Resource Properties (URPs).
- Policy Assignment: Random policies and metadata are assigned to each URP based on predefined rules.
- Policy Evaluation: Access control policies are evaluated against access request contexts to determine the access decisions for each URP.
- Policy Composition: The system combines the access decisions from multiple policies based on specified combining options and conflict resolution strategies.
- Policy Propagation: Access decisions are propagated from coarse-grained resources to fine-grained components of the data units.
- View Generation: The system generates views of the data units, marking unauthorized components based on the access decisions.
- Python 3.11
- MongoDB
-
Clone the repository:
git clone https://github.com/labackdoor/panacea.git
-
Install the required dependencies:
pip install -r requirements.txt
-
Set up the MongoDB connection by providing the appropriate configuration in
src/access_control_view/mongo_connection.py.
-
Prepare your data units and store them in the MongoDB collection specified in the configuration.
-
Define your access control policies and metadata in
src/access_control_view/specification.py. -
Run the main script to process the data units and generate access control views:
python src/main.py
-
The generated access control views will be stored in the specified output files or databases.
The system can be configured by modifying the following files:
src/access_control_view/mongo_connection.py: MongoDB connection settings.src/access_control_view/specification.py: Access control policy and metadata specifications.src/utils/log_config.py: Logging configuration.
src/access_control_view/: Contains the main components of the Access Control View System.mapper.py: Implements the data mapping functionality.specification.py: Defines access control policies and metadata.projector.py: Implements policy evaluation, composition, propagation, and view generation.mongo_connection.py: Handles MongoDB connections.util_functions.py: Contains utility functions used throughout the system.
src/utils/: Contains utility modules.log_config.py: Configures logging for the system.
src/main.py: The main entry point of the system.
Contributions to the Access Control View System are welcome! If you find any issues or have suggestions for improvements, please open an issue or submit a pull request.
If this research is useful for your work, please cite our paper. 📜
A. Orojo, E. El-Mahmoud, and G. Speegle. (2025). "Assessing the Impact of Access Control Policies on Data Accessibility in Distributed NoSQL Environments." The 24th International Conference on Security & Management (SAM'25).
@inproceedings{orojo2025assessing,
author = {Orojo, A. and El-Mahmoud, E. and Speegle, G.},
booktitle = {The 24th International Conference on Security \& Management},
title = {Assessing the Impact of Access Control Policies on Data Accessibility in Distributed NoSQL Environments},
year = {2025}
}This project is licensed under the MIT License.