The increasing adoption of graph databases in real-world applications highlights the need for robust mechanisms to secure sensitive data stored within these systems. Access control plays a critical role in ensuring data security, and its implementation must be thoroughly tested to prevent unauthorized access and potential vulnerabilities. In this work, we present CypherFuzzer, a novel tool designed to test access control mechanisms in graph databases. By leveraging fuzzing techniques, CypherFuzzer generates semantically valid Cypher queries with the goal to systematically evaluate the query rewriting approaches for enforcing attribute-based access control (ABAC). The tool supports diverse fuzzers for query generation to enhance the relevance and variety of test cases. Our evaluations reveal that CypherFuzzer effectively generates queries that are useful for testing ABAC policies. Despite its strengths, the tool has some limitations related to producing meaningful values for specific attributes or its reliance on randomness. Nevertheless, CypherFuzzer represents a significant step forward in the field of automated security testing of access control mechanisms for graph databases.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

CypherFuzzer: A Tool for Testing Access Control in Graph Databases

  • Philipp Reisinger,
  • Daniel Hofer,
  • Bahara Muradi,
  • Josef Küng

摘要

The increasing adoption of graph databases in real-world applications highlights the need for robust mechanisms to secure sensitive data stored within these systems. Access control plays a critical role in ensuring data security, and its implementation must be thoroughly tested to prevent unauthorized access and potential vulnerabilities. In this work, we present CypherFuzzer, a novel tool designed to test access control mechanisms in graph databases. By leveraging fuzzing techniques, CypherFuzzer generates semantically valid Cypher queries with the goal to systematically evaluate the query rewriting approaches for enforcing attribute-based access control (ABAC). The tool supports diverse fuzzers for query generation to enhance the relevance and variety of test cases. Our evaluations reveal that CypherFuzzer effectively generates queries that are useful for testing ABAC policies. Despite its strengths, the tool has some limitations related to producing meaningful values for specific attributes or its reliance on randomness. Nevertheless, CypherFuzzer represents a significant step forward in the field of automated security testing of access control mechanisms for graph databases.