A novel access control strategy for distributed data systems

It is one of the most important challenges to balance between security and scalability in large distributed data systems. In this paper, we introduce a new data distribution model, which is a generalized tree structure called as multitree. And its access control strategy is investigated. In our multitree data model, the database schema is expressed as a schema graph, and a database instance is imagined as a data graph. It is different from the traditional hierarchical data model, since a node in our multitree model can have many parent nodes. All the data graphs or schema are transformed into multitrees. The complex data relation of the distributed data systems is reduced based on graph theory. The complexity of distribution is decreased significantly. In the multitree model, each user has a maximum access range corresponding to its multitree. It is integrated naturally with security. We use organization structure to bound the data range that a user can access, and use roles to restrict the operations that the user can perform. The scalability of data distribution and access control administration are evaluated through the instance adapted from the TPC-C database. The results illustrates our data distribution model is helpful for the system to be resilient and scalable. It is suitable for large distributed system and cloud relational database.