{"id":18548960,"url":"https://github.com/danthe1st/arebac","last_synced_at":"2026-02-17T14:02:06.495Z","repository":{"id":249399085,"uuid":"828236861","full_name":"danthe1st/AReBAC","owner":"danthe1st","description":null,"archived":false,"fork":false,"pushed_at":"2026-02-04T20:30:10.000Z","size":343,"stargazers_count":2,"open_issues_count":1,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2026-02-13T11:29:07.936Z","etag":null,"topics":["access-control","dan1st-jku","graph-databases","relation-based-access-control"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/danthe1st.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2024-07-13T14:21:54.000Z","updated_at":"2025-08-22T14:49:56.000Z","dependencies_parsed_at":"2024-08-11T13:30:21.837Z","dependency_job_id":"e5cd9e16-3379-44a9-a432-b0784ce83fea","html_url":"https://github.com/danthe1st/AReBAC","commit_stats":null,"previous_names":["danthe1st/arebac"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/danthe1st/AReBAC","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/danthe1st%2FAReBAC","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/danthe1st%2FAReBAC/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/danthe1st%2FAReBAC/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/danthe1st%2FAReBAC/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/danthe1st","download_url":"https://codeload.github.com/danthe1st/AReBAC/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/danthe1st%2FAReBAC/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29546746,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-17T13:00:00.370Z","status":"ssl_error","status_checked_at":"2026-02-17T12:57:14.072Z","response_time":100,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["access-control","dan1st-jku","graph-databases","relation-based-access-control"],"created_at":"2024-11-06T20:36:16.622Z","updated_at":"2026-02-17T14:02:06.465Z","avatar_url":"https://github.com/danthe1st.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"This repository contains my implementation of the GP-eval and Weaving algorithms presented in [Syed Zain Raza Rizvi and Philip W. L. Fong. 2020. Efficient Authorization of Graph-database Queries in an Attribute-supporting ReBAC Model. ACM Trans. Priv. Secur. 23, 4, Article 18 (November 2020), 33 pages. https://doi.org/10.1145/3401027](https://doi.org/10.1145/3401027).\n\nAnother implementation of the GP-Eval algorithm using Neo4J has been [provided by the authors of that paper](https://github.com/szrrizvi/arebac/).\n\nThe `arebac-core` module contains the code for the GP-eval and Weaving algorithms as well as data classes from graph patterns and an in-memory graph implementation that can be used with the implementation of GP-eval.\n\n### Graph patterns\n\nGraph patterns are a database-independant representation of a query to a graph database.\n\nA graph pattern consists of\n- A directed graph\n- Mutual exclusion constraints specifying two nodes must not be the same\n- Node attribute requirements specifying specific nodes must have attributes matching a criterion\n- Edge attribute requirements specifying specific edges must have attributes matching a criterion\n- Nodes to be included in the result of the query\n- The category of the query which is used to determine the policy as well as the actors (which nodes the query acts on)\n\nAn implementation of a graph pattern is provided in the `GraphPattern` class. This implementation doesn't include categories but only specifies the actors and corresponding nodes as that's all the information from categories that is necessary for the Weaving and GP-Eval algorithms.\n\n### Weaving\n\nWeaving combines multiple graph patterns such that the resulting graph pattern matches if and only if all of the combined patterns match with the constraint that all actors must correspond to the same node in the graph.\n\nThis algorithm is implemented in the `Weaving` class.\n\n### GP-Eval\n\nThe implementation of the GP-Eval algorithm can be found in the `GPEval` class.\n\nThis algorithm matches a graph pattern against an attributed graph.\nIt attempts to assign a node in the graph for every node in the graph pattern in a way that all edges specified in the graph pattern are also present in the graph and no constraints in the graph pattern are violated.\nIf there are multiple possible assignments resulting in different values of the specified returned nodes, it should return all of these assignments.\n\nIn order to use that algorithm on custom graph implementation/graph databases, one needs to implement the `AttributedGraph` interface.\n\n### arebac-neo4j\n\nThe `arebac-neo4j` module contains an implementation of `AttributedGraph` that uses an embedded Neo4J database that can be used to evaluate graph patterns against a Neo4J database with the GP-Eval algorithm.\n\n```java\nGraphDatabaseService database = getDatabase();\nGraphPattern pattern = createGraphPattern();\ntry(Transaction tx = database.beginTx()){\n\tSet\u003cList\u003cNeo4jNode\u003e\u003e results = GPEval.evaluate(dbAsGraph, pattern);\n\tSystem.out.println(results);\n}\n```\n\n### arebac-jfr\n\nThe `arebac-jfr` module provides an `AttributedGraph` implementation wrapping an `AttributedGraph` and adding custom [JFR](https://openjdk.org/jeps/328) events on graph accesses. These events can be used to find out which graph accesses are relevant for performance, how often these take place and where.\nJFR events can be collected by starting Java with the `-XX:StartFlightRecording:filename=someRecording.jfr` JVM argument and can be analyized with [JDK Mission Control](https://openjdk.org/projects/jmc/).\n\nThis module provides the following JFR events:\n- `io.github.danthe1st.arebac.jfr.events.FindEdgesEvent`: This event is fired when obtaining the edges of a node.\n- `io.github.danthe1st.arebac.jfr.events.FindNodeEvent`: This event is fired when looking up a node by its id.\n- `io.github.danthe1st.arebac.jfr.events.GetAttributeEvent`: This event is obtained when accessing an attribute.\n\nAside from that, the GP-Eval implementation (in the `arebac-core` module) provides these JFR events:\n- `io.github.danthe1st.arebac.gpeval.events.FilterMutualExclusionConstraintEvent`: This event is fired during the \"filter mutual exclusion constraints\" step of GP-Eval.\n- `io.github.danthe1st.arebac.gpeval.events.ForwardCheckingEvent`: This event is fired during the forward-checking step of GP-Eval.\n- `io.github.danthe1st.arebac.gpeval.events.IntersectionEvent`: This event is fired during the intersection computation as part of the forward-checking step of GP-Eval\n\n## Environment\n\nThis project uses Java 21 and Neo4J version 5.25.1.\n\n## License\n\nThis project is available under both the MIT and GPL-3.0 license. Users can choose whichever license they prefer.\n\nSpecific files or directories may be subject different licenses. In this case, the license is available in a `LICENSE` or `NOTICE` file of the directory in question or a parent directory.\n\nThe `arebac-neo4j` module uses the [embedded Neo4J database](https://neo4j.com/docs/java-reference/current/java-embedded/) (specifically `neo4j-graphdb-api`) which is GPL-licensed (aside from commercial options) as a `provided` dependency.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdanthe1st%2Farebac","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdanthe1st%2Farebac","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdanthe1st%2Farebac/lists"}