accumulo summit 2014: accumulo visibility labels and pluggable authorization systems: a love story
Post on 01-Nov-2014
383 Views
Preview:
DESCRIPTION
TRANSCRIPT
Securely explore your data
Accumulo Visibility Labels and
Pluggable Authorization Systems:A Love Story
John VinesEngineerSqrrl Data, Inc.john@sqrrl.com
WHAT MAKES ACCUMULO SPECIAL WHEN IT COMES TO SECURITY?
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
CELL-LEVEL SECURITY
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
CELL-LEVEL SECURITY
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
tldr;
visibilities are like ACLs
CELL-LEVEL SECURITY
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
tldr;
visibilities are like ACLs
...sort of
CELL-LEVEL SECURITY
THAT’S GREAT!
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
What does it get me?
THAT’S GREAT!
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
What does it get me?
Amalgamating data sources that are segregated
THE SCENARIO:
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
I am a first time Accumulo userI want to use it’s nifty featuresI have no idea what I’m doing
FIRST TRY
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
Scan without JohnsLabel
FIRST TRY
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
Scan without JohnsLabel*sad trombone*
Scan with JohnsLabel
FIRST TRY
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
Scan without JohnsLabel*sad trombone*
Scan with JohnsLabelrow1 colf1:colq1 JohnsLabelrow1 colf2:colq1 JohnsLabelrow2 colf1:colq3 JohnsLabelrow3 colf1:colq1 JohnsLabelrow4 colf4:colq2 JohnsLabel
SECOND TRY
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
row1 colf1:colq1 JohnsApplicationrow1 colf2:colq1 JohnsApplicationrow2 colf1:colq3 JohnsApplicationrow3 colf1:colq1 JohnsApplicationrow4 colf4:colq2 JohnsApplication
SECOND TRY
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
What does my label even mean?
row1 colf1:colq1 JohnsApplicationrow1 colf2:colq1 JohnsApplicationrow2 colf1:colq3 JohnsApplicationrow3 colf1:colq1 JohnsApplicationrow4 colf4:colq2 JohnsApplication
THIRD TRY
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
row1 colf1:colq1 application1|application2row1 colf2:colq1 application1row2 colf1:colq3 application2row3 colf1:colq1 application2row4 colf4:colq2 application3
THIRD TRY
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
What about analytic4?analytic5? 6?
row1 colf1:colq1 application1|application2row1 colf2:colq1 application1row2 colf1:colq3 application2row3 colf1:colq1 application2row4 colf4:colq2 application3
BACK TO THE DRAWING BOARD
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
What am I trying to accomplish?Why am I segregating my data?
FOURTH TRY
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
row1 colf1:colq1 org1|org2row1 colf2:colq1 org1row2 colf1:colq3 org2row3 colf1:colq1 org2
row4 colf4:colq2 org1&org2
FOURTH TRY
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
Organizations are big!
row1 colf1:colq1 org1|org2row1 colf2:colq1 org1row2 colf1:colq3 org2row3 colf1:colq1 org2
row4 colf4:colq2 org1&org2
FIFTH TRY
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
row1 colf1:colq1 subOrg1|subOrg2row1 colf2:colq1 subOrg1row2 colf1:colq3 subOrg2row3 colf1:colq1 subOrg2
row4 colf4:colq2 subOrg1&subOrg2
What about if subOrgs change?
FIFTH TRY
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
What about if subOrgs change?Why do these orgs have permission?
row1 colf1:colq1 subOrg1|subOrg2row1 colf2:colq1 subOrg1row2 colf1:colq3 subOrg2row3 colf1:colq1 subOrg2
row4 colf4:colq2 subOrg1&subOrg2
SIXTH TRY
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
row1 colf1:colq1 accountsReceivable|payrollrow1 colf2:colq1 accountsReceivable
row2 colf1:colq3 payrollrow3 colf1:colq1 payroll
row4 colf4:colq2 accountsReceivable&payroll
Looks good!
SIXTH TRY
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
Looks good!But now I need to manage users!
row1 colf1:colq1 accountsReceivable|payrollrow1 colf2:colq1 accountsReceivable
row2 colf1:colq3 payrollrow3 colf1:colq1 payroll
row4 colf4:colq2 accountsReceivable&payroll
PLUGGABLE SECURITY TO THE RESCUE
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
PLUGGABLE SECURITY TO THE RESCUE
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
okay… what is this?
PLUGGABLE SECURITY TO THE RESCUE
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
tserverscan
PluggableAuthorizor
getAuths()scan
PLUGGABLE SECURITY TO THE RESCUE
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
tserverscan
PluggableAuthorizor
getAuths()scan
Now we can use our existing system!
SEVENTH TRY
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
LDAP’s role-based access says:User1->HR
User2->InternalConflictsUser3->PayrollUser4->Taxes
SEVENTH TRY
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
One less system to maintain!
LDAP’s role-based access says:User1->HR
User2->InternalConflictsUser3->PayrollUser4->Taxes
SEVENTH TRY
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
One less system to maintain!But our orgs are hierarchical!
LDAP’s role-based access says:User1->HR
User2->InternalConflictsUser3->PayrollUser4->Taxes
EIGHTH TRY
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
Authorizor Says:InternalConflicts->InternalConflicts,HR
Payroll->Payroll,FinanceTaxes->Finance,AccountsReceivable
EIGHTH TRY
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
But what if I don’t want a certain org to get a piece of data?
Authorizor Says:InternalConflicts->InternalConflicts,HR
Payroll->Payroll,FinanceTaxes->Finance,AccountsReceivable
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
What if I don’t want a certain org to get a piece of data?
NINTH TRY
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
row5 colf1:colq3 designer&!manager
NINTH TRY
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
Accumulo does not support NOTs
row5 colf1:colq3 designer&!manager
NINTH TRY
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
Accumulo does not support NOTsWhat are we trying to accomplish?
row5 colf1:colq3 designer&!manager
TENTH TRY
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
row5 colf1:colq3 designer&(worker&contractor)
TENTH TRY
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
But I want others to know some part of row5 colf1:colq!
row5 colf1:colq3 designer&(worker&contractor)
REMEMBER
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
ELEVENTH TRY
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
row5 colf1:colq3 designer&(worker&contractor)row5 colf1:colq3 engineer&(worker&contractor)
ELEVENTH TRY
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
row5 colf1:colq3 designer&(worker&contractor)row5 colf1:colq3 engineer&(worker&contractor)
But I still want the managers to know that row5 colf1:colq3 exists!
TWELTH TRY
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
row5 colf1:colq3row5 colf1:colq3 designer&(worker&contractor)row5 colf1:colq3 engineer&(worker&contractor)
TWELTH TRY
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
How can root look at everything?
row5 colf1:colq3row5 colf1:colq3 designer&(worker&contractor)row5 colf1:colq3 engineer&(worker&contractor)
THIRTEENTH TRY
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
row5 colf1:colq3row5 colf1:colq3 root|
(designer&(worker&contractor))row5 colf1:colq3 root|
(engineer&(worker&contractor))
THIRTEENTH TRY
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
I don’t like that...
row5 colf1:colq3row5 colf1:colq3 root|
(designer&(worker&contractor))row5 colf1:colq3 root|
(engineer&(worker&contractor))
THIRTEENTH TRY 2
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
Remember the pluggable Authorizor!
LDAP knows all rolesroot->all roles
THIRTEENTH TRY 2
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
All of my bases are covered!
Except...
Remember the pluggable Authorizor!
LDAP knows all rolesroot->all roles
GETTING CRAFTY
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
What if I want to:● Allow authorizations based on time● Allow authorizations based on location● Make data more available● Make data less available
BEING CRAFTY
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
Remember the pluggable Authorizor!
If you have the data available, you can use it!
BEING CRAFTY
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
Remember the pluggable Authorizor!
If you have the data available, you can use it!
Just remember- visibility labels are filters. They’re not made for restricting
entire tables.
FOURTEENTH TRY
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
Accumulo Tables have Read permissions for coarse access!
FOURTEENTH TRY
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
Accumulo Tables have Read permissions for coarse access!
Can we do it to people who are missing certain labels?
PLUGGABLE SECURITY TO THE RESCUE
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
PLUGGABLE SECURITY TO THE RESCUE
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
Looks familiar… what is this?
PLUGGABLE SECURITY TO THE RESCUE
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
tserverscan
Pluggable PermissionHandler
hasTablePermission()scan
PLUGGABLE SECURITY TO THE RESCUE
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
tserverscan
Pluggable PermissionHandler
hasTablePermission()scan
Now we can use our existing systemfor coarse access!
RECAP
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
● Label for the data, not the users● Label with the highest granularity
possible● Let the pluggable security do the rest of
the work● Need to rely on external services or
special processes for tracking labels● These can manage users authorizations
and general access
RECAP
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
Cell level security boils down to two separate components● Data labels● User granted labels
They are the two halves that establish cell level security.
RECAP
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
Cell level security boils down to two separate components● Data labels● User granted labels
They are the two halves that establish cell level security. Put the two together, and magic happens.
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
QUESTIONS?
@ohshazbot
john@sqrrl.com
ACCUMULO VISIBILITY LABELS AND PLUGGABLE AUTHORIZATION:
A LOVE STORY
top related