Download - Accumulo Summit 2014: Accumulo Visibility Labels and Pluggable Authorization Systems: A Love Story

Securely explore your data

Accumulo Visibility Labels and

Pluggable Authorization Systems:A Love Story

John VinesEngineerSqrrl Data, [email protected]

WHAT MAKES ACCUMULO SPECIAL WHEN IT COMES TO SECURITY?

© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential

CELL-LEVEL SECURITY



tldr;

visibilities are like ACLs

CELL-LEVEL SECURITY


tldr;

visibilities are like ACLs

...sort of

CELL-LEVEL SECURITY

THAT’S GREAT!


What does it get me?

THAT’S GREAT!


What does it get me?

Amalgamating data sources that are segregated

THE SCENARIO:


I am a first time Accumulo userI want to use it’s nifty featuresI have no idea what I’m doing

FIRST TRY


Scan without JohnsLabel

FIRST TRY


Scan without JohnsLabel*sad trombone*

Scan with JohnsLabel

FIRST TRY


Scan without JohnsLabel*sad trombone*

Scan with JohnsLabelrow1 colf1:colq1 JohnsLabelrow1 colf2:colq1 JohnsLabelrow2 colf1:colq3 JohnsLabelrow3 colf1:colq1 JohnsLabelrow4 colf4:colq2 JohnsLabel

SECOND TRY


row1 colf1:colq1 JohnsApplicationrow1 colf2:colq1 JohnsApplicationrow2 colf1:colq3 JohnsApplicationrow3 colf1:colq1 JohnsApplicationrow4 colf4:colq2 JohnsApplication

SECOND TRY


What does my label even mean?

row1 colf1:colq1 JohnsApplicationrow1 colf2:colq1 JohnsApplicationrow2 colf1:colq3 JohnsApplicationrow3 colf1:colq1 JohnsApplicationrow4 colf4:colq2 JohnsApplication

THIRD TRY


row1 colf1:colq1 application1|application2row1 colf2:colq1 application1row2 colf1:colq3 application2row3 colf1:colq1 application2row4 colf4:colq2 application3

THIRD TRY


What about analytic4?analytic5? 6?

row1 colf1:colq1 application1|application2row1 colf2:colq1 application1row2 colf1:colq3 application2row3 colf1:colq1 application2row4 colf4:colq2 application3

BACK TO THE DRAWING BOARD


What am I trying to accomplish?Why am I segregating my data?

FOURTH TRY


row1 colf1:colq1 org1|org2row1 colf2:colq1 org1row2 colf1:colq3 org2row3 colf1:colq1 org2

row4 colf4:colq2 org1&org2

FOURTH TRY


Organizations are big!

row1 colf1:colq1 org1|org2row1 colf2:colq1 org1row2 colf1:colq3 org2row3 colf1:colq1 org2

row4 colf4:colq2 org1&org2

FIFTH TRY


row1 colf1:colq1 subOrg1|subOrg2row1 colf2:colq1 subOrg1row2 colf1:colq3 subOrg2row3 colf1:colq1 subOrg2

row4 colf4:colq2 subOrg1&subOrg2

What about if subOrgs change?

FIFTH TRY


What about if subOrgs change?Why do these orgs have permission?

row1 colf1:colq1 subOrg1|subOrg2row1 colf2:colq1 subOrg1row2 colf1:colq3 subOrg2row3 colf1:colq1 subOrg2

row4 colf4:colq2 subOrg1&subOrg2

SIXTH TRY


row1 colf1:colq1 accountsReceivable|payrollrow1 colf2:colq1 accountsReceivable

row2 colf1:colq3 payrollrow3 colf1:colq1 payroll

row4 colf4:colq2 accountsReceivable&payroll

Looks good!

SIXTH TRY


Looks good!But now I need to manage users!

row1 colf1:colq1 accountsReceivable|payrollrow1 colf2:colq1 accountsReceivable

row2 colf1:colq3 payrollrow3 colf1:colq1 payroll

row4 colf4:colq2 accountsReceivable&payroll

PLUGGABLE SECURITY TO THE RESCUE




okay… what is this?



tserverscan

PluggableAuthorizor

getAuths()scan



tserverscan

PluggableAuthorizor

getAuths()scan

Now we can use our existing system!

SEVENTH TRY


LDAP’s role-based access says:User1->HR

User2->InternalConflictsUser3->PayrollUser4->Taxes

SEVENTH TRY


One less system to maintain!



SEVENTH TRY


One less system to maintain!But our orgs are hierarchical!



EIGHTH TRY


Authorizor Says:InternalConflicts->InternalConflicts,HR

Payroll->Payroll,FinanceTaxes->Finance,AccountsReceivable

EIGHTH TRY


But what if I don’t want a certain org to get a piece of data?

Authorizor Says:InternalConflicts->InternalConflicts,HR

Payroll->Payroll,FinanceTaxes->Finance,AccountsReceivable


What if I don’t want a certain org to get a piece of data?

NINTH TRY


row5 colf1:colq3 designer&!manager

NINTH TRY


Accumulo does not support NOTs


NINTH TRY


Accumulo does not support NOTsWhat are we trying to accomplish?


TENTH TRY


row5 colf1:colq3 designer&(worker&contractor)

TENTH TRY


But I want others to know some part of row5 colf1:colq!

row5 colf1:colq3 designer&(worker&contractor)

REMEMBER


ELEVENTH TRY


row5 colf1:colq3 designer&(worker&contractor)row5 colf1:colq3 engineer&(worker&contractor)

ELEVENTH TRY


row5 colf1:colq3 designer&(worker&contractor)row5 colf1:colq3 engineer&(worker&contractor)

But I still want the managers to know that row5 colf1:colq3 exists!

TWELTH TRY


row5 colf1:colq3row5 colf1:colq3 designer&(worker&contractor)row5 colf1:colq3 engineer&(worker&contractor)

TWELTH TRY


How can root look at everything?

row5 colf1:colq3row5 colf1:colq3 designer&(worker&contractor)row5 colf1:colq3 engineer&(worker&contractor)

THIRTEENTH TRY


row5 colf1:colq3row5 colf1:colq3 root|

(designer&(worker&contractor))row5 colf1:colq3 root|

(engineer&(worker&contractor))

THIRTEENTH TRY


I don’t like that...

row5 colf1:colq3row5 colf1:colq3 root|

(designer&(worker&contractor))row5 colf1:colq3 root|

(engineer&(worker&contractor))

THIRTEENTH TRY 2


Remember the pluggable Authorizor!

LDAP knows all rolesroot->all roles

THIRTEENTH TRY 2


All of my bases are covered!

Except...


LDAP knows all rolesroot->all roles

GETTING CRAFTY


What if I want to:● Allow authorizations based on time● Allow authorizations based on location● Make data more available● Make data less available

BEING CRAFTY



If you have the data available, you can use it!

BEING CRAFTY



If you have the data available, you can use it!

Just remember- visibility labels are filters. They’re not made for restricting

entire tables.

FOURTEENTH TRY


Accumulo Tables have Read permissions for coarse access!

FOURTEENTH TRY


Accumulo Tables have Read permissions for coarse access!

Can we do it to people who are missing certain labels?



Looks familiar… what is this?



tserverscan

Pluggable PermissionHandler

hasTablePermission()scan



tserverscan

Pluggable PermissionHandler

hasTablePermission()scan

Now we can use our existing systemfor coarse access!

RECAP


● Label for the data, not the users● Label with the highest granularity

possible● Let the pluggable security do the rest of

the work● Need to rely on external services or

special processes for tracking labels● These can manage users authorizations

and general access

RECAP


Cell level security boils down to two separate components● Data labels● User granted labels

They are the two halves that establish cell level security.

RECAP


Cell level security boils down to two separate components● Data labels● User granted labels

They are the two halves that establish cell level security. Put the two together, and magic happens.


QUESTIONS?

@ohshazbot

[email protected]

ACCUMULO VISIBILITY LABELS AND PLUGGABLE AUTHORIZATION:

A LOVE STORY

Download - Accumulo Summit 2014: Accumulo Visibility Labels and Pluggable Authorization Systems: A Love Story

Top Related