NSA extends label-based security to big data stores
- 07 September, 2011 02:28
The National Security Agency has submitted new label-based data store software, called Accumulo, to the Apache Software Foundation, in hopes that other parties will further develop the technology for use in secure systems.
"There is a need for a flexible, high performance distributed key/value store that provides expressive, fine-grained access labels," the developers stated on the proposal page submitted to Apache. "We have made much progress in developing this project over the past [three] years and believe both the project and the interested communities would benefit from this work being openly available and having open development."
Based on Google BigTable design, Accumulo is a simple key/value data store, where providing the system with the key will return the data associated with that key. A distributed design, Accumulo can be run across multiple servers, making it a candidate for use in big data systems.
Plenty of NoSQL-based key/value data stores already exist, such as Cassandra and HBase. What sets Accumulo apart is the ability to tag each data cell with a label. Each key has a section called column visibility, which can store labels. The labels could be used to allow fine-grained access to the data, where an external server may access some cells of the data store, but not others, based on policy rules set in place and defined by a set of labels.
Read Big Data - Part 1.
"The access labels in Accumulo do not in themselves provide a complete security solution, but are a mechanism for labeling each piece of data with the authorizations that are necessary to see it," the proposal stated.
Such label-based data storage could be the basis of secure data store-based systems, ones that could be used by health care, government agencies and other parties with stringent security and privacy requirements, the developers state.
NSA's label-based approach to security resembles another open source project NSA developed and released in 2000, called Security Enhanced Linux (SE Linux). With SE Linux, administrators can create policies that dictate, in fine-grained detail, what actions each program on a computer can execute. Red Hat has integrated SE Linux into its Red Hat Enterprise Linux distribution.
Already the software was attracted "hundreds of developers," using the database, primarily within the NSA, according to the agency. The software itself has about 200,000 lines of code, most based on Java. In addition to the code, NSA pledges to post examples, documentation and training materials on the Apache site.
The agency wants to build a wider base of both contributors and users.
The Apache Incubator is the entry point for new projects that developers hope to have Apache manage. Accumulo runs on top of a number of other Apache programs, namely the Hadoop distributed data platform, the Zookeeper distributed application configuration manager, and the Thrift services development tool.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
Why change management doesn’t work
Larry Page wants to see your medical records
Dual-Persona Smartphones Not a BYOD Panacea
After two-year hiatus, EFF accepts bitcoin donations again
CIOs struggle to deliver timely mobile business apps: survey
Integrated Computing Platforms: Infrastructure Builds for Tomorrow’s Data Centre
Integrated Computing Platforms, such as EMC VSPEX RAs, provide a solution by eliminating the time (and cost) of designing, testing, and engineering integrated environments with components built independently of one another. These validated architectures are ready for production environments upon delivery, and offer a single point of support should IT require it. Learn more on how a leading IT vendor has aligned product innovation with an IT market need to improve efficiency, performance, and value for SMBs.
Devising a Server Protection Strategy with Trend Micro
With so many Information Technology solutions available to choose from today, many organizations put their trust in the experience, insight and advice of Gartner, and their industry-leading analysts. Trend Micro’s portfolio of solutions meets and exceeds Gartner’s recommendations on how to devise a server protection strategy. Precisely how Trend Micro does it is detailed in this whitepaper. Read now.
The Power of Cloud
Although cloud is widely recognized as a technology game changer, its potential for driving business innovation remains virtually untapped. To take advantage of cloud’s potential to transform internal operations, customer relationships and industry value chains, organisations need to determine how best to employ cloud-enabled business models that promote sustainable competitive advantage. Learn more about driving business model innovation.