PACE: Proactively Secure Accumulo with Cryptographic Enforcement

Abstract

Cloud-hosted databases have many compelling benefits, including high availability, flexible resource allocation, and resiliency to attack, but it requires that cloud tenants cede control of their data to the cloud provider. In this paper, we describe Proactively-secure Accumulo with Cryptographic Enforcement (PACE), a client-side library that cryptographically protects a tenants data, returning control of that data to the tenant. PACE is a drop-in replacement for Accumulos APIs and works with Accumulos row-level security model. We evaluate the performance of PACE, discussing the impact of encryption and signatures on operation throughput.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
May 27, 2017
Accession Number
AD1034658

Entities

People

  • Ariel T Hamlin
  • Emily H. Shen
  • Robert K. Cunningham
  • Scott I Ruoti

Organizations

  • MIT Lincoln Laboratory

Tags

DTIC Thesaurus Topics

  • Air Force
  • Algorithms
  • Computer Access Control
  • Containers
  • Cryptography
  • Databases
  • Department Of Defense
  • Detection
  • Infrastructure
  • Intellectual Property
  • Measurement
  • Models
  • Resilience
  • Security
  • Standards
  • Test And Evaluation
  • Visibility

Fields of Study

  • Computer science
  • Mathematics

Readers

  • Cybersecurity.
  • Parallel and Distributed Computing.
  • Strategic Security Studies