Information Security Considerations for Applications Using Apache Accumulo
Abstract
NoSQL databases are gaining popularity due to their ability to store and process large heterogeneous data sets more efficiently than relational databases. Apache Accumulo is a NoSQL database that introduced a unique information security feature cell-level access control. We study Accumulo to examine its cell-level access control policy enforcement mechanism. We survey existing Accumulo applications, focusing on Koverse as a case study to model the interaction between Accumulo and a client application. We conclude with a discussion of potential security concerns for Accumulo applications. We argue that Accumulo s cell-level access control can assist developers in creating a stronger information security policy, but Accumulo cannot provide security particularly enforcement of information flow policies on its own. Furthermore, popular patterns for interaction between Accumulo and its clients require diligence on the part of developers, which may otherwise lead to unexpected behavior that undermines system policy. We highlight some undesirable but reasonable confusions stemming from the semantic gap between cell-level and table-level policies, and between policies for end-users and Accumulo clients.level policies, and between policies for end-users and Accumulo clients.
Document Details
- Document Type
- Technical Report
- Publication Date
- Sep 01, 2014
- Accession Number
- ADA620694
Entities
People
- Brandon H. Pontius
Organizations
- Naval Postgraduate School