SlideShare a Scribd company logo

Accumulo Summit 2016: Cryptographically Enforcing Visibility Fields

Accumulo Summit
Accumulo Summit

Users trust Accumulo to properly enforce access control over their data, as specified by the visibility field. This trust can be broken by a malicious administrator or malfunctioning server, revealing sensitive information to unauthorized individuals. Our prior work encrypts data in Accumulo to protect its confidentiality from a malicious server, but does not protect against this attack. To address this threat, we have implemented a client-side tool that cryptographically enforces visibility labels in Accumulo. Our solution is called Cryptographically Enforced Attribute-Based Access Control (CEABAC), and consists of two components: an encryption protocol and a key management system. CEABAC generates a fresh encryption key for each, then encrypts this key based on the cell’s visibility field. To accomplish this, the user must be able to create, store, retrieve, and revoke keys associated with each attribute that can appear in the system. The protocol guarantees that, if keys are distributed appropriately, a client without the appropriate permissions to view a cell cannot decrypt it, even if they receive its ciphertext. In the talk we will discuss the CEABAC protocol, our key management solution, how we implemented it in Accumulo, and future directions for this work. – Speaker –  Dr. Scott Ruoti Technical Staff, MIT Lincoln Laboratory Scott Ruoti is a researcher at MIT Lincoln Laboratory. He graduated from Brigham Young University in 2016 with a Ph.D. in computer science, focusing on security and HCI. Recently, he has been working on cryptographic enforcement of access control in Accumulo. — More Information — For more information see http://www.accumulosummit.com/

Data & Analytics
1 of 24
Download to read offline
Cryptographically Securing Accumulo Scott Ruoti Robert K. Cunningham, Emily Shen, Cassandra Sparks, Leo St. Amour October 11, 2016 DISTRIBUTION STATEMENT A. Approved for public release: distribution unlimited. This material is based upon work supported by the Department of Defense under Air Force Contract No. FA8721-05-C-0002 and/or FA8702-15-D-0001. Any opinions, findings, conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the Department of Defense. © 2016 Massachusetts Institute of Technology. Delivered to the U.S. Government with Unlimited Rights, as defined in DFARS Part 252.227-7013 or 7014 (Feb 2014). Notwithstanding any copyright notice, U.S. Government rights in this work are defined by DFARS 252.227-7013 or DFARS 252.227-7014 as detailed above. Use of this work other than as specifically authorized by the U.S. Government may violate any copyrights that exist in this work.
Accumulo Summit 2016 - CEABAC - 2 SIR 10/11/16 Malicious Administrator Querying Clients Threats to Accumulo Network Data Sources System Administrator Threat 1: Malicious clients Threat 2: External attacker Threat 3: Malicious cloud or admins • Make unauthorized queries • Learn stored data • Learn other clients’ queries • Insert malware • Hack or compromise system • Learn contents of data & queries • Modify, forge, or delete data • Misattribute data to honest clients Our focus: security against a malicious cloud or system administrators
Accumulo Summit 2016 - CEABAC - 3 SIR 10/11/16 Existing Safe Guards Querying Clients Network Data Sources Data in motion encryption Accumulo provides no safeguards! Data at rest encryption Malicious Administrator
Accumulo Summit 2016 - CEABAC - 4 SIR 10/11/16 Our Work Querying Clients Network Data Sources Digital signatures Field-level encryption Verifiable query results Our approach: cryptographically securing against malicious insiders Cryptographically enforced access control Malicious Administrator
Accumulo Summit 2016 - CEABAC - 5 SIR 10/11/16 Project Status • Implementation nearing completion • Releasing soon – Drop-in compatibility with Accumulo • Goal: to obtain community feedback and involvement
Accumulo Summit 2016 - CEABAC - 6 SIR 10/11/16 Outline • Overview • Securing Accumulo – Field-level encryption – CEABAC – Key infrastructure • “How can I use it?” • Wrap-up
Accumulo Summit 2016 - CEABAC - 7 SIR 10/11/16 Field-level Encryption • Problem: administrator can read the data stored in Accumulo • Solution: encrypt the data stored in Accumulo – Only clients with the appropriate keys can read the data
Accumulo Summit 2016 - CEABAC - 8 SIR 10/11/16 • Entries in Accumulo are broken up into multiple fields Accumulo Entries Key Value Row Column Visibility Permit equality and range queries, likely to be sensitive Used by server for access control Unstructured, likely to be sensitive Value
Accumulo Summit 2016 - CEABAC - 9 SIR 10/11/16 Encryption Techniques No Encryption Deterministic Encryption Semantically Secure Encryption Security No security guarantees Limited confidentiality May leak information about the plaintext Confidentiality Query Performance Results can be filtered server-side Limited server-side filtering of results Client must retrieve all rows and filter locally DET Sem
Accumulo Summit 2016 - CEABAC - 10 SIR 10/11/16 • Allow developers to configure how to encrypt each field • Example: sensitive row, column, and value – Deterministic encryption on the row and column for targeted keyword search – Authenticated encryption on the value Row Column Visibility Value Patient 1 diagnosis doctor … Configurable Encryption DET SemDET
Accumulo Summit 2016 - CEABAC - 11 SIR 10/11/16 • Problem: malicious administrator can incorrectly enforce visibility constraints • Solution: encrypt fields based on the visibility expression – Only clients with appropriate attributes can read the data Patient 1, diagnosis? Access Control Row Column Visibility Value Patient 1 Diagnosis (Nurse& ER)|Doctor … Doctor Diagnosis data Patient 1, diagnosis? No results Patient 1, diagnosis? Diagnosis data Clerk
Accumulo Summit 2016 - CEABAC - 12 SIR 10/11/16 Cryptographically Enforced Attribute-Based Access Control (CEABAC) Row Column Visibility Value Patient 1 Diagnosis (Nurse&ER) |Doctor OR Doctor Nurse ER AND Field Key Attribute Keys Row Column Visibility Value Patient 1 Diagnosis (Nurse&ER)|Doct or … Additional storage linear in size of visibility field
Accumulo Summit 2016 - CEABAC - 13 SIR 10/11/16 Key Management • Generation – Field-level encryption keys – CEABAC attribute keys • Distribution – Ensure only correct individuals have access to keys • Revocation – Remove access to data encrypted after the revocation
Accumulo Summit 2016 - CEABAC - 14 SIR 10/11/16 Key Management Life Cycle User Information Key Generation Step 1: generate keys for a given user Key Storage Step 2: wrap keys with users’public keys and insert them into a trusted key store ClientsAPI Step 3: clients fetch their keys from the store as needed Step 4: when a key is revoked, generate a new version and add it to the key store
Accumulo Summit 2016 - CEABAC - 15 SIR 10/11/16 Outline • Overview • Securing Accumulo • “How can I use it?” • Wrap-up
Accumulo Summit 2016 - CEABAC - 16 SIR 10/11/16 Java Library • Accumulo 1.8 • EncryptedBatchWriter – Drop-in replacement for BatchWriter • EncryptedBatchScanner – Drop-in replacement for BatchScanner – Support server-side filtering • EntryEncryptorConfiguration and FieldEncryptorConfiguration – Comes with example configurations – Configurable using INI files
Accumulo Summit 2016 - CEABAC - 17 SIR 10/11/16 Example Code EncryptionKeyContainer keys = ...; BatchWriterConfig bwConfig = ... ; EncryptionConfig config = EncryptionConfig.read(new FileReader("config.ini")); EncryptedBatchWriter writer = new EncryptedBatchWriter(conn, "medical", bwConfig, config, keys); Mutation mutation = new Mutation(new Text("medical")); mutation.put(new Text("Patient 1"), new Text("diagnosis"), new ColumnVisibility("doctor"), diagnosisBytes); writer.add(mutation); writer.close(); Config [row] algorithm = AES_DET_CBC key_id = row_key key_length = 256 sources = row [colFamily] algorithm = AES_DET_CBC key_id = col_key sources = colFamily, colQualifier [value] algorithm = AES_GCM sources = value
Accumulo Summit 2016 - CEABAC - 18 SIR 10/11/16 Key Infrastructure • EncryptKeyContainer – Interface • We will provide reference implementation and key server – Use it, modify it, roll your own – Should be run on a trusted system
Accumulo Summit 2016 - CEABAC - 19 SIR 10/11/16 Availability • In the process of getting this work open sourced • Python prototype library – Most of the features from the Java library – Coming soon • Java library – 2017 – Comes with examples • Reference key server – 2017
Accumulo Summit 2016 - CEABAC - 20 SIR 10/11/16 Outline • Overview • Securing Accumulo • “How can I use it?” • Wrap-up
Accumulo Summit 2016 - CEABAC - 21 SIR 10/11/16 • Field-level encryption – Deterministic encryption must be used with caution • CEABAC – Encrypted data cannot be filtered server side (e.g., ScannerBase.setRanges) – Encrypting user must have all the attributes that make up the visibility expression – Susceptible to collusion Limitations A B AND A B
Accumulo Summit 2016 - CEABAC - 22 SIR 10/11/16 Future Work • Integrate with other work on cryptographically securing Accumulo – Integrity of data (signatures) – Completeness of query results (authenticated data structures) • Optimizations – Increase the speed of field-level encryption and CEABAC – Reduce storage overhead for CEABAC – Reduce storage overhead of the key server • New features – Cryptographically enforce query policies – Alternative methods for enforcing visibility
Accumulo Summit 2016 - CEABAC - 23 SIR 10/11/16 Participation from the Community • Open source project – New features – Optimizations – Maintenance • Implemented inside of Accumulo code base – More elegant – Higher performance
Accumulo Summit 2016 - CEABAC - 24 SIR 10/11/16 Conclusion • Protects Accumulo from a malicious or compromised server – Field-level encryption – Cryptographically Enforced Attribute-Based Access Control (CEABAC) • We want to start building community engagement – Contact pace-contact@ll.mit.edu to be notified when the code is open-sourced Questions?

Recommended

Accumulo Summit 2016: Timely - Scalable Secure Time Series Database
Accumulo Summit 2016: Timely - Scalable Secure Time Series DatabaseAccumulo Summit 2016: Timely - Scalable Secure Time Series Database
Accumulo Summit 2016: Timely - Scalable Secure Time Series Database
Accumulo Summit
 
Accumulo Summit 2016: Embedding Authenticated Data Structures in Accumulo
Accumulo Summit 2016: Embedding Authenticated Data Structures in AccumuloAccumulo Summit 2016: Embedding Authenticated Data Structures in Accumulo
Accumulo Summit 2016: Embedding Authenticated Data Structures in Accumulo
Accumulo Summit
 
Add Horsepower to AI/ML streaming Pipeline - Pulsar Summit NA 2021
Add Horsepower to AI/ML streaming Pipeline - Pulsar Summit NA 2021Add Horsepower to AI/ML streaming Pipeline - Pulsar Summit NA 2021
Add Horsepower to AI/ML streaming Pipeline - Pulsar Summit NA 2021
StreamNative
 
University of Oxford: building a next generation SIEM
University of Oxford: building a next generation SIEMUniversity of Oxford: building a next generation SIEM
University of Oxford: building a next generation SIEM
Elasticsearch
 
Detecting Hacks: Anomaly Detection on Networking Data
Detecting Hacks: Anomaly Detection on Networking DataDetecting Hacks: Anomaly Detection on Networking Data
Detecting Hacks: Anomaly Detection on Networking Data
DataWorks Summit
 
Cooperative Data Exploration with iPython Notebook
Cooperative Data Exploration with iPython NotebookCooperative Data Exploration with iPython Notebook
Cooperative Data Exploration with iPython Notebook
DataWorks Summit/Hadoop Summit
 
Monitoring federation open stack infrastructure
Monitoring federation open stack infrastructureMonitoring federation open stack infrastructure
Monitoring federation open stack infrastructure
Fernando Lopez Aguilar
 
Optimizing Elastic for Search at McQueen Solutions
Optimizing Elastic for Search at McQueen SolutionsOptimizing Elastic for Search at McQueen Solutions
Optimizing Elastic for Search at McQueen Solutions
Elasticsearch
 

Recommended

Accumulo Summit 2016: Timely - Scalable Secure Time Series Database
Accumulo Summit 2016: Timely - Scalable Secure Time Series DatabaseAccumulo Summit 2016: Timely - Scalable Secure Time Series Database
Accumulo Summit 2016: Timely - Scalable Secure Time Series Database
Accumulo Summit
 
Accumulo Summit 2016: Embedding Authenticated Data Structures in Accumulo
Accumulo Summit 2016: Embedding Authenticated Data Structures in AccumuloAccumulo Summit 2016: Embedding Authenticated Data Structures in Accumulo
Accumulo Summit 2016: Embedding Authenticated Data Structures in Accumulo
Accumulo Summit
 
Add Horsepower to AI/ML streaming Pipeline - Pulsar Summit NA 2021
Add Horsepower to AI/ML streaming Pipeline - Pulsar Summit NA 2021Add Horsepower to AI/ML streaming Pipeline - Pulsar Summit NA 2021
Add Horsepower to AI/ML streaming Pipeline - Pulsar Summit NA 2021
StreamNative
 
University of Oxford: building a next generation SIEM
University of Oxford: building a next generation SIEMUniversity of Oxford: building a next generation SIEM
University of Oxford: building a next generation SIEM
Elasticsearch
 
Detecting Hacks: Anomaly Detection on Networking Data
Detecting Hacks: Anomaly Detection on Networking DataDetecting Hacks: Anomaly Detection on Networking Data
Detecting Hacks: Anomaly Detection on Networking Data
DataWorks Summit
 
Cooperative Data Exploration with iPython Notebook
Cooperative Data Exploration with iPython NotebookCooperative Data Exploration with iPython Notebook
Cooperative Data Exploration with iPython Notebook
DataWorks Summit/Hadoop Summit
 
Monitoring federation open stack infrastructure
Monitoring federation open stack infrastructureMonitoring federation open stack infrastructure
Monitoring federation open stack infrastructure
Fernando Lopez Aguilar
 
Optimizing Elastic for Search at McQueen Solutions
Optimizing Elastic for Search at McQueen SolutionsOptimizing Elastic for Search at McQueen Solutions
Optimizing Elastic for Search at McQueen Solutions
Elasticsearch
 
Efficiently Triaging CI Pipelines with Apache Spark: Mixing 52 Billion Events...
Efficiently Triaging CI Pipelines with Apache Spark: Mixing 52 Billion Events...Efficiently Triaging CI Pipelines with Apache Spark: Mixing 52 Billion Events...
Efficiently Triaging CI Pipelines with Apache Spark: Mixing 52 Billion Events...
Databricks
 
Introduction to Distributed Tracing
Introduction to Distributed TracingIntroduction to Distributed Tracing
Introduction to Distributed Tracing
petabridge
 
Log System As Backbone – How We Built the World’s Most Advanced Vector Databa...
Log System As Backbone – How We Built the World’s Most Advanced Vector Databa...Log System As Backbone – How We Built the World’s Most Advanced Vector Databa...
Log System As Backbone – How We Built the World’s Most Advanced Vector Databa...
StreamNative
 
Flink vs. Spark
Flink vs. SparkFlink vs. Spark
Flink vs. Spark
Slim Baltagi
 
Distributed Tracing
Distributed TracingDistributed Tracing
Distributed Tracing
Kevin Ingelman
 
Cooperative Task Execution for Apache Spark
Cooperative Task Execution for Apache SparkCooperative Task Execution for Apache Spark
Cooperative Task Execution for Apache Spark
Databricks
 
Pulsar summit asia 2021 apache pulsar with mqtt for edge computing
Pulsar summit asia 2021 apache pulsar with mqtt for edge computingPulsar summit asia 2021 apache pulsar with mqtt for edge computing
Pulsar summit asia 2021 apache pulsar with mqtt for edge computing
Timothy Spann
 
Jim Dowling – Interactive Flink analytics with HopsWorks and Zeppelin
Jim Dowling – Interactive Flink analytics with HopsWorks and ZeppelinJim Dowling – Interactive Flink analytics with HopsWorks and Zeppelin
Jim Dowling – Interactive Flink analytics with HopsWorks and Zeppelin
Flink Forward
 
Nephee Framework Design Ver2
Nephee Framework Design Ver2Nephee Framework Design Ver2
Nephee Framework Design Ver2
창배 최
 
Baymeetup-FlinkResearch
Baymeetup-FlinkResearchBaymeetup-FlinkResearch
Baymeetup-FlinkResearch
Foo Sounds
 
Open Stack and SDN
Open Stack and SDNOpen Stack and SDN
Open Stack and SDN
Scott Raynovich
 
Data Pipeline with Kafka
Data Pipeline with KafkaData Pipeline with Kafka
Data Pipeline with Kafka
Peerapat Asoktummarungsri
 
Distributed Tracing
Distributed TracingDistributed Tracing
Distributed Tracing
soasme
 
Apache Flink community Update for March 2016 - Slim Baltagi
Apache Flink community Update for March 2016 - Slim BaltagiApache Flink community Update for March 2016 - Slim Baltagi
Apache Flink community Update for March 2016 - Slim Baltagi
Slim Baltagi
 
Building Reactive Real-time Data Pipeline
Building Reactive Real-time Data PipelineBuilding Reactive Real-time Data Pipeline
Building Reactive Real-time Data Pipeline
Trieu Nguyen
 
Kapacitor Manager
Kapacitor ManagerKapacitor Manager
Kapacitor Manager
InfluxData
 
Oracle GoldenGate and Apache Kafka A Deep Dive Into Real-Time Data Streaming
Oracle GoldenGate and Apache Kafka A Deep Dive Into Real-Time Data StreamingOracle GoldenGate and Apache Kafka A Deep Dive Into Real-Time Data Streaming
Oracle GoldenGate and Apache Kafka A Deep Dive Into Real-Time Data Streaming
Michael Rainey
 
Spark Summit EU talk by Sebastian Schroeder and Ralf Sigmund
Spark Summit EU talk by Sebastian Schroeder and Ralf SigmundSpark Summit EU talk by Sebastian Schroeder and Ralf Sigmund
Spark Summit EU talk by Sebastian Schroeder and Ralf Sigmund
Spark Summit
 
Using the FLaNK Stack for edge ai (flink, nifi, kafka, kudu)
Using the FLaNK Stack for edge ai (flink, nifi, kafka, kudu)Using the FLaNK Stack for edge ai (flink, nifi, kafka, kudu)
Using the FLaNK Stack for edge ai (flink, nifi, kafka, kudu)
Timothy Spann
 
Hadoop summit - Scaling Uber’s Real-Time Infra for Trillion Events per Day
Hadoop summit - Scaling Uber’s Real-Time Infra for Trillion Events per DayHadoop summit - Scaling Uber’s Real-Time Infra for Trillion Events per Day
Hadoop summit - Scaling Uber’s Real-Time Infra for Trillion Events per Day
Ankur Bansal
 
Null 11 june_Malware CNC: Advance Evasion techniques_by Avkash k and dhawal shah
Null 11 june_Malware CNC: Advance Evasion techniques_by Avkash k and dhawal shahNull 11 june_Malware CNC: Advance Evasion techniques_by Avkash k and dhawal shah
Null 11 june_Malware CNC: Advance Evasion techniques_by Avkash k and dhawal shah
nullowaspmumbai
 
Advance Malware CnC by Avkash k and dhawal shah
Advance Malware CnC by Avkash k and dhawal shahAdvance Malware CnC by Avkash k and dhawal shah
Advance Malware CnC by Avkash k and dhawal shah
Avkash Kathiriya
 

More Related Content

What's hot

Efficiently Triaging CI Pipelines with Apache Spark: Mixing 52 Billion Events...
Efficiently Triaging CI Pipelines with Apache Spark: Mixing 52 Billion Events...Efficiently Triaging CI Pipelines with Apache Spark: Mixing 52 Billion Events...
Efficiently Triaging CI Pipelines with Apache Spark: Mixing 52 Billion Events...
Databricks
 
Introduction to Distributed Tracing
Introduction to Distributed TracingIntroduction to Distributed Tracing
Introduction to Distributed Tracing
petabridge
 
Log System As Backbone – How We Built the World’s Most Advanced Vector Databa...
Log System As Backbone – How We Built the World’s Most Advanced Vector Databa...Log System As Backbone – How We Built the World’s Most Advanced Vector Databa...
Log System As Backbone – How We Built the World’s Most Advanced Vector Databa...
StreamNative
 
Flink vs. Spark
Flink vs. SparkFlink vs. Spark
Flink vs. Spark
Slim Baltagi
 
Distributed Tracing
Distributed TracingDistributed Tracing
Distributed Tracing
Kevin Ingelman
 
Cooperative Task Execution for Apache Spark
Cooperative Task Execution for Apache SparkCooperative Task Execution for Apache Spark
Cooperative Task Execution for Apache Spark
Databricks
 
Pulsar summit asia 2021 apache pulsar with mqtt for edge computing
Pulsar summit asia 2021 apache pulsar with mqtt for edge computingPulsar summit asia 2021 apache pulsar with mqtt for edge computing
Pulsar summit asia 2021 apache pulsar with mqtt for edge computing
Timothy Spann
 
Jim Dowling – Interactive Flink analytics with HopsWorks and Zeppelin
Jim Dowling – Interactive Flink analytics with HopsWorks and ZeppelinJim Dowling – Interactive Flink analytics with HopsWorks and Zeppelin
Jim Dowling – Interactive Flink analytics with HopsWorks and Zeppelin
Flink Forward
 
Nephee Framework Design Ver2
Nephee Framework Design Ver2Nephee Framework Design Ver2
Nephee Framework Design Ver2
창배 최
 
Baymeetup-FlinkResearch
Baymeetup-FlinkResearchBaymeetup-FlinkResearch
Baymeetup-FlinkResearch
Foo Sounds
 
Open Stack and SDN
Open Stack and SDNOpen Stack and SDN
Open Stack and SDN
Scott Raynovich
 
Data Pipeline with Kafka
Data Pipeline with KafkaData Pipeline with Kafka
Data Pipeline with Kafka
Peerapat Asoktummarungsri
 
Distributed Tracing
Distributed TracingDistributed Tracing
Distributed Tracing
soasme
 
Apache Flink community Update for March 2016 - Slim Baltagi
Apache Flink community Update for March 2016 - Slim BaltagiApache Flink community Update for March 2016 - Slim Baltagi
Apache Flink community Update for March 2016 - Slim Baltagi
Slim Baltagi
 
Building Reactive Real-time Data Pipeline
Building Reactive Real-time Data PipelineBuilding Reactive Real-time Data Pipeline
Building Reactive Real-time Data Pipeline
Trieu Nguyen
 
Kapacitor Manager
Kapacitor ManagerKapacitor Manager
Kapacitor Manager
InfluxData
 
Oracle GoldenGate and Apache Kafka A Deep Dive Into Real-Time Data Streaming
Oracle GoldenGate and Apache Kafka A Deep Dive Into Real-Time Data StreamingOracle GoldenGate and Apache Kafka A Deep Dive Into Real-Time Data Streaming
Oracle GoldenGate and Apache Kafka A Deep Dive Into Real-Time Data Streaming
Michael Rainey
 
Spark Summit EU talk by Sebastian Schroeder and Ralf Sigmund
Spark Summit EU talk by Sebastian Schroeder and Ralf SigmundSpark Summit EU talk by Sebastian Schroeder and Ralf Sigmund
Spark Summit EU talk by Sebastian Schroeder and Ralf Sigmund
Spark Summit
 
Using the FLaNK Stack for edge ai (flink, nifi, kafka, kudu)
Using the FLaNK Stack for edge ai (flink, nifi, kafka, kudu)Using the FLaNK Stack for edge ai (flink, nifi, kafka, kudu)
Using the FLaNK Stack for edge ai (flink, nifi, kafka, kudu)
Timothy Spann
 
Hadoop summit - Scaling Uber’s Real-Time Infra for Trillion Events per Day
Hadoop summit - Scaling Uber’s Real-Time Infra for Trillion Events per DayHadoop summit - Scaling Uber’s Real-Time Infra for Trillion Events per Day
Hadoop summit - Scaling Uber’s Real-Time Infra for Trillion Events per Day
Ankur Bansal
 

What's hot (20)

Efficiently Triaging CI Pipelines with Apache Spark: Mixing 52 Billion Events...
Efficiently Triaging CI Pipelines with Apache Spark: Mixing 52 Billion Events...Efficiently Triaging CI Pipelines with Apache Spark: Mixing 52 Billion Events...
Efficiently Triaging CI Pipelines with Apache Spark: Mixing 52 Billion Events...
 
Introduction to Distributed Tracing
Introduction to Distributed TracingIntroduction to Distributed Tracing
Introduction to Distributed Tracing
 
Log System As Backbone – How We Built the World’s Most Advanced Vector Databa...
Log System As Backbone – How We Built the World’s Most Advanced Vector Databa...Log System As Backbone – How We Built the World’s Most Advanced Vector Databa...
Log System As Backbone – How We Built the World’s Most Advanced Vector Databa...
 
Flink vs. Spark
Flink vs. SparkFlink vs. Spark
Flink vs. Spark
 
Distributed Tracing
Distributed TracingDistributed Tracing
Distributed Tracing
 
Cooperative Task Execution for Apache Spark
Cooperative Task Execution for Apache SparkCooperative Task Execution for Apache Spark
Cooperative Task Execution for Apache Spark
 
Pulsar summit asia 2021 apache pulsar with mqtt for edge computing
Pulsar summit asia 2021 apache pulsar with mqtt for edge computingPulsar summit asia 2021 apache pulsar with mqtt for edge computing
Pulsar summit asia 2021 apache pulsar with mqtt for edge computing
 
Jim Dowling – Interactive Flink analytics with HopsWorks and Zeppelin
Jim Dowling – Interactive Flink analytics with HopsWorks and ZeppelinJim Dowling – Interactive Flink analytics with HopsWorks and Zeppelin
Jim Dowling – Interactive Flink analytics with HopsWorks and Zeppelin
 
Nephee Framework Design Ver2
Nephee Framework Design Ver2Nephee Framework Design Ver2
Nephee Framework Design Ver2
 
Baymeetup-FlinkResearch
Baymeetup-FlinkResearchBaymeetup-FlinkResearch
Baymeetup-FlinkResearch
 
Open Stack and SDN
Open Stack and SDNOpen Stack and SDN
Open Stack and SDN
 
Data Pipeline with Kafka
Data Pipeline with KafkaData Pipeline with Kafka
Data Pipeline with Kafka
 
Distributed Tracing
Distributed TracingDistributed Tracing
Distributed Tracing
 
Apache Flink community Update for March 2016 - Slim Baltagi
Apache Flink community Update for March 2016 - Slim BaltagiApache Flink community Update for March 2016 - Slim Baltagi
Apache Flink community Update for March 2016 - Slim Baltagi
 
Building Reactive Real-time Data Pipeline
Building Reactive Real-time Data PipelineBuilding Reactive Real-time Data Pipeline
Building Reactive Real-time Data Pipeline
 
Kapacitor Manager
Kapacitor ManagerKapacitor Manager
Kapacitor Manager
 
Oracle GoldenGate and Apache Kafka A Deep Dive Into Real-Time Data Streaming
Oracle GoldenGate and Apache Kafka A Deep Dive Into Real-Time Data StreamingOracle GoldenGate and Apache Kafka A Deep Dive Into Real-Time Data Streaming
Oracle GoldenGate and Apache Kafka A Deep Dive Into Real-Time Data Streaming
 
Spark Summit EU talk by Sebastian Schroeder and Ralf Sigmund
Spark Summit EU talk by Sebastian Schroeder and Ralf SigmundSpark Summit EU talk by Sebastian Schroeder and Ralf Sigmund
Spark Summit EU talk by Sebastian Schroeder and Ralf Sigmund
 
Using the FLaNK Stack for edge ai (flink, nifi, kafka, kudu)
Using the FLaNK Stack for edge ai (flink, nifi, kafka, kudu)Using the FLaNK Stack for edge ai (flink, nifi, kafka, kudu)
Using the FLaNK Stack for edge ai (flink, nifi, kafka, kudu)
 
Hadoop summit - Scaling Uber’s Real-Time Infra for Trillion Events per Day
Hadoop summit - Scaling Uber’s Real-Time Infra for Trillion Events per DayHadoop summit - Scaling Uber’s Real-Time Infra for Trillion Events per Day
Hadoop summit - Scaling Uber’s Real-Time Infra for Trillion Events per Day
 

Similar to Accumulo Summit 2016: Cryptographically Enforcing Visibility Fields

Null 11 june_Malware CNC: Advance Evasion techniques_by Avkash k and dhawal shah
Null 11 june_Malware CNC: Advance Evasion techniques_by Avkash k and dhawal shahNull 11 june_Malware CNC: Advance Evasion techniques_by Avkash k and dhawal shah
Null 11 june_Malware CNC: Advance Evasion techniques_by Avkash k and dhawal shah
nullowaspmumbai
 
Advance Malware CnC by Avkash k and dhawal shah
Advance Malware CnC by Avkash k and dhawal shahAdvance Malware CnC by Avkash k and dhawal shah
Advance Malware CnC by Avkash k and dhawal shah
Avkash Kathiriya
 
CisCon 2018 - Analytics per Storage Area Networks
CisCon 2018 - Analytics per Storage Area NetworksCisCon 2018 - Analytics per Storage Area Networks
CisCon 2018 - Analytics per Storage Area Networks
AreaNetworking.it
 
AUTH - SEAF
AUTH - SEAFAUTH - SEAF
AUTH - SEAF
Caroline Milne
 
Scott Hogg - Gtri cloud security knowledge and certs
Scott Hogg - Gtri cloud security knowledge and certsScott Hogg - Gtri cloud security knowledge and certs
Scott Hogg - Gtri cloud security knowledge and certs
Trish McGinity, CCSK
 
Cisco Connect Vancouver 2017 - Putting firepower into the next generation fir...
Cisco Connect Vancouver 2017 - Putting firepower into the next generation fir...Cisco Connect Vancouver 2017 - Putting firepower into the next generation fir...
Cisco Connect Vancouver 2017 - Putting firepower into the next generation fir...
Cisco Canada
 
Palo alto networks pcnse6 study guide feb 2015
Palo alto networks pcnse6 study guide feb 2015Palo alto networks pcnse6 study guide feb 2015
Palo alto networks pcnse6 study guide feb 2015
Silva_2
 
Cisco connect winnipeg 2018 putting firepower into the next generation fire...
Cisco connect winnipeg 2018 putting firepower into the next generation fire...Cisco connect winnipeg 2018 putting firepower into the next generation fire...
Cisco connect winnipeg 2018 putting firepower into the next generation fire...
Cisco Canada
 
Putting firepower into the next generation firewall
Putting firepower into the next generation firewallPutting firepower into the next generation firewall
Putting firepower into the next generation firewall
Cisco Canada
 
How DBAs can garner the power of the Oracle Public Cloud?
How DBAs can garner the power of the Oracle Public Cloud?How DBAs can garner the power of the Oracle Public Cloud?
How DBAs can garner the power of the Oracle Public Cloud?
Gustavo Rene Antunez
 
Putting Firepower Into The Next Generation Firewall
Putting Firepower Into The Next Generation FirewallPutting Firepower Into The Next Generation Firewall
Putting Firepower Into The Next Generation Firewall
Cisco Canada
 
Security and Virtualization in the Data Center
Security and Virtualization in the Data CenterSecurity and Virtualization in the Data Center
Security and Virtualization in the Data Center
Cisco Canada
 
A Data Privacy and Security by Design Platform‐as‐a‐Service Framework
A Data Privacy and Security by Design Platform‐as‐a‐Service FrameworkA Data Privacy and Security by Design Platform‐as‐a‐Service Framework
A Data Privacy and Security by Design Platform‐as‐a‐Service Framework
PaaSword EU Project
 
Pre-Con Ed: CA Software Asset Management - Key Customer Topics
Pre-Con Ed: CA Software Asset Management - Key Customer TopicsPre-Con Ed: CA Software Asset Management - Key Customer Topics
Pre-Con Ed: CA Software Asset Management - Key Customer Topics
CA Technologies
 
OSACon 2023_ Unlocking Financial Data with Real-Time Pipelines
OSACon 2023_ Unlocking Financial Data with Real-Time PipelinesOSACon 2023_ Unlocking Financial Data with Real-Time Pipelines
OSACon 2023_ Unlocking Financial Data with Real-Time Pipelines
Timothy Spann
 
Putting Firepower into the Next Generation Firewall
Putting Firepower into the Next Generation FirewallPutting Firepower into the Next Generation Firewall
Putting Firepower into the Next Generation Firewall
Cisco Canada
 
AWS Frederick Meetup 07192016
AWS Frederick Meetup 07192016AWS Frederick Meetup 07192016
AWS Frederick Meetup 07192016
Gaurav "GP" Pal
 
AWS Security Best Practices, SaaS and Compliance
AWS Security Best Practices, SaaS and ComplianceAWS Security Best Practices, SaaS and Compliance
AWS Security Best Practices, SaaS and Compliance
Gaurav "GP" Pal
 
XPDS16: Making Migration More Secure - John Shackleton, Adventium Labs
XPDS16: Making Migration More Secure - John Shackleton, Adventium LabsXPDS16: Making Migration More Secure - John Shackleton, Adventium Labs
XPDS16: Making Migration More Secure - John Shackleton, Adventium Labs
The Linux Foundation
 
Building Real-time Pipelines with FLaNK_ A Case Study with Transit Data
Building Real-time Pipelines with FLaNK_ A Case Study with Transit DataBuilding Real-time Pipelines with FLaNK_ A Case Study with Transit Data
Building Real-time Pipelines with FLaNK_ A Case Study with Transit Data
Timothy Spann
 

Similar to Accumulo Summit 2016: Cryptographically Enforcing Visibility Fields (20)

Null 11 june_Malware CNC: Advance Evasion techniques_by Avkash k and dhawal shah
Null 11 june_Malware CNC: Advance Evasion techniques_by Avkash k and dhawal shahNull 11 june_Malware CNC: Advance Evasion techniques_by Avkash k and dhawal shah
Null 11 june_Malware CNC: Advance Evasion techniques_by Avkash k and dhawal shah
 
Advance Malware CnC by Avkash k and dhawal shah
Advance Malware CnC by Avkash k and dhawal shahAdvance Malware CnC by Avkash k and dhawal shah
Advance Malware CnC by Avkash k and dhawal shah
 
CisCon 2018 - Analytics per Storage Area Networks
CisCon 2018 - Analytics per Storage Area NetworksCisCon 2018 - Analytics per Storage Area Networks
CisCon 2018 - Analytics per Storage Area Networks
 
AUTH - SEAF
AUTH - SEAFAUTH - SEAF
AUTH - SEAF
 
Scott Hogg - Gtri cloud security knowledge and certs
Scott Hogg - Gtri cloud security knowledge and certsScott Hogg - Gtri cloud security knowledge and certs
Scott Hogg - Gtri cloud security knowledge and certs
 
Cisco Connect Vancouver 2017 - Putting firepower into the next generation fir...
Cisco Connect Vancouver 2017 - Putting firepower into the next generation fir...Cisco Connect Vancouver 2017 - Putting firepower into the next generation fir...
Cisco Connect Vancouver 2017 - Putting firepower into the next generation fir...
 
Palo alto networks pcnse6 study guide feb 2015
Palo alto networks pcnse6 study guide feb 2015Palo alto networks pcnse6 study guide feb 2015
Palo alto networks pcnse6 study guide feb 2015
 
Cisco connect winnipeg 2018 putting firepower into the next generation fire...
Cisco connect winnipeg 2018 putting firepower into the next generation fire...Cisco connect winnipeg 2018 putting firepower into the next generation fire...
Cisco connect winnipeg 2018 putting firepower into the next generation fire...
 
Putting firepower into the next generation firewall
Putting firepower into the next generation firewallPutting firepower into the next generation firewall
Putting firepower into the next generation firewall
 
How DBAs can garner the power of the Oracle Public Cloud?
How DBAs can garner the power of the Oracle Public Cloud?How DBAs can garner the power of the Oracle Public Cloud?
How DBAs can garner the power of the Oracle Public Cloud?
 
Putting Firepower Into The Next Generation Firewall
Putting Firepower Into The Next Generation FirewallPutting Firepower Into The Next Generation Firewall
Putting Firepower Into The Next Generation Firewall
 
Security and Virtualization in the Data Center
Security and Virtualization in the Data CenterSecurity and Virtualization in the Data Center
Security and Virtualization in the Data Center
 
A Data Privacy and Security by Design Platform‐as‐a‐Service Framework
A Data Privacy and Security by Design Platform‐as‐a‐Service FrameworkA Data Privacy and Security by Design Platform‐as‐a‐Service Framework
A Data Privacy and Security by Design Platform‐as‐a‐Service Framework
 
Pre-Con Ed: CA Software Asset Management - Key Customer Topics
Pre-Con Ed: CA Software Asset Management - Key Customer TopicsPre-Con Ed: CA Software Asset Management - Key Customer Topics
Pre-Con Ed: CA Software Asset Management - Key Customer Topics
 
OSACon 2023_ Unlocking Financial Data with Real-Time Pipelines
OSACon 2023_ Unlocking Financial Data with Real-Time PipelinesOSACon 2023_ Unlocking Financial Data with Real-Time Pipelines
OSACon 2023_ Unlocking Financial Data with Real-Time Pipelines
 
Putting Firepower into the Next Generation Firewall
Putting Firepower into the Next Generation FirewallPutting Firepower into the Next Generation Firewall
Putting Firepower into the Next Generation Firewall
 
AWS Frederick Meetup 07192016
AWS Frederick Meetup 07192016AWS Frederick Meetup 07192016
AWS Frederick Meetup 07192016
 
AWS Security Best Practices, SaaS and Compliance
AWS Security Best Practices, SaaS and ComplianceAWS Security Best Practices, SaaS and Compliance
AWS Security Best Practices, SaaS and Compliance
 
XPDS16: Making Migration More Secure - John Shackleton, Adventium Labs
XPDS16: Making Migration More Secure - John Shackleton, Adventium LabsXPDS16: Making Migration More Secure - John Shackleton, Adventium Labs
XPDS16: Making Migration More Secure - John Shackleton, Adventium Labs
 
Building Real-time Pipelines with FLaNK_ A Case Study with Transit Data
Building Real-time Pipelines with FLaNK_ A Case Study with Transit DataBuilding Real-time Pipelines with FLaNK_ A Case Study with Transit Data
Building Real-time Pipelines with FLaNK_ A Case Study with Transit Data
 

Recently uploaded

一比一原版(UMN文凭证书)明尼苏达大学毕业证如何办理
一比一原版(UMN文凭证书)明尼苏达大学毕业证如何办理一比一原版(UMN文凭证书)明尼苏达大学毕业证如何办理
一比一原版(UMN文凭证书)明尼苏达大学毕业证如何办理
nyfuhyz
 
ViewShift: Hassle-free Dynamic Policy Enforcement for Every Data Lake
ViewShift: Hassle-free Dynamic Policy Enforcement for Every Data LakeViewShift: Hassle-free Dynamic Policy Enforcement for Every Data Lake
ViewShift: Hassle-free Dynamic Policy Enforcement for Every Data Lake
Walaa Eldin Moustafa
 
06-12-2024-BudapestDataForum-BuildingReal-timePipelineswithFLaNK AIM
06-12-2024-BudapestDataForum-BuildingReal-timePipelineswithFLaNK AIM06-12-2024-BudapestDataForum-BuildingReal-timePipelineswithFLaNK AIM
06-12-2024-BudapestDataForum-BuildingReal-timePipelineswithFLaNK AIM
Timothy Spann
 
University of New South Wales degree offer diploma Transcript
University of New South Wales degree offer diploma TranscriptUniversity of New South Wales degree offer diploma Transcript
University of New South Wales degree offer diploma Transcript
soxrziqu
 
一比一原版巴斯大学毕业证(Bath毕业证书)学历如何办理
一比一原版巴斯大学毕业证(Bath毕业证书)学历如何办理一比一原版巴斯大学毕业证(Bath毕业证书)学历如何办理
一比一原版巴斯大学毕业证(Bath毕业证书)学历如何办理
y3i0qsdzb
 
在线办理(英国UCA毕业证书)创意艺术大学毕业证在读证明一模一样
在线办理(英国UCA毕业证书)创意艺术大学毕业证在读证明一模一样在线办理(英国UCA毕业证书)创意艺术大学毕业证在读证明一模一样
在线办理(英国UCA毕业证书)创意艺术大学毕业证在读证明一模一样
v7oacc3l
 
一比一原版(UO毕业证)渥太华大学毕业证如何办理
一比一原版(UO毕业证)渥太华大学毕业证如何办理一比一原版(UO毕业证)渥太华大学毕业证如何办理
一比一原版(UO毕业证)渥太华大学毕业证如何办理
aqzctr7x
 
一比一原版(CU毕业证)卡尔顿大学毕业证如何办理
一比一原版(CU毕业证)卡尔顿大学毕业证如何办理一比一原版(CU毕业证)卡尔顿大学毕业证如何办理
一比一原版(CU毕业证)卡尔顿大学毕业证如何办理
bmucuha
 
Challenges of Nation Building-1.pptx with more important
Challenges of Nation Building-1.pptx with more importantChallenges of Nation Building-1.pptx with more important
Challenges of Nation Building-1.pptx with more important
Sm321
 
Orchestrating the Future: Navigating Today's Data Workflow Challenges with Ai...
Orchestrating the Future: Navigating Today's Data Workflow Challenges with Ai...Orchestrating the Future: Navigating Today's Data Workflow Challenges with Ai...
Orchestrating the Future: Navigating Today's Data Workflow Challenges with Ai...
Kaxil Naik
 
"Financial Odyssey: Navigating Past Performance Through Diverse Analytical Lens"
"Financial Odyssey: Navigating Past Performance Through Diverse Analytical Lens""Financial Odyssey: Navigating Past Performance Through Diverse Analytical Lens"
"Financial Odyssey: Navigating Past Performance Through Diverse Analytical Lens"
sameer shah
 
End-to-end pipeline agility - Berlin Buzzwords 2024
End-to-end pipeline agility - Berlin Buzzwords 2024End-to-end pipeline agility - Berlin Buzzwords 2024
End-to-end pipeline agility - Berlin Buzzwords 2024
Lars Albertsson
 
Module 1 ppt BIG DATA ANALYTICS_NOTES FOR MCA
Module 1 ppt BIG DATA ANALYTICS_NOTES FOR MCAModule 1 ppt BIG DATA ANALYTICS_NOTES FOR MCA
Module 1 ppt BIG DATA ANALYTICS_NOTES FOR MCA
yuvarajkumar334
 
一比一原版(UCSF文凭证书)旧金山分校毕业证如何办理
一比一原版(UCSF文凭证书)旧金山分校毕业证如何办理一比一原版(UCSF文凭证书)旧金山分校毕业证如何办理
一比一原版(UCSF文凭证书)旧金山分校毕业证如何办理
nuttdpt
 
The Ipsos - AI - Monitor 2024 Report.pdf
The Ipsos - AI - Monitor 2024 Report.pdfThe Ipsos - AI - Monitor 2024 Report.pdf
The Ipsos - AI - Monitor 2024 Report.pdf
Social Samosa
 
4th Modern Marketing Reckoner by MMA Global India & Group M: 60+ experts on W...
4th Modern Marketing Reckoner by MMA Global India & Group M: 60+ experts on W...4th Modern Marketing Reckoner by MMA Global India & Group M: 60+ experts on W...
4th Modern Marketing Reckoner by MMA Global India & Group M: 60+ experts on W...
Social Samosa
 
一比一原版南十字星大学毕业证(SCU毕业证书)学历如何办理
一比一原版南十字星大学毕业证(SCU毕业证书)学历如何办理一比一原版南十字星大学毕业证(SCU毕业证书)学历如何办理
一比一原版南十字星大学毕业证(SCU毕业证书)学历如何办理
slg6lamcq
 
Monthly Management report for the Month of May 2024
Monthly Management report for the Month of May 2024Monthly Management report for the Month of May 2024
Monthly Management report for the Month of May 2024
facilitymanager11
 
一比一原版(UO毕业证)渥太华大学毕业证如何办理
一比一原版(UO毕业证)渥太华大学毕业证如何办理一比一原版(UO毕业证)渥太华大学毕业证如何办理
一比一原版(UO毕业证)渥太华大学毕业证如何办理
bmucuha
 
一比一原版(Unimelb毕业证书)墨尔本大学毕业证如何办理
一比一原版(Unimelb毕业证书)墨尔本大学毕业证如何办理一比一原版(Unimelb毕业证书)墨尔本大学毕业证如何办理
一比一原版(Unimelb毕业证书)墨尔本大学毕业证如何办理
xclpvhuk
 

Recently uploaded (20)

一比一原版(UMN文凭证书)明尼苏达大学毕业证如何办理
一比一原版(UMN文凭证书)明尼苏达大学毕业证如何办理一比一原版(UMN文凭证书)明尼苏达大学毕业证如何办理
一比一原版(UMN文凭证书)明尼苏达大学毕业证如何办理
 
ViewShift: Hassle-free Dynamic Policy Enforcement for Every Data Lake
ViewShift: Hassle-free Dynamic Policy Enforcement for Every Data LakeViewShift: Hassle-free Dynamic Policy Enforcement for Every Data Lake
ViewShift: Hassle-free Dynamic Policy Enforcement for Every Data Lake
 
06-12-2024-BudapestDataForum-BuildingReal-timePipelineswithFLaNK AIM
06-12-2024-BudapestDataForum-BuildingReal-timePipelineswithFLaNK AIM06-12-2024-BudapestDataForum-BuildingReal-timePipelineswithFLaNK AIM
06-12-2024-BudapestDataForum-BuildingReal-timePipelineswithFLaNK AIM
 
University of New South Wales degree offer diploma Transcript
University of New South Wales degree offer diploma TranscriptUniversity of New South Wales degree offer diploma Transcript
University of New South Wales degree offer diploma Transcript
 
一比一原版巴斯大学毕业证(Bath毕业证书)学历如何办理
一比一原版巴斯大学毕业证(Bath毕业证书)学历如何办理一比一原版巴斯大学毕业证(Bath毕业证书)学历如何办理
一比一原版巴斯大学毕业证(Bath毕业证书)学历如何办理
 
在线办理(英国UCA毕业证书)创意艺术大学毕业证在读证明一模一样
在线办理(英国UCA毕业证书)创意艺术大学毕业证在读证明一模一样在线办理(英国UCA毕业证书)创意艺术大学毕业证在读证明一模一样
在线办理(英国UCA毕业证书)创意艺术大学毕业证在读证明一模一样
 
一比一原版(UO毕业证)渥太华大学毕业证如何办理
一比一原版(UO毕业证)渥太华大学毕业证如何办理一比一原版(UO毕业证)渥太华大学毕业证如何办理
一比一原版(UO毕业证)渥太华大学毕业证如何办理
 
一比一原版(CU毕业证)卡尔顿大学毕业证如何办理
一比一原版(CU毕业证)卡尔顿大学毕业证如何办理一比一原版(CU毕业证)卡尔顿大学毕业证如何办理
一比一原版(CU毕业证)卡尔顿大学毕业证如何办理
 
Challenges of Nation Building-1.pptx with more important
Challenges of Nation Building-1.pptx with more importantChallenges of Nation Building-1.pptx with more important
Challenges of Nation Building-1.pptx with more important
 
Orchestrating the Future: Navigating Today's Data Workflow Challenges with Ai...
Orchestrating the Future: Navigating Today's Data Workflow Challenges with Ai...Orchestrating the Future: Navigating Today's Data Workflow Challenges with Ai...
Orchestrating the Future: Navigating Today's Data Workflow Challenges with Ai...
 
"Financial Odyssey: Navigating Past Performance Through Diverse Analytical Lens"
"Financial Odyssey: Navigating Past Performance Through Diverse Analytical Lens""Financial Odyssey: Navigating Past Performance Through Diverse Analytical Lens"
"Financial Odyssey: Navigating Past Performance Through Diverse Analytical Lens"
 
End-to-end pipeline agility - Berlin Buzzwords 2024
End-to-end pipeline agility - Berlin Buzzwords 2024End-to-end pipeline agility - Berlin Buzzwords 2024
End-to-end pipeline agility - Berlin Buzzwords 2024
 
Module 1 ppt BIG DATA ANALYTICS_NOTES FOR MCA
Module 1 ppt BIG DATA ANALYTICS_NOTES FOR MCAModule 1 ppt BIG DATA ANALYTICS_NOTES FOR MCA
Module 1 ppt BIG DATA ANALYTICS_NOTES FOR MCA
 
一比一原版(UCSF文凭证书)旧金山分校毕业证如何办理
一比一原版(UCSF文凭证书)旧金山分校毕业证如何办理一比一原版(UCSF文凭证书)旧金山分校毕业证如何办理
一比一原版(UCSF文凭证书)旧金山分校毕业证如何办理
 
The Ipsos - AI - Monitor 2024 Report.pdf
The Ipsos - AI - Monitor 2024 Report.pdfThe Ipsos - AI - Monitor 2024 Report.pdf
The Ipsos - AI - Monitor 2024 Report.pdf
 
4th Modern Marketing Reckoner by MMA Global India & Group M: 60+ experts on W...
4th Modern Marketing Reckoner by MMA Global India & Group M: 60+ experts on W...4th Modern Marketing Reckoner by MMA Global India & Group M: 60+ experts on W...
4th Modern Marketing Reckoner by MMA Global India & Group M: 60+ experts on W...
 
一比一原版南十字星大学毕业证(SCU毕业证书)学历如何办理
一比一原版南十字星大学毕业证(SCU毕业证书)学历如何办理一比一原版南十字星大学毕业证(SCU毕业证书)学历如何办理
一比一原版南十字星大学毕业证(SCU毕业证书)学历如何办理
 
Monthly Management report for the Month of May 2024
Monthly Management report for the Month of May 2024Monthly Management report for the Month of May 2024
Monthly Management report for the Month of May 2024
 
一比一原版(UO毕业证)渥太华大学毕业证如何办理
一比一原版(UO毕业证)渥太华大学毕业证如何办理一比一原版(UO毕业证)渥太华大学毕业证如何办理
一比一原版(UO毕业证)渥太华大学毕业证如何办理
 
一比一原版(Unimelb毕业证书)墨尔本大学毕业证如何办理
一比一原版(Unimelb毕业证书)墨尔本大学毕业证如何办理一比一原版(Unimelb毕业证书)墨尔本大学毕业证如何办理
一比一原版(Unimelb毕业证书)墨尔本大学毕业证如何办理
 

Accumulo Summit 2016: Cryptographically Enforcing Visibility Fields

  • 1. Cryptographically Securing Accumulo Scott Ruoti Robert K. Cunningham, Emily Shen, Cassandra Sparks, Leo St. Amour October 11, 2016 DISTRIBUTION STATEMENT A. Approved for public release: distribution unlimited. This material is based upon work supported by the Department of Defense under Air Force Contract No. FA8721-05-C-0002 and/or FA8702-15-D-0001. Any opinions, findings, conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the Department of Defense. © 2016 Massachusetts Institute of Technology. Delivered to the U.S. Government with Unlimited Rights, as defined in DFARS Part 252.227-7013 or 7014 (Feb 2014). Notwithstanding any copyright notice, U.S. Government rights in this work are defined by DFARS 252.227-7013 or DFARS 252.227-7014 as detailed above. Use of this work other than as specifically authorized by the U.S. Government may violate any copyrights that exist in this work.
  • 2. Accumulo Summit 2016 - CEABAC - 2 SIR 10/11/16 Malicious Administrator Querying Clients Threats to Accumulo Network Data Sources System Administrator Threat 1: Malicious clients Threat 2: External attacker Threat 3: Malicious cloud or admins • Make unauthorized queries • Learn stored data • Learn other clients’ queries • Insert malware • Hack or compromise system • Learn contents of data & queries • Modify, forge, or delete data • Misattribute data to honest clients Our focus: security against a malicious cloud or system administrators
  • 3. Accumulo Summit 2016 - CEABAC - 3 SIR 10/11/16 Existing Safe Guards Querying Clients Network Data Sources Data in motion encryption Accumulo provides no safeguards! Data at rest encryption Malicious Administrator
  • 4. Accumulo Summit 2016 - CEABAC - 4 SIR 10/11/16 Our Work Querying Clients Network Data Sources Digital signatures Field-level encryption Verifiable query results Our approach: cryptographically securing against malicious insiders Cryptographically enforced access control Malicious Administrator
  • 5. Accumulo Summit 2016 - CEABAC - 5 SIR 10/11/16 Project Status • Implementation nearing completion • Releasing soon – Drop-in compatibility with Accumulo • Goal: to obtain community feedback and involvement
  • 6. Accumulo Summit 2016 - CEABAC - 6 SIR 10/11/16 Outline • Overview • Securing Accumulo – Field-level encryption – CEABAC – Key infrastructure • “How can I use it?” • Wrap-up
  • 7. Accumulo Summit 2016 - CEABAC - 7 SIR 10/11/16 Field-level Encryption • Problem: administrator can read the data stored in Accumulo • Solution: encrypt the data stored in Accumulo – Only clients with the appropriate keys can read the data
  • 8. Accumulo Summit 2016 - CEABAC - 8 SIR 10/11/16 • Entries in Accumulo are broken up into multiple fields Accumulo Entries Key Value Row Column Visibility Permit equality and range queries, likely to be sensitive Used by server for access control Unstructured, likely to be sensitive Value
  • 9. Accumulo Summit 2016 - CEABAC - 9 SIR 10/11/16 Encryption Techniques No Encryption Deterministic Encryption Semantically Secure Encryption Security No security guarantees Limited confidentiality May leak information about the plaintext Confidentiality Query Performance Results can be filtered server-side Limited server-side filtering of results Client must retrieve all rows and filter locally DET Sem
  • 10. Accumulo Summit 2016 - CEABAC - 10 SIR 10/11/16 • Allow developers to configure how to encrypt each field • Example: sensitive row, column, and value – Deterministic encryption on the row and column for targeted keyword search – Authenticated encryption on the value Row Column Visibility Value Patient 1 diagnosis doctor … Configurable Encryption DET SemDET
  • 11. Accumulo Summit 2016 - CEABAC - 11 SIR 10/11/16 • Problem: malicious administrator can incorrectly enforce visibility constraints • Solution: encrypt fields based on the visibility expression – Only clients with appropriate attributes can read the data Patient 1, diagnosis? Access Control Row Column Visibility Value Patient 1 Diagnosis (Nurse& ER)|Doctor … Doctor Diagnosis data Patient 1, diagnosis? No results Patient 1, diagnosis? Diagnosis data Clerk
  • 12. Accumulo Summit 2016 - CEABAC - 12 SIR 10/11/16 Cryptographically Enforced Attribute-Based Access Control (CEABAC) Row Column Visibility Value Patient 1 Diagnosis (Nurse&ER) |Doctor OR Doctor Nurse ER AND Field Key Attribute Keys Row Column Visibility Value Patient 1 Diagnosis (Nurse&ER)|Doct or … Additional storage linear in size of visibility field
  • 13. Accumulo Summit 2016 - CEABAC - 13 SIR 10/11/16 Key Management • Generation – Field-level encryption keys – CEABAC attribute keys • Distribution – Ensure only correct individuals have access to keys • Revocation – Remove access to data encrypted after the revocation
  • 14. Accumulo Summit 2016 - CEABAC - 14 SIR 10/11/16 Key Management Life Cycle User Information Key Generation Step 1: generate keys for a given user Key Storage Step 2: wrap keys with users’public keys and insert them into a trusted key store ClientsAPI Step 3: clients fetch their keys from the store as needed Step 4: when a key is revoked, generate a new version and add it to the key store
  • 15. Accumulo Summit 2016 - CEABAC - 15 SIR 10/11/16 Outline • Overview • Securing Accumulo • “How can I use it?” • Wrap-up
  • 16. Accumulo Summit 2016 - CEABAC - 16 SIR 10/11/16 Java Library • Accumulo 1.8 • EncryptedBatchWriter – Drop-in replacement for BatchWriter • EncryptedBatchScanner – Drop-in replacement for BatchScanner – Support server-side filtering • EntryEncryptorConfiguration and FieldEncryptorConfiguration – Comes with example configurations – Configurable using INI files
  • 17. Accumulo Summit 2016 - CEABAC - 17 SIR 10/11/16 Example Code EncryptionKeyContainer keys = ...; BatchWriterConfig bwConfig = ... ; EncryptionConfig config = EncryptionConfig.read(new FileReader("config.ini")); EncryptedBatchWriter writer = new EncryptedBatchWriter(conn, "medical", bwConfig, config, keys); Mutation mutation = new Mutation(new Text("medical")); mutation.put(new Text("Patient 1"), new Text("diagnosis"), new ColumnVisibility("doctor"), diagnosisBytes); writer.add(mutation); writer.close(); Config [row] algorithm = AES_DET_CBC key_id = row_key key_length = 256 sources = row [colFamily] algorithm = AES_DET_CBC key_id = col_key sources = colFamily, colQualifier [value] algorithm = AES_GCM sources = value
  • 18. Accumulo Summit 2016 - CEABAC - 18 SIR 10/11/16 Key Infrastructure • EncryptKeyContainer – Interface • We will provide reference implementation and key server – Use it, modify it, roll your own – Should be run on a trusted system
  • 19. Accumulo Summit 2016 - CEABAC - 19 SIR 10/11/16 Availability • In the process of getting this work open sourced • Python prototype library – Most of the features from the Java library – Coming soon • Java library – 2017 – Comes with examples • Reference key server – 2017
  • 20. Accumulo Summit 2016 - CEABAC - 20 SIR 10/11/16 Outline • Overview • Securing Accumulo • “How can I use it?” • Wrap-up
  • 21. Accumulo Summit 2016 - CEABAC - 21 SIR 10/11/16 • Field-level encryption – Deterministic encryption must be used with caution • CEABAC – Encrypted data cannot be filtered server side (e.g., ScannerBase.setRanges) – Encrypting user must have all the attributes that make up the visibility expression – Susceptible to collusion Limitations A B AND A B
  • 22. Accumulo Summit 2016 - CEABAC - 22 SIR 10/11/16 Future Work • Integrate with other work on cryptographically securing Accumulo – Integrity of data (signatures) – Completeness of query results (authenticated data structures) • Optimizations – Increase the speed of field-level encryption and CEABAC – Reduce storage overhead for CEABAC – Reduce storage overhead of the key server • New features – Cryptographically enforce query policies – Alternative methods for enforcing visibility
  • 23. Accumulo Summit 2016 - CEABAC - 23 SIR 10/11/16 Participation from the Community • Open source project – New features – Optimizations – Maintenance • Implemented inside of Accumulo code base – More elegant – Higher performance
  • 24. Accumulo Summit 2016 - CEABAC - 24 SIR 10/11/16 Conclusion • Protects Accumulo from a malicious or compromised server – Field-level encryption – Cryptographically Enforced Attribute-Based Access Control (CEABAC) • We want to start building community engagement – Contact pace-contact@ll.mit.edu to be notified when the code is open-sourced Questions?