Más contenido relacionado Similar a Accumulo Summit 2014: Accumulo Visibility Labels and Pluggable Authorization Systems: A Love Story (20) Accumulo Summit 2014: Accumulo Visibility Labels and Pluggable Authorization Systems: A Love Story1. Securely explore your data
Accumulo Visibility Labels
and
Pluggable Authorization Systems:
A Love Story
John Vines
Engineer
Sqrrl Data, Inc.
john@sqrrl.com
5. © 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
tldr;
visibilities are like ACLs
CELL-LEVEL SECURITY
6. © 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
tldr;
visibilities are like ACLs
...sort of
CELL-LEVEL SECURITY
7. THAT’S GREAT!
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
What does it get me?
8. THAT’S GREAT!
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
What does it get me?
Amalgamating data sources that are
segregated
9. THE SCENARIO:
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
I am a first time Accumulo user
I want to use it’s nifty features
I have no idea what I’m doing
10. FIRST TRY
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
Scan without JohnsLabel
11. FIRST TRY
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
Scan without JohnsLabel
*sad trombone*
Scan with JohnsLabel
12. FIRST TRY
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
Scan without JohnsLabel
*sad trombone*
Scan with JohnsLabel
row1 colf1:colq1 JohnsLabel
row1 colf2:colq1 JohnsLabel
row2 colf1:colq3 JohnsLabel
row3 colf1:colq1 JohnsLabel
row4 colf4:colq2 JohnsLabel
13. SECOND TRY
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
row1 colf1:colq1 JohnsApplication
row1 colf2:colq1 JohnsApplication
row2 colf1:colq3 JohnsApplication
row3 colf1:colq1 JohnsApplication
row4 colf4:colq2 JohnsApplication
14. SECOND TRY
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
What does my label even mean?
row1 colf1:colq1 JohnsApplication
row1 colf2:colq1 JohnsApplication
row2 colf1:colq3 JohnsApplication
row3 colf1:colq1 JohnsApplication
row4 colf4:colq2 JohnsApplication
15. THIRD TRY
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
row1 colf1:colq1 application1|application2
row1 colf2:colq1 application1
row2 colf1:colq3 application2
row3 colf1:colq1 application2
row4 colf4:colq2 application3
16. THIRD TRY
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
What about analytic4?
analytic5? 6?
row1 colf1:colq1 application1|application2
row1 colf2:colq1 application1
row2 colf1:colq3 application2
row3 colf1:colq1 application2
row4 colf4:colq2 application3
17. BACK TO THE DRAWING BOARD
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
What am I trying to accomplish?
Why am I segregating my data?
18. FOURTH TRY
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
row1 colf1:colq1 org1|org2
row1 colf2:colq1 org1
row2 colf1:colq3 org2
row3 colf1:colq1 org2
row4 colf4:colq2 org1&org2
19. FOURTH TRY
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
Organizations are big!
row1 colf1:colq1 org1|org2
row1 colf2:colq1 org1
row2 colf1:colq3 org2
row3 colf1:colq1 org2
row4 colf4:colq2 org1&org2
20. FIFTH TRY
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
row1 colf1:colq1 subOrg1|subOrg2
row1 colf2:colq1 subOrg1
row2 colf1:colq3 subOrg2
row3 colf1:colq1 subOrg2
row4 colf4:colq2 subOrg1&subOrg2
What about if subOrgs change?
21. FIFTH TRY
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
What about if subOrgs change?
Why do these orgs have permission?
row1 colf1:colq1 subOrg1|subOrg2
row1 colf2:colq1 subOrg1
row2 colf1:colq3 subOrg2
row3 colf1:colq1 subOrg2
row4 colf4:colq2 subOrg1&subOrg2
22. SIXTH TRY
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
row1 colf1:colq1 accountsReceivable|payroll
row1 colf2:colq1 accountsReceivable
row2 colf1:colq3 payroll
row3 colf1:colq1 payroll
row4 colf4:colq2 accountsReceivable&payroll
Looks good!
23. SIXTH TRY
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
Looks good!
But now I need to manage users!
row1 colf1:colq1 accountsReceivable|payroll
row1 colf2:colq1 accountsReceivable
row2 colf1:colq3 payroll
row3 colf1:colq1 payroll
row4 colf4:colq2 accountsReceivable&payroll
25. PLUGGABLE SECURITY TO THE RESCUE
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
okay… what is this?
26. PLUGGABLE SECURITY TO THE RESCUE
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
tserver
scan
Pluggable
Authorizor
getAuths()
scan
27. PLUGGABLE SECURITY TO THE RESCUE
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
tserver
scan
Pluggable
Authorizor
getAuths()
scan
Now we can use our existing system!
28. SEVENTH TRY
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
LDAP’s role-based access says:
User1->HR
User2->InternalConflicts
User3->Payroll
User4->Taxes
29. SEVENTH TRY
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
One less system to maintain!
LDAP’s role-based access says:
User1->HR
User2->InternalConflicts
User3->Payroll
User4->Taxes
30. SEVENTH TRY
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
One less system to maintain!
But our orgs are hierarchical!
LDAP’s role-based access says:
User1->HR
User2->InternalConflicts
User3->Payroll
User4->Taxes
31. EIGHTH TRY
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
Authorizor Says:
InternalConflicts->InternalConflicts,HR
Payroll->Payroll,Finance
Taxes->Finance,AccountsReceivable
32. EIGHTH TRY
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
But what if I don’t want a certain org to
get a piece of data?
Authorizor Says:
InternalConflicts->InternalConflicts,HR
Payroll->Payroll,Finance
Taxes->Finance,AccountsReceivable
33. © 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
What if I don’t want a certain org to get
a piece of data?
34. NINTH TRY
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
row5 colf1:colq3 designer&!manager
35. NINTH TRY
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
Accumulo does not support NOTs
row5 colf1:colq3 designer&!manager
36. NINTH TRY
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
Accumulo does not support NOTs
What are we trying to accomplish?
row5 colf1:colq3 designer&!manager
37. TENTH TRY
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
row5 colf1:colq3 designer&(worker&contractor)
38. TENTH TRY
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
But I want others to know some part of
row5 colf1:colq!
row5 colf1:colq3 designer&(worker&contractor)
40. ELEVENTH TRY
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
row5 colf1:colq3 designer&(worker&contractor)
row5 colf1:colq3 engineer&(worker&contractor)
41. ELEVENTH TRY
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
row5 colf1:colq3 designer&(worker&contractor)
row5 colf1:colq3 engineer&(worker&contractor)
But I still want the managers to know
that row5 colf1:colq3 exists!
42. TWELTH TRY
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
row5 colf1:colq3
row5 colf1:colq3 designer&(worker&contractor)
row5 colf1:colq3 engineer&(worker&contractor)
43. TWELTH TRY
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
How can root look at everything?
row5 colf1:colq3
row5 colf1:colq3 designer&(worker&contractor)
row5 colf1:colq3 engineer&(worker&contractor)
44. THIRTEENTH TRY
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
row5 colf1:colq3
row5 colf1:colq3
root|(designer&(worker&contractor))
row5 colf1:colq3
root|(engineer&(worker&contractor))
45. THIRTEENTH TRY
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
I don’t like that...
row5 colf1:colq3
row5 colf1:colq3
root|(designer&(worker&contractor))
row5 colf1:colq3
root|(engineer&(worker&contractor))
46. THIRTEENTH TRY 2
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
Remember the pluggable Authorizor!
LDAP knows all roles
root->all roles
47. THIRTEENTH TRY 2
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
All of my bases are covered!
Except...
Remember the pluggable Authorizor!
LDAP knows all roles
root->all roles
48. GETTING CRAFTY
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
What if I want to:
● Allow authorizations based on time
● Allow authorizations based on location
● Make data more available
● Make data less available
49. BEING CRAFTY
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
Remember the pluggable Authorizor!
If you have the data available, you can use
it!
50. BEING CRAFTY
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
Remember the pluggable Authorizor!
If you have the data available, you can use
it!
Just remember- visibility labels are
filters. They’re not made for restricting
entire tables.
51. FOURTEENTH TRY
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
Accumulo Tables have Read permissions
for coarse access!
52. FOURTEENTH TRY
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
Accumulo Tables have Read permissions
for coarse access!
Can we do it to people who are missing
certain labels?
54. PLUGGABLE SECURITY TO THE RESCUE
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
Looks familiar…
what is this?
55. PLUGGABLE SECURITY TO THE RESCUE
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
tserver
scan
Pluggable PermissionHandler
hasTablePermission()
scan
56. PLUGGABLE SECURITY TO THE RESCUE
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
tserver
scan
Pluggable PermissionHandler
hasTablePermission()
scan
Now we can use our existing system
for coarse access!
57. RECAP
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
● Label for the data, not the users
● Label with the highest granularity
possible
● Let the pluggable security do the rest of
the work
● Need to rely on external services or
special processes for tracking labels
● These can manage users authorizations
and general access
58. RECAP
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
Cell level security boils down to two
separate components
● Data labels
● User granted labels
They are the two halves that establish cell
level security.
59. RECAP
© 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
Cell level security boils down to two
separate components
● Data labels
● User granted labels
They are the two halves that establish cell
level security. Put the two together, and
magic happens.
60. © 2014 Sqrrl | All Rights Reserved | Proprietary and Confidential
QUESTIONS?
@ohshazbot
john@sqrrl.com
ACCUMULO VISIBILITY LABELS AND PLUGGABLE
AUTHORIZATION:
A LOVE STORY