Information security considerations for applications using Apache Accumulo
Pontius, Brandon H.
MetadataShow full item record
NoSQL databases are gaining popularity due to their ability to store and process large heterogeneous data sets more efficiently than relational databases. Apache Accumulo is a NoSQL database that introduced a unique information security feature—cell-level access control. We study Accumulo to examine its cell-level access control policy enforcement mechanism. We survey existing Accumulo applications, focusing on Koverse as a case study to model the interaction between Accumulo and a client application. We conclude with a discussion of potential security concerns for Accumulo applications. We argue that Accumulo’s cell-level access control can assist developers in creating a stronger information security policy, but Accumulo cannot provide security—particularly enforcement of information flow policies—on its own. Furthermore, popular patterns for interaction between Accumulo and its clients require diligence on the part of developers, which may otherwise lead to unexpected behavior that undermines system policy. We highlight some undesirable but reasonable confusions stemming from the semantic gap between cell-level and table-level policies, and between policies for end-users and Accumulo clients.
Approved for public release; distribution is unlimited