Cryptographically Enforced Role-Based Access Control for NoSQL Distributed Databases
The support for Role-Based Access Control (RBAC) using cryptography for NOSQL distributed databases is investigated. Cassandra is a NoSQL DBMS that efficiently supports very large databases, but provides rather simple security measures (an agent having physical access to a Cassandra cluster is usually assumed to have access to all data therein). Support for RBAC had been added almost as an afterthought, with the Node Coordinator having to mediate all requests to read and write data, in order to ensure that only the requests allowed by the Access Control Policy (ACP) are allowed through.
In this paper, we propose a model and protocols for cryptographic enforcement of an ACP in a cassandra like system, which would ease the load on the Node Coordinator, thereby taking the bottleneck out of the existing security implementation. We allow any client to read the data from any storage node(s) – provided that only the clients whom the ACP grants access to a datum, would hold the encryption keys that enable these clients to decrypt the data.
- 1.DataStax: Securing Cassandra (2015). https://docs.datastax.com/en/cassandra/3.0/cassandra/configuration/secureIntro.html
- 2.Davis, M.A.: Why NoSQL equals NoSecurity. InformationWeek (2012)Google Scholar
- 3.Ferrara, A.L., Fuchsbauer, G., Warinschi, B.: Cryptographically enforced RBAC. In: 2013 IEEE 26th Computer Security Foundations Symposium (CSF), pp. 115–129. IEEE (2013)Google Scholar
- 5.Foresti, S.: Data security and privacy in the cloud. In: 29th Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy (2015)Google Scholar
- 6.Goyal, V., Pandey, O., Sahai, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, CCS 2006, Alexandria, VA, USA, 30 October–3 November 2006, pp. 89–98 (2006)Google Scholar
- 8.Iii, W.C.G., Shull, A., Myers, S., Lee, A.J.: On the practicality of cryptographically enforcing dynamic access control policies in the cloud. In: IEEE Symposium on Security and Privacy, SP 2016, San Jose, CA, USA, 22–26 May 2016, pp. 819–838 (2016)Google Scholar
- 12.Pilkington, M.: Blockchain technology: principles and applications. In: Research Handbook on Digital Transformations (2015)Google Scholar
- 13.MIT Csail Computer Systems Security Group: Crypto tutorial (2010). http://css.csail.mit.edu/security-seminar/cryptoslides.ppt
- 14.Tunnicliffe, S.: Role based access control in Cassandra (2015). http://www.datastax.com/dev/blog/role-based-access-control-in-cassandra