PACE: Proactively-Secure Accumulo with Cryptographic Enforcement

Scott Ruoti, Ben Kaiser, Ariel Hamlin, Cassandra Sparks, and Robert Cunningham

Cloud-hosted databases have many compelling benefits, including high availability, flexible resource allocation, and resiliency to attack, but it requires that cloud tenants cede control of their data to the cloud provider. In this paper, we describe Proactively-secure Accumulo with Cryptographic Enforcement (PACE), a client-side library that cryptographically protects a tenant's data, returning control of that data to the tenant. PACE is a drop-in replacement for Accumulo's APIs and works with Accumulo's row-level security model. We evaluate the performance of PACE, discussing the impact of encryption and signatures on operation throughput.

Scott Ruoti, Ben Kaiser, Ariel Hamlin, Cassandra Sparks, and Robert Cunningham. 2017. PACE: Proactively-secure accumulo with cryptographic enforcement. In Proceedings of the 21st IEEE High Performance Extreme Computing Conference. IEEE.