PACE: Proactively-Secure Accumulo with Cryptographic Enforcement

Authors
Scott Ruoti, Ben Kaiser, Ariel Hamlin, Cassandra Sparks, Robert Cunningham

Abstract
Cloud-hosted databases have many compelling benefits, including high availability, flexible resource allocation, and resiliency to attack, but it requires that cloud tenants cede control of their data to the cloud provider. In this paper, we describe Proactively-secure Accumulo with Cryptographic Enforcement (PACE), a client-side library that cryptographically protects a tenant’s data, returning control of that data to the tenant. PACE is a drop-in replacement for Accumulo’s APIs and works with Accumulo’s row-level security model. We evaluate the performance of PACE, discussing the impact of encryption and signatures on operation throughput.

Reference
21st IEEE High Performance Extreme Computing Conference. IEEE, 2017. (IEEE HPEC 2017)

Downloads