NSA extends label-based security to big data stores

The US National Security Agency is submitting a database it has developed for Apache open source development

The National Security Agency has submitted new label-based data store software, called Accumulo, to the Apache Software Foundation, in hopes that other parties will further develop the technology for use in secure systems.

"There is a need for a flexible, high performance distributed key/value store that provides expressive, fine-grained access labels," the developers stated on the proposal page submitted to Apache. "We have made much progress in developing this project over the past [three] years and believe both the project and the interested communities would benefit from this work being openly available and having open development."

Based on Google BigTable design, Accumulo is a simple key/value data store, where providing the system with the key will return the data associated with that key. A distributed design, Accumulo can be run across multiple servers, making it a candidate for use in big data systems.

Plenty of NoSQL-based key/value data stores already exist, such as Cassandra and HBase. What sets Accumulo apart is the ability to tag each data cell with a label. Each key has a section called column visibility, which can store labels. The labels could be used to allow fine-grained access to the data, where an external server may access some cells of the data store, but not others, based on policy rules set in place and defined by a set of labels.

Read Big Data - Part 1.

"The access labels in Accumulo do not in themselves provide a complete security solution, but are a mechanism for labeling each piece of data with the authorizations that are necessary to see it," the proposal stated.

Such label-based data storage could be the basis of secure data store-based systems, ones that could be used by health care, government agencies and other parties with stringent security and privacy requirements, the developers state.

NSA's label-based approach to security resembles another open source project NSA developed and released in 2000, called Security Enhanced Linux (SE Linux). With SE Linux, administrators can create policies that dictate, in fine-grained detail, what actions each program on a computer can execute. Red Hat has integrated SE Linux into its Red Hat Enterprise Linux distribution.

Already the software was attracted "hundreds of developers," using the database, primarily within the NSA, according to the agency. The software itself has about 200,000 lines of code, most based on Java. In addition to the code, NSA pledges to post examples, documentation and training materials on the Apache site.

The agency wants to build a wider base of both contributors and users.

The Apache Incubator is the entry point for new projects that developers hope to have Apache manage. Accumulo runs on top of a number of other Apache programs, namely the Hadoop distributed data platform, the Zookeeper distributed application configuration manager, and the Thrift services development tool.

Joab Jackson covers enterprise software and general technology breaking news for The IDG News Service. Follow Joab on Twitter at @Joab_Jackson. Joab's e-mail address is Joab_Jackson@idg.com

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags open sourcedatabasesapplicationssoftwareApache Software Foundation

Struggling for Christmas presents this year? Check out our Christmas Gift Guide for some top tech suggestions and more.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Joab Jackson

IDG News Service

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?