All,
Over the past several years, MIT Lincoln Laboratory has been exploring how to protect data stored in Accumulo from malicious and honest-but-curious system administrators. Currently, an administrator is free to view any data stored in Accumulo, and can insert, modify, or delete data at will. To address these threat vectors, we have developed the Proactively-secure Accumulo with Cryptographic Enforcement (PACE) library. The PACE library supports both encrypting and signing records. Encryption is used to ensure that only users with the appropriate keys (i.e., not the system administrator) can read the unencrypted context of data stored in Accumulo. Signatures can be used to provide protection against an administrator spuriously inserting or modifying records. The PACE library works as a drop-in replacement for the existing Accumulo client-API, allowing existing code to be secure with only the change of a few lines of code. The PACE library can be found at This library can be found at https://github.com/mit-ll/PACE. All are welcome to use this library or fork the repository and modify the code for their own use. At this time, development of PACE at Lincoln Laboratory is complete. In my free time, I will attempt to address any reported bugs, but I am also interested in identify Accumulo developers that would like to help maintain this library. Alternatively, I am willing to turn ownership of this library entirely over to the Accumulo community. If you have any questions or comments about PACE, feel free to reach out to me. Thank you, Scott Ruoti — Dr. Scott Ruoti voice: (781) 981-1551 Technical Staff mobile: (801) 300-7013 Secure, Resilient Systems and Technology e-mail: scott.ru...@ll.mit.edu Group 53 MIT Lincoln Laboratory
smime.p7s
Description: S/MIME cryptographic signature