Presentation is loading. Please wait.

Presentation is loading. Please wait.

Senior Solutions Architect, MongoDB James Kerr Security Features Preview Field Level Access Control.

Similar presentations


Presentation on theme: "Senior Solutions Architect, MongoDB James Kerr Security Features Preview Field Level Access Control."— Presentation transcript:

1 Senior Solutions Architect, MongoDB James Kerr Security Features Preview Field Level Access Control

2 Key Security Considerations

3 Reference Architecture Clients Storage Administrators Authentication Authorization Auditing Encryption

4 Authentication Clients Storage Administrators Authentication Authorization Auditing Encryption Which users/apps are accessing the DB Which nodes are joining the cluster Which users are accessing the DB

5 Authorization Clients Storage Administrators Authentication Authorization Auditing Encryption What permissions does an App have? What permissions does an Admin have? What data can a user see? What data can an admin see?

6 Auditing Clients Storage Administrators Authentication Authorization Auditing Encryption Who made which changes and when?

7 Encryption Clients Storage Administrators Authentication Authorization Auditing Encryption SSL Encryption File system Encryption

8 Today - Authorization Clients Authorization What permissions does an App have? What data can a user see?

9 Authorization

10 Authorization Features Database Level Access Control (2.4) – Admin roles – DB, user, cluster – Application roles – reader, reader/writer Collection Level Access Control (coming soon) – User defined roles – Privileges granted to roles for actions on resources – Database, collection and system resource types Field Level Access Control (2.5 nightly) – Redact documents and/or fields based on security labels

11 Field Level Access Control Goals Restrict access to certain documents within a collection Restrict access to certain fields within documents Provide a generic capability to handle different marking schemes Describe policies in terms of existing MongoDB query languages, or extensions thereof

12 FLAC Features and Functionality New $redact aggregation framework phase – Performs a pre-order traversal of the document tree – For each node, the expression conditionally returns one of "$$KEEP”, "$$PRUNE” or "$$DESCEND” New query language operators – Sets ( ⊆, =, ∖, ∩, ∪ ) – Arrays (any true, all true) – Variables (let, map)

13 FLAC Features and Functionality (cont.) Aggregation can return a cursor – Have to use "aggregate" command until 2.5 is feature- complete – Can use the the temporary mongo shell helper db.collection.aggregateCursor() Aggregation can write directly to another collection – $out phase

14 Redaction Logic Expression is evaluated as the nodes in the document are traversed $$KEEP – inserts the node and the node's children into the output $$PRUNE – puts no node in the output document, and continues the traversal of the sibling nodes $$DESCEND – inserts a corresponding node in the output document and continues the traversals of the node's children

15 Set Operators $setIsSubset $setEquals $setDifference $setIntersection $setUnion

16 Array Operators $allElementsTrue $anyElementTrue

17 Variable Operators $let – Binds variables for use in sub-expressions $map – Applies a sub-expression to each item in an array and returns an array with the result of the sub-expression Available the in $project, $group, and $redact pipeline stages

18 { $project: { remaining: { $let : { vars: { tally: 75, count: 50 }, in: { $subtract: [ "$$tally", "$$count" ] } } }  { remaining: 25 } $let Example Bind the "tally" and "count" variables Evaluate the subexpression defined by the "in" field with the bound variables

19 { skews: [ 1, 2, 3 ] } { $project: { adjusted: { $map: { input: "$skews", as: "adj", in: { $add: [ "$$adj", 12 ] } } } } }  { adjusted : [ 13, 14, 15 ] } $map Example Use the "skews" field as the input to the $map operation Assign each element in the input array to the "adj" variable Execute expression for each element in the input array

20 { $redact: { $cond: [{ $anyElementTrue: { $map: { input: "$sl", as: "setNeeded", in: { $setIsSubset: ["$$setNeeded", ["A", "B", "D"]] } } }, "$$DESCEND", "$$PRUNE"] } $redact Example Input labels. IE, these would come from the user's attributes Field security labels are in the "sl" field

21 FLAC Pipeline – Basic $redact Query $match Redaction Expression User Attributes

22 FLAC Pipeline – Optimized $match Query $redact $match Redaction Expression User Attributes To make the pipeline more selective, parts of the $match may be promoted by the execution engine or manually. * Don't promote negative query terms ($ne, $nin, $nor, etc)

23 FLAC Pipeline – Document Level Filters $match Query $redact $match Redaction Expression User Attributes Security Match Expression Document level access may be selective and benefit from index use in the first $match phase

24 Markings Reference Implementation Field visibility is controlled by the "sl" field Top level "sl" applies to the whole document Restrictive markings on a parent field removes it and any children

25 Markings Reference Implementation { _id: 1, sl: [ ["A", "B"], ["C"] ], field1 : { sl : [ ["A", "B"] ], data : “field1 value” }, field2 : { sl : [ ["C"] ], data : “field2 value” }, field3 : { sl : [ ["A", "C"], ["B", "D"] ], data : “field3 value” } } User needs A&B|C to see the document User needs A&B to see field1 User needs C to see field2 User needs A&C|B&D to see field3

26 Markings Reference Implementation { _id: 2, sl: [ ["A", "B", "C"], ["A", "B", "D"] ], field1 : { sl : [ ["A", "B"] ], field2 : { sl : [ ["C"] ], data : "field2 value" }, field3 : { sl : [ ["D"] ], data : "field3 value" } } User needs A&B&C|A&B&D to see the document User needs A&B to see field1 User needs A&B&C to see field1.field2 User needs A&B&D to see field1.field3

27 { $redact: { $cond: [{ $anyElementTrue: { $map: { input: "$sl", as: "setNeeded", in: { $setIsSubset: ["$$setNeeded", ["A", "B", "D"]] } } }, "$$DESCEND", "$$PRUNE"] } $redact Reference Example User has labels "A", "B" and "D" Field security labels are in the "sl" field

28 { _id: 1, sl: [ ["A", "B"], ["C"] ], field1 : { sl : [ ["A", "B"] ], data : “field1 value” }, field2 : { sl : [ ["C"] ], data : “field2 value” }, field3 : { sl : [ ["A", "C"], ["B", "D"] ], data : “field3 value” } } { _id: 1, sl: [ ["A", "B"], ["C"] ], field1 : { sl : [ ["A", "B"] ], data : “field1 value” }, field3 : { sl : [ ["A", "C"], ["B", "D"] ], data : “field3 value” } } $redact Output User labels = ["A", "B", "D"]

29 { _id: 2, sl: [ ["A", "B", "C"], ["A", "B", "D"] ], field1 : { sl : [ ["A", "B"] ], field2 : { sl : [ ["C"] ], data : “field2 value” }, field3 : { sl : [ [“D"] ], data : “field3 value” } } } { _id: 2, sl: [ ["A", "B", "C"], ["A", "B", "D"] ], field1 : { sl : [ ["A", "B"] ], field3 : { sl : [ [“D"] ], data : “field3 value” } } } $redact Output User labels = ["A", "B", "D"]

30 FLAC Design – Trusted Middleware Trusted Middleware/ Application Trusted Middleware/ Application Identity Management Driver 1.Authenticate Untrusted User 2.Retrieve User Attributes 3.Create query and $redact Expression 1.Authenticate Trusted User 2.Run Query 3.Apply $redact Expression Query + $redact Trusted user Untrusted User/Application Untrusted User/Application Collection

31 Disclaimer Statements about future releases, availability dates, and feature content reflect plans only, and MongoDB is under no obligation to include, develop or make available, commercially or otherwise, specific features discussed in a future MongoDB build. Information is provided for general understanding only, and is subject to change at the sole discretion of MongoDB in response to changing market conditions, delivery schedules, customer requirements, and/or other factors.

32 Integrated FLAC (Conceptual)* Collection Views Read-only Views Parameterized Views – Configurable redaction expression – Document content based on the user attributes and field markings * See Disclaimer

33 FLAC Design – Views* Trusted Middleware/ Application Trusted Middleware/ Application Identity Management Driver 1.Authenticate Untrusted User 2.Retrieve User Attributes 1.Authenticate Trusted User 2.Run Query 3.Create/Apply $redact Expression Query + attributes Trusted user Untrusted User/Application Untrusted User/Application Collection View ($redact) View ($redact) * See Disclaimer

34 FLAC Design – Fully Integrated* Untrusted Middleware/ Application Untrusted Middleware/ Application Identity Management Driver 1.Authenticate Untrusted User 2.Retrieve User Attributes 3.Run Query 4.Create/Apply $redact Expression Query Untrusted user Untrusted User/Application Untrusted User/Application Collection View ($redact) View ($redact) * See Disclaimer

35 { $redact: { $cond: [{ $anyElementTrue: { $map: { input: "$sl", as: "setNeeded", in: { $setIsSubset: ["$$setNeeded", "$$USER.security.tags"] } } }, "$$DESCEND", "$$PRUNE"] } Parameterized View Concept* * See Disclaimer User labels retrieved from security "context"

36 Other Features* LDAP Authentication x.509 Authentication Keyfile alternative Auditing (admin functions – DDL, DCL) User defined roles Collection level access control * See Disclaimer

37 Next Steps Looking for customers to evaluate Trusted middleware example code

38 References

39 James Kerr Thank You


Download ppt "Senior Solutions Architect, MongoDB James Kerr Security Features Preview Field Level Access Control."

Similar presentations


Ads by Google