Presentation is loading. Please wait.

Presentation is loading. Please wait.

Senior Solutions Architect, MongoDB James Kerr Security Features Preview Field Level Access Control.

Published byJaden Obee Modified over 9 years ago

Similar presentations

Presentation on theme: "Senior Solutions Architect, MongoDB James Kerr Security Features Preview Field Level Access Control."— Presentation transcript:

1 Senior Solutions Architect, MongoDB James Kerr Security Features Preview Field Level Access Control

2 Key Security Considerations

3 Reference Architecture Clients Storage Administrators Authentication Authorization Auditing Encryption

4 Authentication Clients Storage Administrators Authentication Authorization Auditing Encryption Which users/apps are accessing the DB Which nodes are joining the cluster Which users are accessing the DB

5 Authorization Clients Storage Administrators Authentication Authorization Auditing Encryption What permissions does an App have? What permissions does an Admin have? What data can a user see? What data can an admin see?

6 Auditing Clients Storage Administrators Authentication Authorization Auditing Encryption Who made which changes and when?

7 Encryption Clients Storage Administrators Authentication Authorization Auditing Encryption SSL Encryption File system Encryption

8 Today - Authorization Clients Authorization What permissions does an App have? What data can a user see?

9 Authorization

10 Authorization Features Database Level Access Control (2.4) – Admin roles – DB, user, cluster – Application roles – reader, reader/writer Collection Level Access Control (coming soon) – User defined roles – Privileges granted to roles for actions on resources – Database, collection and system resource types Field Level Access Control (2.5 nightly) – Redact documents and/or fields based on security labels

11 Field Level Access Control Goals Restrict access to certain documents within a collection Restrict access to certain fields within documents Provide a generic capability to handle different marking schemes Describe policies in terms of existing MongoDB query languages, or extensions thereof

12 FLAC Features and Functionality New $redact aggregation framework phase – Performs a pre-order traversal of the document tree – For each node, the expression conditionally returns one of "$$KEEP”, "$$PRUNE” or "$$DESCEND” New query language operators – Sets ( ⊆, =, ∖, ∩, ∪ ) – Arrays (any true, all true) – Variables (let, map)

13 FLAC Features and Functionality (cont.) Aggregation can return a cursor – Have to use "aggregate" command until 2.5 is feature- complete – Can use the the temporary mongo shell helper db.collection.aggregateCursor() Aggregation can write directly to another collection – $out phase

14 Redaction Logic Expression is evaluated as the nodes in the document are traversed $$KEEP – inserts the node and the node's children into the output $$PRUNE – puts no node in the output document, and continues the traversal of the sibling nodes $$DESCEND – inserts a corresponding node in the output document and continues the traversals of the node's children

15 Set Operators $setIsSubset $setEquals $setDifference $setIntersection $setUnion

16 Array Operators $allElementsTrue $anyElementTrue

17 Variable Operators $let – Binds variables for use in sub-expressions $map – Applies a sub-expression to each item in an array and returns an array with the result of the sub-expression Available the in $project, $group, and $redact pipeline stages

18 { $project: { remaining: { $let : { vars: { tally: 75, count: 50 }, in: { $subtract: [ "$$tally", "$$count" ] } } }  { remaining: 25 } $let Example Bind the "tally" and "count" variables Evaluate the subexpression defined by the "in" field with the bound variables

19 { skews: [ 1, 2, 3 ] } { $project: { adjusted: { $map: { input: "$skews", as: "adj", in: { $add: [ "$$adj", 12 ] } } } } }  { adjusted : [ 13, 14, 15 ] } $map Example Use the "skews" field as the input to the $map operation Assign each element in the input array to the "adj" variable Execute expression for each element in the input array

20 { $redact: { $cond: [{ $anyElementTrue: { $map: { input: "$sl", as: "setNeeded", in: { $setIsSubset: ["$$setNeeded", ["A", "B", "D"]] } } }, "$$DESCEND", "$$PRUNE"] } $redact Example Input labels. IE, these would come from the user's attributes Field security labels are in the "sl" field

21 FLAC Pipeline – Basic $redact Query $match Redaction Expression User Attributes

22 FLAC Pipeline – Optimized $match Query $redact $match Redaction Expression User Attributes To make the pipeline more selective, parts of the $match may be promoted by the execution engine or manually. * Don't promote negative query terms ($ne, $nin, $nor, etc)

23 FLAC Pipeline – Document Level Filters $match Query $redact $match Redaction Expression User Attributes Security Match Expression Document level access may be selective and benefit from index use in the first $match phase

24 Markings Reference Implementation Field visibility is controlled by the "sl" field Top level "sl" applies to the whole document Restrictive markings on a parent field removes it and any children

25 Markings Reference Implementation { _id: 1, sl: [ ["A", "B"], ["C"] ], field1 : { sl : [ ["A", "B"] ], data : “field1 value” }, field2 : { sl : [ ["C"] ], data : “field2 value” }, field3 : { sl : [ ["A", "C"], ["B", "D"] ], data : “field3 value” } } User needs A&B|C to see the document User needs A&B to see field1 User needs C to see field2 User needs A&C|B&D to see field3

26 Markings Reference Implementation { _id: 2, sl: [ ["A", "B", "C"], ["A", "B", "D"] ], field1 : { sl : [ ["A", "B"] ], field2 : { sl : [ ["C"] ], data : "field2 value" }, field3 : { sl : [ ["D"] ], data : "field3 value" } } User needs A&B&C|A&B&D to see the document User needs A&B to see field1 User needs A&B&C to see field1.field2 User needs A&B&D to see field1.field3

27 { $redact: { $cond: [{ $anyElementTrue: { $map: { input: "$sl", as: "setNeeded", in: { $setIsSubset: ["$$setNeeded", ["A", "B", "D"]] } } }, "$$DESCEND", "$$PRUNE"] } $redact Reference Example User has labels "A", "B" and "D" Field security labels are in the "sl" field

28 { _id: 1, sl: [ ["A", "B"], ["C"] ], field1 : { sl : [ ["A", "B"] ], data : “field1 value” }, field2 : { sl : [ ["C"] ], data : “field2 value” }, field3 : { sl : [ ["A", "C"], ["B", "D"] ], data : “field3 value” } } { _id: 1, sl: [ ["A", "B"], ["C"] ], field1 : { sl : [ ["A", "B"] ], data : “field1 value” }, field3 : { sl : [ ["A", "C"], ["B", "D"] ], data : “field3 value” } } $redact Output User labels = ["A", "B", "D"]

29 { _id: 2, sl: [ ["A", "B", "C"], ["A", "B", "D"] ], field1 : { sl : [ ["A", "B"] ], field2 : { sl : [ ["C"] ], data : “field2 value” }, field3 : { sl : [ [“D"] ], data : “field3 value” } } } { _id: 2, sl: [ ["A", "B", "C"], ["A", "B", "D"] ], field1 : { sl : [ ["A", "B"] ], field3 : { sl : [ [“D"] ], data : “field3 value” } } } $redact Output User labels = ["A", "B", "D"]

30 FLAC Design – Trusted Middleware Trusted Middleware/ Application Trusted Middleware/ Application Identity Management Driver 1.Authenticate Untrusted User 2.Retrieve User Attributes 3.Create query and $redact Expression 1.Authenticate Trusted User 2.Run Query 3.Apply $redact Expression Query + $redact Trusted user Untrusted User/Application Untrusted User/Application Collection

31 Disclaimer Statements about future releases, availability dates, and feature content reflect plans only, and MongoDB is under no obligation to include, develop or make available, commercially or otherwise, specific features discussed in a future MongoDB build. Information is provided for general understanding only, and is subject to change at the sole discretion of MongoDB in response to changing market conditions, delivery schedules, customer requirements, and/or other factors.

32 Integrated FLAC (Conceptual)* Collection Views Read-only Views Parameterized Views – Configurable redaction expression – Document content based on the user attributes and field markings * See Disclaimer

33 FLAC Design – Views* Trusted Middleware/ Application Trusted Middleware/ Application Identity Management Driver 1.Authenticate Untrusted User 2.Retrieve User Attributes 1.Authenticate Trusted User 2.Run Query 3.Create/Apply $redact Expression Query + attributes Trusted user Untrusted User/Application Untrusted User/Application Collection View ($redact) View ($redact) * See Disclaimer

34 FLAC Design – Fully Integrated* Untrusted Middleware/ Application Untrusted Middleware/ Application Identity Management Driver 1.Authenticate Untrusted User 2.Retrieve User Attributes 3.Run Query 4.Create/Apply $redact Expression Query Untrusted user Untrusted User/Application Untrusted User/Application Collection View ($redact) View ($redact) * See Disclaimer

35 { $redact: { $cond: [{ $anyElementTrue: { $map: { input: "$sl", as: "setNeeded", in: { $setIsSubset: ["$$setNeeded", "$$USER.security.tags"] } } }, "$$DESCEND", "$$PRUNE"] } Parameterized View Concept* * See Disclaimer User labels retrieved from security "context"

36 Other Features* LDAP Authentication x.509 Authentication Keyfile alternative Auditing (admin functions – DDL, DCL) User defined roles Collection level access control * See Disclaimer

37 Next Steps Looking for customers to evaluate Trusted middleware example code

38 References http://docs.mongodb.org/manual/release-notes/2.6/ http://docs.mongodb.org/manual/security/

39 james.kerr@mongodb.com James Kerr Thank You

Download ppt "Senior Solutions Architect, MongoDB James Kerr Security Features Preview Field Level Access Control."

Similar presentations

Inside an XSLT Processor Michael Kay, ICL 19 May 2000.

Inside an XSLT Processor Michael Kay, ICL 19 May 2000.
Dr. Alexandra I. Cristea CS 252: Fundamentals of Relational Databases: SQL5.

Dr. Alexandra I. Cristea CS 252: Fundamentals of Relational Databases: SQL5.
Introduction to SQL, OleDB interface to Access from VB.NET.

Introduction to SQL, OleDB interface to Access from VB.NET.
Mongo An alternative database system. Installing Mongo We must install both the Mongo database and at least one GUI for managing Mongo See

Mongo An alternative database system. Installing Mongo We must install both the Mongo database and at least one GUI for managing Mongo See
XML Data Management 8. XQuery Werner Nutt. Requirements for an XML Query Language David Maier, W3C XML Query Requirements: Closedness: output must be.

XML Data Management 8. XQuery Werner Nutt. Requirements for an XML Query Language David Maier, W3C XML Query Requirements: Closedness: output must be.
DIGIDOC A web based tool to Manage Documents. System Overview DigiDoc is a web-based customizable, integrated solution for Business Process Management.

DIGIDOC A web based tool to Manage Documents. System Overview DigiDoc is a web-based customizable, integrated solution for Business Process Management.
Creating Tables. 2 home back first prev next last What Will I Learn? List and provide an example of each of the number, character, and date data types.

Creating Tables. 2 home back first prev next last What Will I Learn? List and provide an example of each of the number, character, and date data types.
“The Honeywell Web-based Corrective Action Solution”

“The Honeywell Web-based Corrective Action Solution”
Data Management Expert Panel - WP2. WP2 Overview.

Data Management Expert Panel - WP2. WP2 Overview.
OWASP Secure Coding Practices Quick Reference Guide

OWASP Secure Coding Practices Quick Reference Guide
METALOGIC s o f t w a r e © Metalogic Software Corporation 2004-2006 DACS Developer Overview DACS – the Distributed Access Control System.

METALOGIC s o f t w a r e © Metalogic Software Corporation DACS Developer Overview DACS – the Distributed Access Control System.
TIMBER A Native XML Database Xiali He The Overview of the TIMBER System in University of Michigan.

TIMBER A Native XML Database Xiali He The Overview of the TIMBER System in University of Michigan.
OAISYS Public Safety Solutions Safeguarding Mission-Critical Communications.

OAISYS Public Safety Solutions Safeguarding Mission-Critical Communications.
Advantage Data Dictionary. agenda Creating and Managing Data Dictionaries –Tables, Indexes, Fields, and Triggers –Defining Referential Integrity –Defining.

Advantage Data Dictionary. agenda Creating and Managing Data Dictionaries –Tables, Indexes, Fields, and Triggers –Defining Referential Integrity –Defining.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
Xyleme A Dynamic Warehouse for XML Data of the Web.

Xyleme A Dynamic Warehouse for XML Data of the Web.
Fundamentals, Design, and Implementation, 9/e Chapter 12 ODBC, OLE DB, ADO, and ASP.

Fundamentals, Design, and Implementation, 9/e Chapter 12 ODBC, OLE DB, ADO, and ASP.
Edward Tsai – CS 239 – Spring 2003 Strong Security for Active Networks CS 239 – Network Security Edward Tsai Tuesday, May 13, 2003.

Edward Tsai – CS 239 – Spring 2003 Strong Security for Active Networks CS 239 – Network Security Edward Tsai Tuesday, May 13, 2003.
Querying Ontology Based Database Using OntoQL Stephane Jean et al. Presented by: Meher Talat Shaikh.

Querying Ontology Based Database Using OntoQL Stephane Jean et al. Presented by: Meher Talat Shaikh.
Copying, Managing, and Transforming Data With DTS.

Copying, Managing, and Transforming Data With DTS.

Similar presentations

Ads by Google