Security Features Preview Field Level Access Control - PowerPoint PPT Presentation

lucian
security features preview field level access control n.
Skip this Video
Loading SlideShow in 5 Seconds..
Security Features Preview Field Level Access Control PowerPoint Presentation
Download Presentation
Security Features Preview Field Level Access Control

play fullscreen
1 / 39
Download Presentation
Security Features Preview Field Level Access Control
89 Views
Download Presentation

Security Features Preview Field Level Access Control

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Security Features PreviewField Level Access Control James Kerr Senior Solutions Architect, MongoDB

  2. Key Security Considerations

  3. Reference Architecture Authentication Authorization Auditing Encryption Clients Administrators Storage

  4. Authentication Authentication Authorization Auditing Encryption Clients Administrators Which nodes are joining the cluster Which users/apps are accessing the DB Which users are accessing the DB Storage

  5. Authorization Authentication Authorization Auditing Encryption Clients Administrators What permissions does an App have? What permissions does an Admin have? What data can an admin see? What data can a user see? Storage

  6. Auditing Authentication Authorization Auditing Encryption Clients Administrators Who made which changes and when? Who made which changes and when? Storage

  7. Encryption Authentication Authorization Auditing Encryption Clients Administrators SSL Encryption SSL Encryption File system Encryption Storage

  8. Today - Authorization Authorization Clients What permissions does an App have? What data can a user see?

  9. Authorization

  10. Authorization Features • Database Level Access Control (2.4) • Admin roles – DB, user, cluster • Application roles – reader, reader/writer • Collection Level Access Control (coming soon) • User defined roles • Privileges granted to roles for actions on resources • Database, collection and system resource types • Field Level Access Control (2.5 nightly) • Redact documents and/or fields based on security labels

  11. Field Level Access Control Goals • Restrict access to certain documents within a collection • Restrict access to certain fields within documents • Provide a generic capability to handle different marking schemes • Describe policies in terms of existing MongoDB query languages, or extensions thereof

  12. FLAC Features and Functionality • New $redact aggregation framework phase • Performs a pre-order traversal of the document tree • For each node, the expression conditionally returns one of • "$$KEEP” , "$$PRUNE” or "$$DESCEND” • New query language operators • Sets (⊆, =, ∖, ∩, ∪) • Arrays (any true, all true) • Variables (let, map)

  13. FLAC Features and Functionality (cont.) • Aggregation can return a cursor • Have to use "aggregate" command until 2.5 is feature-complete • Can use the the temporary mongo shell helper db.collection.aggregateCursor() • Aggregation can write directly to another collection • $out phase

  14. Redaction Logic • Expression is evaluated as the nodes in the document are traversed • $$KEEP – inserts the node and the node's children into the output • $$PRUNE – puts no node in the output document, and continues the traversal of the sibling nodes • $$DESCEND – inserts a corresponding node in the output document and continues the traversals of the node's children

  15. Set Operators • $setIsSubset • $setEquals • $setDifference • $setIntersection • $setUnion

  16. Array Operators • $allElementsTrue • $anyElementTrue

  17. Variable Operators • $let • Binds variables for use in sub-expressions • $map • Applies a sub-expression to each item in an array and returns an array with the result of the sub-expression • Available the in $project, $group, and $redact pipeline stages

  18. $let Example { $project: { remaining: { $let : { vars: { tally: 75, count: 50 } , in: { $subtract: [ "$$tally", "$$count" ] } } } } }  { remaining: 25 } Bind the "tally" and "count" variables Evaluate the subexpression defined by the "in" field with the bound variables

  19. $map Example { skews: [ 1, 2, 3 ] } { $project: { adjusted: { $map: { input: "$skews", as: "adj", in: { $add: [ "$$adj", 12 ] } } } } }  { adjusted : [ 13, 14, 15 ] } Use the "skews" field as the input to the $map operation Assign each element in the input array to the "adj" variable Execute expression for each element in the input array

  20. $redact Example { $redact: { $cond: [{ $anyElementTrue: { $map: { input: "$sl", as: "setNeeded", in: { $setIsSubset: ["$$setNeeded", ["A", "B", "D"]] } } } }, "$$DESCEND", "$$PRUNE"] } } Field security labels are in the "sl" field Input labels. IE, these would come from the user's attributes

  21. FLAC Pipeline – Basic Query $redact $match Redaction Expression User Attributes

  22. FLAC Pipeline – Optimized Query $match $redact $match Redaction Expression To make the pipeline more selective, parts of the $match may be promoted by the execution engineor manually.* Don't promote negative queryterms ($ne, $nin, $nor, etc) User Attributes

  23. FLAC Pipeline – Document Level Filters Query $match $redact $match Security Match Expression Redaction Expression Document level accessmay be selective and benefit from index usein the first $match phase User Attributes

  24. Markings Reference Implementation • Field visibility is controlled by the "sl" field • Top level "sl"applies to the whole document • Restrictive markings on a parent field removes it and any children

  25. Markings Reference Implementation { _id: 1, sl: [ ["A", "B"], ["C"] ], field1 : { sl : [ ["A", "B"] ], data : “field1 value” }, field2 : { sl: [ ["C"] ], data : “field2 value” }, field3 : { sl : [ ["A", "C"], ["B", "D"] ], data : “field3 value” } } User needs A&B|Cto see the document User needs A&B to see field1 User needs C to see field2 User needs A&C|B&D to see field3

  26. Markings Reference Implementation { _id: 2, sl: [ ["A", "B", "C"], ["A", "B", "D"] ], field1 : { sl : [ ["A", "B"] ], field2 : { sl : [ ["C"] ], data : "field2 value" }, field3 : { sl : [ ["D"] ], data : "field3 value" } } } User needs A&B&C|A&B&D to see the document User needs A&B to see field1 User needs A&B&C to see field1.field2 User needs A&B&D to see field1.field3

  27. $redact Reference Example { $redact: { $cond: [{ $anyElementTrue: { $map: { input: "$sl", as: "setNeeded", in: { $setIsSubset: ["$$setNeeded", ["A", "B", "D"]] } } } }, "$$DESCEND", "$$PRUNE"] } } Field security labels are in the "sl" field User has labels "A" , "B" and "D"

  28. $redact Output { _id: 1, sl: [ ["A", "B"], ["C"] ], field1 : { sl : [ ["A", "B"] ], data : “field1 value” }, field2 : { sl : [ ["C"] ], data : “field2 value” }, field3 : { sl : [ ["A", "C"], ["B", "D"] ], data : “field3 value” } } { _id: 1, sl: [ ["A", "B"], ["C"] ], field1 : { sl : [ ["A", "B"] ], data : “field1 value” }, field3 : { sl : [ ["A", "C"], ["B", "D"] ], data : “field3 value” } } User labels = ["A", "B", "D"]

  29. $redact Output { _id: 2, sl: [ ["A", "B", "C"], ["A", "B", "D"] ], field1 : { sl : [ ["A", "B"] ], field2 : { sl : [ ["C"] ], data : “field2 value” }, field3 : { sl : [ [“D"] ], data : “field3 value” } } } { _id: 2, sl: [ ["A", "B", "C"], ["A", "B", "D"] ], field1 : { sl : [ ["A", "B"] ], field3 : { sl : [ [“D"] ], data : “field3 value” } } } User labels = ["A", "B", "D"]

  30. FLAC Design – Trusted Middleware Untrusted User/Application Identity Management Trusted Middleware/ Application Collection Query + $redact Trusted user Driver Authenticate Untrusted User Retrieve User Attributes Create query and $redact Expression Authenticate Trusted User Run Query Apply $redact Expression

  31. Disclaimer Statements about future releases, availability dates, and feature content reflect plans only, and MongoDBis under no obligation to include, develop or make available, commercially or otherwise, specific features discussed in a future MongoDB build. Information is provided for general understanding only, and is subject to change at the sole discretion of MongoDBin response to changing market conditions, delivery schedules, customer requirements, and/or other factors.

  32. Integrated FLAC (Conceptual)* • Collection Views • Read-only Views • Parameterized Views • Configurable redaction expression • Document content based on the user attributes and field markings * See Disclaimer

  33. FLAC Design – Views* Untrusted User/Application Identity Management Trusted Middleware/ Application Collection View ($redact) Query + attributes Trusted user Driver Authenticate Untrusted User Retrieve User Attributes Authenticate Trusted User Run Query Create/Apply $redact Expression * See Disclaimer

  34. FLAC Design – Fully Integrated* Untrusted User/Application Identity Management Untrusted Middleware/ Application Collection View ($redact) Query Untrusted user Driver Authenticate Untrusted User Authenticate Untrusted User Retrieve User Attributes Run Query Create/Apply $redact Expression * See Disclaimer

  35. Parameterized View Concept* { $redact: { $cond: [{ $anyElementTrue: { $map: { input: "$sl", as: "setNeeded", in: { $setIsSubset: ["$$setNeeded", "$$USER.security.tags"] } } } }, "$$DESCEND", "$$PRUNE"] } } User labels retrieved from security "context" * See Disclaimer

  36. Other Features* • LDAP Authentication • x.509 Authentication • Keyfile alternative • Auditing (admin functions – DDL, DCL) • User defined roles • Collectionlevel access control * See Disclaimer

  37. Next Steps • Looking for customers to evaluate • Trusted middleware example code

  38. References • http://docs.mongodb.org/manual/release-notes/2.6/ • http://docs.mongodb.org/manual/security/

  39. Thank You James Kerr james.kerr@mongodb.com