accumulo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ruoti, Scott - 0553 - MITLL" <>
Subject Library for cryptographically securing data stored in Accumulo
Date Wed, 31 May 2017 21:38:29 GMT


Over the past several years, MIT Lincoln Laboratory has been exploring how to protect data
stored in Accumulo from malicious and honest-but-curious system administrators. Currently,
an administrator is free to view any data stored in Accumulo, and can insert, modify, or delete
data at will. To address these threat vectors, we have developed the Proactively-secure Accumulo
with Cryptographic Enforcement (PACE) library. 


The PACE library supports both encrypting and signing records. Encryption is used to ensure
that only users with the appropriate keys (i.e., not the system administrator) can read the
unencrypted context of data stored in Accumulo. Signatures can be used to provide protection
against an administrator spuriously inserting or modifying records.


The PACE library works as a drop-in replacement for the existing Accumulo client-API, allowing
existing code to be secure with only the change of a few lines of code. The PACE library can
be found at This library can be found at All are welcome to
use this library or fork the repository and modify the code for their own use.


At this time, development of PACE at Lincoln Laboratory is complete. In my free time, I will
attempt to address any reported bugs, but I am also interested in identify Accumulo developers
that would like to help maintain this library. Alternatively, I am willing to turn ownership
of this library entirely over to the Accumulo community.


If you have any questions or comments about PACE, feel free to reach out to me.


Thank you,

Scott Ruoti


Dr. Scott Ruoti                             voice:  (781) 981-1551
Technical Staff                             mobile: (801) 300-7013
Secure, Resilient Systems and Technology    e-mail:
Group 53
MIT Lincoln Laboratory


View raw message