Return-Path: X-Original-To: apmail-cassandra-user-archive@www.apache.org Delivered-To: apmail-cassandra-user-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id CCB7718220 for ; Fri, 29 Jan 2016 01:37:43 +0000 (UTC) Received: (qmail 77343 invoked by uid 500); 29 Jan 2016 01:37:35 -0000 Delivered-To: apmail-cassandra-user-archive@cassandra.apache.org Received: (qmail 77297 invoked by uid 500); 29 Jan 2016 01:37:35 -0000 Mailing-List: contact user-help@cassandra.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@cassandra.apache.org Delivered-To: mailing list user@cassandra.apache.org Received: (qmail 77286 invoked by uid 99); 29 Jan 2016 01:37:35 -0000 Received: from Unknown (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 29 Jan 2016 01:37:35 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id 1316618052A for ; Fri, 29 Jan 2016 01:37:35 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 2.899 X-Spam-Level: ** X-Spam-Status: No, score=2.899 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=3, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=disabled Authentication-Results: spamd3-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mx1-us-east.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id 34JLEk3LVhq9 for ; Fri, 29 Jan 2016 01:37:27 +0000 (UTC) Received: from mail-io0-f169.google.com (mail-io0-f169.google.com [209.85.223.169]) by mx1-us-east.apache.org (ASF Mail Server at mx1-us-east.apache.org) with ESMTPS id 7F98342A73 for ; Fri, 29 Jan 2016 01:37:27 +0000 (UTC) Received: by mail-io0-f169.google.com with SMTP id g73so75721276ioe.3 for ; Thu, 28 Jan 2016 17:37:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=99Tc2V7DZb7klMyFOXGh+dBUgRBlHh3EM+nuOIeKFZM=; b=eSfyGKNHr/1Qhqd1xto3OWvsC572d6DpjYbqnt9HEvFd4ZrXmlEtlCueqtXQCrnj3f KQ0xd3YTzK7760E7xiHZYWimmavaOt0N4QKb5hURX7kajE+ARdvbcZHnG0KlF7We2HAV GlDp1oQ4mvxiHA/itjs6fOknhrxKFlZgKIE210Y1B5fxdg1lRMuJTsKjQqMSnCOlVaeJ sn1jR/2Le4LvIHQsHf7bsPkIXXgroamIFLC6WT7CRUcumK9rw1v7uZR1WWLK8MqdsnZX kawgBtKez+LOOGWintOUm/DIRJYnIPcAmLuEclADu8ZiKbfRPwt9yPAs1BUxJnvRax5Y dAlw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:content-type; bh=99Tc2V7DZb7klMyFOXGh+dBUgRBlHh3EM+nuOIeKFZM=; b=gF3xE37k3YMjdVM0ssBlJno/RSl2sgflK+thS8IsW8JolAAeYaan8HUqNOa08HbcXO mvbZ6a/kiWy7GA/arkIYzclEDhj+8qoEB5P21Q3yCy1WZ3+yJIBf1vbjf3CtIUu84rX5 ipTYPeCncHNUpi+qQ0ZKfCjmfRbFLHUCJGpbjdApt67E2PKy8BYr+e8YBMc0WBFBTLzu QA5n3OqkfUoA8jGAtEEk5xqmFKp2D0AY7axgmSpspy5YHIUxKIISyI3k7JpmaNgvBwVt uPh1+MotEJtOLaadTUTEd6n+7S5ZXCbW9qF5qv6BNJXIHR6MOeC4z2UG1PC6tkixp6JG ZmuQ== X-Gm-Message-State: AG10YOQkWkmV1t+nOXOG4Fwihxbb1+OiRT1IQOtZ64QULC+3zRB9Z6JI5FGonQyGsMxH8QijSA9U83joFUytTg== MIME-Version: 1.0 X-Received: by 10.107.165.14 with SMTP id o14mr6916706ioe.49.1454031441372; Thu, 28 Jan 2016 17:37:21 -0800 (PST) Received: by 10.107.168.69 with HTTP; Thu, 28 Jan 2016 17:37:21 -0800 (PST) In-Reply-To: References: Date: Thu, 28 Jan 2016 19:37:21 -0600 Message-ID: Subject: Re: Security labels From: oleg yusim To: user@cassandra.apache.org Content-Type: multipart/alternative; boundary=001a1141f0c68e2bd8052a6f13e6 --001a1141f0c68e2bd8052a6f13e6 Content-Type: text/plain; charset=UTF-8 Patrick, Absolutely. Security label is mechanism of access control, utilized by MAC (mandatory access control) model, and not utilized by DAC (discretionary access control) model, we all are used to. In database content it is illustrated for instance here: http://www.postgresql.org/docs/current/static/sql-security-label.html Now, as per my goals, I'm making a security assessment for Cassandra DB with a goal to produce STIG on this product. That is one of the parameters in database SRG I have to assess against. Thanks, Oleg On Thu, Jan 28, 2016 at 6:32 PM, Patrick McFadin wrote: > Cassandra has support for authentication security, but I'm not familiar > with a security label. Can you describe what you want to do? > > Patrick > > On Thu, Jan 28, 2016 at 2:26 PM, oleg yusim wrote: > >> Greetings, >> >> Does Cassandra support security label concept? If so, where can I read on >> how it should be applied? >> >> Thanks, >> >> Oleg >> > > --001a1141f0c68e2bd8052a6f13e6 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Patrick,

Absolutely. Security label is = mechanism of access control, utilized by MAC (mandatory access control) mod= el, and not utilized by DAC (discretionary access control) model, we all ar= e used to. In database content it is illustrated for instance here:=C2=A0http://www.postgresql.org/docs/current/static/sql-security-label.html<= /a>

Now, as per my goals, I'm making a securit= y assessment for Cassandra DB with a goal to produce STIG on this product. = That is one of the parameters in database SRG I have to assess against.

Thanks,

Oleg

<= /div>

On Thu= , Jan 28, 2016 at 6:32 PM, Patrick McFadin <pmcfadin@gmail.com> wrote:
Cassandra ha= s support for authentication security, but I'm not familiar with a secu= rity label. Can you describe what you want to do?

Patrick
<= div class=3D"HOEnZb">

On Thu, Jan 28, 2016 at 2:26 PM, oleg yusim <olegy= usim@gmail.com> wrote:
Greetings,

Does Cassandra support security = label concept? If so, where can I read on how it should be applied?

Thanks,

Oleg


--001a1141f0c68e2bd8052a6f13e6--