[jira] [Commented] (HDFS-6134) Transparent data at rest encryption

Tue, 24 Jun 2014 10:01:58 -0700 

    [ 
https://issues.apache.org/jira/browse/HDFS-6134?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14042366#comment-14042366
 ] 

Owen O'Malley commented on HDFS-6134:
-------------------------------------

I'm still -1 to adding this to HDFS. Having a layered file system is a much 
cleaner approach. 

Issues:
* The user needs to be able move, copy, and distribute the directories without 
the key. I should be able to set up a falcon or oozie job that copies 
directories where the user doing the copy has *NO* potential access to the key 
material. This is a critical security constraint.
* A critical use case for encryption is when hdfs admins should not have access 
to the contents of some files. Encryption is the only way to implement that 
since the hdfs admins always have file permissions to both the hdfs files and 
the underlying block files.
* We shouldn't change the filesystem API to deal with encryption, because we 
have a solution that doesn't require the change and will be far less confusing 
to users. In particular, we shouldn't add hacks to read/write unencrypted bytes 
to HDFS.
* Each file needs to record the key version and original IV as written up in 
the CFS design document. The IV should be incremented for each block, but must 
start at a random number. As Alejandro pointed out this is required for strong 
security.

> Transparent data at rest encryption
> -----------------------------------
>
>                 Key: HDFS-6134
>                 URL: https://issues.apache.org/jira/browse/HDFS-6134
>             Project: Hadoop HDFS
>          Issue Type: New Feature
>          Components: security
>    Affects Versions: 2.3.0
>            Reporter: Alejandro Abdelnur
>            Assignee: Alejandro Abdelnur
>         Attachments: HDFSDataatRestEncryptionProposal_obsolete.pdf, 
> HDFSEncryptionConceptualDesignProposal-2014-06-20.pdf
>
>
> Because of privacy and security regulations, for many industries, sensitive 
> data at rest must be in encrypted form. For example: the health­care industry 
> (HIPAA regulations), the card payment industry (PCI DSS regulations) or the 
> US government (FISMA regulations).
> This JIRA aims to provide a mechanism to encrypt HDFS data at rest that can 
> be used transparently by any application accessing HDFS via Hadoop Filesystem 
> Java API, Hadoop libhdfs C library, or WebHDFS REST API.
> The resulting implementation should be able to be used in compliance with 
> different regulation requirements.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to