This year at RSA, I remember meeting with a vendor who dealt with database security by encrypting the database. I forget the name, but found a open source project – Acra, which I think is a promising product if designed & developed right.
What is Acra?
Acra is an modern, open source and automation friendly database protection suite with selective encryption and a intrusion detection. It protects you against data leaks and many multiple types of typical application threats through strong selective encryption and intrusion detection capabilities.
You do not have to change anything in your current infrastructure. Instead of direct access, simple point your PostgreSQL server to Acra and you are done! All requests to access the data contained in your database are routed through an AcraServer – a network service containing the decryption keys – that decrypts your data, analyzes it to detect suspicious requests and then forwards the response to the application over a secure channel! Consider it as your database proxy. You can choose the data that you would like to protect during database writes. All your data is secured in distributed, microservice environments which are cryptographically compartmentalized and data is stored in large sharded schemes. This ensures that even if your database is compromised, the application does not leak sensitive data, or its decryption keys. It relies on combination of well-known ciphers and smart key management scheme.
Acra architecture looks like this:
Acra was built with specific user experiences in mind:
- Quick & easy integration of security instrumentation.
- Cryptographically protect data in threat model, where all other parts of infrastructure could be compromised, and if AcraServer isn’t, data is safe.
- Proper abstraction of all cryptographic processes: you don’t risk mis-choosing key length or algorithm padding.
- Strong default settings to get you going.
- Intrusion detection to let you know early that something wrong is going on. By informing Acra of a set of queries you’re likely to run on a database, any kind of application flow change, SQL injection, database logic compromise can be detected by matching legitimate query structure against the one being processed.
- High degree of configurability to create perfect balance between extra security features and performance.
- Automation-friendly: Most features were built to be easily configured/automated from configuration automation environment.
- Limited attack surface: To compromise your application, an attacker will need to compromise separate compartmentalized server, AcraServer, more specifically it’s key storage, and the database.
For now, Acra only supports PostgreSQL database on Debian Jessie x86_64, Debian Jessie i686, CentOS 7(1611) x86_64 and CentOS 6.8 i386 operating systems for Python, Ruby, PHP, Go, NodeJS languages.
Download Acra version 0.75 here.