Data Guard: A Fine-grained Purpose-based Access Control System for Large Data Warehouses

TL;DR

Data Guard is a purpose-based access control system for large data warehouses that enforces fine-grained, semantic policies to mask data at various granularities, ensuring compliance while maintaining data utility.

Contribution

It introduces a novel, fine-grained, purpose-based access control system that translates policies into SQL views for data masking in large data warehouses.

Findings

Efficient implementation with minimal performance overhead.

Deployed in LinkedIn's production environment for over 20,000 daily accesses.

Supports masking at row, column, and sub-cell levels for complex data types.

Abstract

The last few years have witnessed a spate of data protection regulations in conjunction with an ever-growing appetite for data usage in large businesses, which presents significant challenges for businesses to maintain compliance. To address this conflict, we present Data Guard - a fine-grained, purpose-based access control system for large data warehouses. Data Guard enables authoring policies based on semantic descriptions of data and purpose of data access. Data Guard then translates these policies into SQL views that mask data from the underlying warehouse tables. At access time, Data Guard ensures compliance by transparently routing each table access to the appropriate data-masking view based on the purpose of the access, thus minimizing the effort of adopting Data Guard in existing applications. Our enforcement solution allows masking data at much finer granularities than what traditional solutions allow. In addition to row and column level data masking, Data Guard can mask data at the sub-cell level for columns with non-atomic data types such as structs, arrays, and maps. This fine-grained masking allows Data Guard to preserve data utility for consumers while ensuring compliance. We implemented a number of performance optimizations to minimize the overhead of data masking operations. We perform numerous experiments to identify the key factors that influence the data masking overhead and demonstrate the efficiency of our implementation. Data Guard is deployed inside LinkedIn's production data warehouses and ensures compliance of more than 20,000 table accesses each day across different data processing engines.