Does Apache Cassandra provide measurements that can be taken to prevent data vandalization (malicious nodes)?

Question

We're working on a big school project with twenty people. The case is a decentralized anonymous chatting platform. So we're not allowed to set up a central server, therefore we were looking into distributed databases and found Cassandra to best fit in our project.

This means that everybody who is running the application will also be a Cassandra node. This rises many concerns for me, mainly malicious nodes. If everybody runs a Cassandra node on their computer how can we prevent them from manipulation/vandalizing or even just straight up deleting data?

I was doing some research and I'm starting to conclude that Cassandra (and other distributed databases I looked into) are meant for corporate solutions where the company owns, runs and maintains the databases. This is not true in our case, because as soon as the application launches there won't be an "owner". Every user is equally part of the system.

I know one (or maybe the only) way to prevent malicious node in a decentralized/distributed system is to have nodes keep each other in check. I found no way to do this in Cassandra thus my question, can we prevent data vandalism and malicious node from being a threat?

Answer 1

As you mentioned, the design of Cassandra assumes that you'll have control of all the nodes, as once that any third party has access to a copy of your data, you lose control of what they can do with it, similar to any post in the internet.

One option to ensure that only "authorized nodes" are joining the cluster, you can enforce SSL internode encryption which can give you some control, but there are some caveats:

• if a node goes rogue or is compromised after it was given access, it will be very difficult to kick it out.
• a node that is using an expired certificate will be able to continue interacting with the cluster until the service gets restarted.
• administration of SSL certificates adds another layer of complexity for administration.

Regarding the statement I know one (or maybe the only) way to prevent malicious node in a decentralized/distributed system is to have nodes keep each other in check. Cassandra is already using a gossip mechanism to keep each of the nodes in check with the others.