Big Security for Big Data: Addressing Security Challenges for the Big Data Infrastructure

Big Data technologies are changing the traditional technology domains and their successful use will require new security models and new security design approaches to address emerging security challenges. This paper intends to provide initial analysis of the security issues and challenges in Big Data and map new challenges and problems to the traditional security domains and technologies. The paper starts with the Big Data definition and discusses the features that impact the most the Big Data security, such as Veracity, Volume, Variety, and dynamicity. The paper analyses the paradigm change and new challenges to Big Data security. The paper refers to the generic Scientific Data Infrastructure SDI model and discusses security services related to the proposed Federated Access and Delivery Infrastructure FADI that serves as an integration layer for potentially multi-provider multi-domain federated project oriented services infrastructure. The paper provides suggestions for practical implementation of such important security infrastructure components as federated access control and identity management, fine-grained data-centric access control policies, and the Dynamic Infrastructure Trust Bootstrap Protocol DITBP that allows deploying trusted remote virtualised data processing environment. The paper refers to the past and ongoing project experience by authors and discusses how this experience can be consolidated to address new Big Data security challenges identified in this paper.

[1]  J.E.J. Prins,et al.  When Personal Data, Behaviour and Virtual Identities Become a Commodity : Would a Property Rights Approach Matter? , 2006 .

[2]  Cees T. A. M. de Laat,et al.  Multi-data-types interval decision diagrams for XACML evaluation engine , 2013, 2013 Eleventh Annual Conference on Privacy, Security and Trust.

[3]  Cees T. A. M. de Laat,et al.  XACML Policy Profile for Multidomain Network Resource Provisioning and Supporting Authorisation Infrastructure , 2009, 2009 IEEE International Symposium on Policies for Distributed Systems and Networks.

[4]  Yuri Demchenko,et al.  Defining Intercloud Federation Framework for Multi-provider Cloud Services Integration , 2013, CLOUD 2013.

[5]  Leon Gommans,et al.  Extending user-controlled security domain with TPM/TCG in Grid-based virtual collaborative environment , 2007, 2007 International Symposium on Collaborative Technologies and Systems.

[6]  Cees T. A. M. de Laat,et al.  Intercloud Architecture Framework for Heterogeneous Multi-Provider Cloud based Infrastructure Services Provisioning , 2013, Int. J. Next Gener. Comput..

[7]  Tony Hey,et al.  The Fourth Paradigm: Data-Intensive Scientific Discovery , 2009 .

[8]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[9]  Cees T. A. M. de Laat,et al.  Addressing Big Data challenges for Scientific Data Infrastructure , 2012, 4th IEEE International Conference on Cloud Computing Technology and Science Proceedings.

[10]  M. Angela Sasse,et al.  Privacy is a process, not a PET: a theory for effective privacy practice , 2012, NSPW '12.

[11]  Daniel Deutch,et al.  Provenance for Web 2.0 Data , 2012, Secure Data Management.

[12]  Cees T. A. M. de Laat,et al.  Security Services Lifecycle Management in On-Demand Infrastructure Services Provisioning , 2010, 2010 IEEE Second International Conference on Cloud Computing Technology and Science.

[13]  Ernest F. Brickell,et al.  Direct anonymous attestation , 2004, CCS '04.

[14]  Wolfgang Ziegler,et al.  Security Infrastructure for On-demand Provisioned Cloud Infrastructure Services , 2011, 2011 IEEE Third International Conference on Cloud Computing Technology and Science.

[15]  Cees T. A. M. de Laat,et al.  Re-thinking Grid Security Architecture , 2008, 2008 IEEE Fourth International Conference on eScience.

[16]  Cees T. A. M. de Laat,et al.  Toward a Dynamic Trust Establishment approach for multi-provider Intercloud environment , 2012, 4th IEEE International Conference on Cloud Computing Technology and Science Proceedings.

[17]  Philippe Bonnet,et al.  A Provenance-Based Infrastructure to Support the Life Cycle of Executable Papers , 2011, ICCS.

[18]  Matt Bishop,et al.  Turtles all the way down: a clean-slate, ground-up, first-principles approach to secure systems , 2012, NSPW '12.

[19]  Cees T. A. M. de Laat,et al.  Addressing big data issues in Scientific Data Infrastructure , 2013, 2013 International Conference on Collaboration Technologies and Systems (CTS).

[20]  L. Florio,et al.  Advancing technologies and federating communities: a study on authentication and authorisation platforms for scientific resources in Europe , 2012 .

[21]  Dick Hardt,et al.  The OAuth 2.0 Authorization Framework , 2012, RFC.

[22]  Milan Petkovic,et al.  Towards Trustworthy Health Platform Cloud , 2012, Secure Data Management.

[23]  Leon Gommans,et al.  Using SAML and XACML for Complex Resource Provisioning in Grid Based Applications , 2007, Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07).

[24]  Sergey Bratus,et al.  VM-based security overkill: a lament for applied systems security research , 2010, NSPW '10.

[25]  Cees T. A. M. de Laat,et al.  Trusted Virtual Infrastructure Bootstrapping for On Demand Services , 2012, 2012 Seventh International Conference on Availability, Reliability and Security.

[26]  Thomas Beth,et al.  Trust relationships in secure systems-a distributed authentication perspective , 1993, Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy.

[27]  Cees T. A. M. de Laat,et al.  Policy and Context Management in Dynamically Provisioned Access Control Service for Virtualized Cloud Infrastructures , 2012, 2012 Seventh International Conference on Availability, Reliability and Security.

[28]  Cees T. A. M. de Laat,et al.  Intercloud Architecture Framework for Heterogeneous Cloud Based Infrastructure Services Provisioning On-Demand , 2013, 2013 27th International Conference on Advanced Information Networking and Applications Workshops.

[29]  Melissa Chase,et al.  Multi-authority Attribute Based Encryption , 2007, TCC.