Access Control for Distributed Processing Systems: Use Cases and General Considerations

Access control (AC) is critical for preventing sensitive information from unauthorized access. Various AC systems have been proposed and enforced in different types of information systems (e.g., bank and military). However, existing AC systems cannot thoroughly address the challenges in emerging distributed processing systems (DPS), such as Big Data (BD) and Cloud, due to their dynamic and complex architecture. Generally, AC for DPS needs to consider the protection for collaboration among distributed processing domains. Even though some DPS architectures were proposed to address DPS challenges, most of them only focus on processing capabilities without consideration of AC. Even with some inclusion of security in recent DPS, they are mostly ad hoc and patch efforts. In this paper, we analyze the general features and use cases of BD and Cloud, which are two of most widely applied DPS applications, and propose a set of general and comprehensive considerations for AC in DPS, which can provide a guideline for designing AC systems for DPS.

[1]  Bo Luo,et al.  Access control for big data using data content , 2013, 2013 IEEE International Conference on Big Data.

[2]  D. Richard Kuhn,et al.  Attribute-Based Access Control , 2017, Computer.

[3]  Yong Zhao,et al.  Cloud Computing and Grid Computing 360-Degree Compared , 2008, GCE 2008.

[4]  Murat Kantarcioglu,et al.  BigSecret: A Secure Data Management Framework for Key-Value Stores , 2013, 2013 IEEE Sixth International Conference on Cloud Computing.

[5]  Qinghua Li,et al.  Evaluating the capability and performance of access control policy verification tools , 2015, MILCOM 2015 - 2015 IEEE Military Communications Conference.

[6]  Murat Kantarcioglu,et al.  Vigiles: Fine-Grained Access Control for MapReduce Systems , 2014, 2014 IEEE International Congress on Big Data.

[7]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[8]  Dong Kun Noh,et al.  Attribute-Based Access Control with Efficient Revocation in Data Outsourcing Systems , 2011, IEEE Transactions on Parallel and Distributed Systems.

[9]  Cong Wang,et al.  Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing , 2010, 2010 Proceedings IEEE INFOCOM.

[10]  Gail-Joon Ahn,et al.  Towards temporal access control in cloud computing , 2012, 2012 Proceedings IEEE INFOCOM.

[11]  Ting Yu,et al.  SecureMR: A Service Integrity Assurance Framework for MapReduce , 2009, 2009 Annual Computer Security Applications Conference.

[12]  Karen A. Scarfone,et al.  Guidelines for Access Control System Evaluation Metrics , 2012 .

[13]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[14]  Vincent C. Hu,et al.  Verification of Secure Inter-operation Properties in Multi-domain RBAC Systems , 2013, 2013 IEEE Seventh International Conference on Software Security and Reliability Companion.

[15]  Sabrina De Capitani di Vimercati,et al.  Access Control: Policies, Models, and Mechanisms , 2000, FOSAD.

[16]  Xiaohua Jia,et al.  Enabling efficient access control with dynamic policy updating for big data in the cloud , 2014, IEEE INFOCOM 2014 - IEEE Conference on Computer Communications.

[17]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[18]  Walid G. Aref,et al.  A Distributed Access Control Architecture for Cloud Computing , 2012, IEEE Software.

[19]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[20]  Jin Tong,et al.  US Government Cloud Computing Technology Roadmap , 2014 .

[21]  Jörg Schwenk,et al.  Towards an Anonymous Access Control and Accountability Scheme for Cloud Computing , 2010, 2010 IEEE 3rd International Conference on Cloud Computing.

[22]  D. Richard Kuhn,et al.  An Access Control scheme for Big Data processing , 2014, 10th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing.

[23]  Yongji Wang,et al.  C2Detector: a covert channel detection framework in cloud computing , 2014, Secur. Commun. Networks.

[24]  Michael J. Nash,et al.  The Chinese Wall security policy , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.

[25]  Vitaly Shmatikov,et al.  Airavat: Security and Privacy for MapReduce , 2010, NSDI.

[26]  Yong Tang,et al.  Fine-Grained Data Access Control Systems with User Accountability in Cloud Computing , 2010, 2010 IEEE Second International Conference on Cloud Computing Technology and Science.

[27]  Ali Miri,et al.  Using Threshold Attribute-based Encryption for Practical Biometric-based Access Control , 2005, Int. J. Netw. Secur..

[28]  C. Mohan History repeats itself: sensible and NonsenSQL aspects of the NoSQL hoopla , 2013, EDBT '13.