Privacy Aware Access Control for Big Data: A Research Roadmap

Big Data is an emerging phenomenon that is rapidly changing business models and work styles 1. Big Data platforms allow the storage and analysis of high volumes of data with heterogeneous format from different sources. This integrated analysis allows the derivation of properties and correlations among data that can then be used for a variety of purposes, such as making predictions that can profitably affect decision processes. As a matter of fact, nowadays Big Data analytics are generally considered an asset for making business decisions. Big Data platforms have been specifically designed to support advanced form of analytics satisfying strict performance and scalability requirements. However, no proper consideration has been devoted so far to data protection. Indeed, although the analyzed data often include personal and sensitive information, with relevant threats to privacy implied by the analysis, so far Big Data platforms integrate quite basic form of access control, and no support for privacy policies. Although the potential benefits of data analysis are manifold, the lack of proper data protection mechanisms may prevent the adoption of Big Data analytics by several companies. This motivates the fundamental need to integrate privacy and security awareness into Big Data platforms. In this paper, we do a first step to achieve this ambitious goal, discussing research issues related to the definition of a framework that supports the integration of privacy aware access control features into existing Big Data platforms.

[1]  Jadwiga Indulska,et al.  A survey of context modelling and reasoning techniques , 2010, Pervasive Mob. Comput..

[2]  Md. Enamul Kabir,et al.  Conditional Purpose Based Access Control Model for Privacy Protection , 2009, ADC.

[3]  Elisa Bertino,et al.  On practical specification and enforcement of obligations , 2012, CODASPY '12.

[4]  Viktor Mayer-Schnberger,et al.  Big Data: A Revolution That Will Transform How We Live, Work, and Think , 2013 .

[5]  Elena Ferrari,et al.  Efficient Enforcement of Action-Aware Purpose-Based Access Control within Relational Database Management Systems , 2015, IEEE Transactions on Knowledge and Data Engineering.

[6]  Devdatta Kulkarni,et al.  A fine-grained access control model for key-value systems , 2013, CODASPY.

[7]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[8]  S. Sudarshan,et al.  Extending query rewriting techniques for fine-grained access control , 2004, SIGMOD '04.

[9]  ChengXueqi,et al.  Significance and Challenges of Big Data Research , 2015 .

[10]  Benjamin W. Wah,et al.  Significance and Challenges of Big Data Research , 2015, Big Data Res..

[11]  Elisa Bertino,et al.  A Role-Involved Conditional Purpose-Based Access Control Model , 2010, EGES/GISP.

[12]  Elena Ferrari,et al.  Complementing MongoDB with Advanced Access Control Features: Concepts and Research Challenges , 2015, SEBD.

[13]  Yadira Espinal Viktor Mayer-Schonberger and Kenneth Cukier, Big Data: A Revolution That Will Transform How We Live, Work and Think , 2013 .

[14]  Murat Kantarcioglu,et al.  GuardMR: Fine-grained Security Policy Enforcement for MapReduce Systems , 2015, AsiaCCS.

[15]  Catherine Mulligan,et al.  From Machine-to-Machine to the Internet of Things - Introduction to a New Age of Intelligence , 2014 .

[16]  J. Manyika Big data: The next frontier for innovation, competition, and productivity , 2011 .

[17]  Motahera Shermin,et al.  An Access Control Model for NoSQL Databases , 2013 .

[18]  Ehud Gudes,et al.  Security Issues in NoSQL Databases , 2011, 2011IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications.

[19]  Murtaza Haider,et al.  Beyond the hype: Big data concepts, methods, and analytics , 2015, Int. J. Inf. Manag..

[20]  Jorge Lobo,et al.  Privacy-Aware Role-Based Access Control , 2007, IEEE Security & Privacy.

[21]  Jorge Lobo,et al.  Conditional Privacy-Aware Role Based Access Control , 2007, ESORICS.

[22]  Elena Ferrari,et al.  Enforcing Obligations within RelationalDatabase Management Systems , 2014, IEEE Transactions on Dependable and Secure Computing.

[23]  Elisa Bertino,et al.  GEO-RBAC: a spatially aware RBAC , 2005, SACMAT '05.

[24]  E. Ferrari,et al.  Trust negotiations: concepts, systems, and languages , 2004, Computing in Science & Engineering.

[25]  Murat Kantarcioglu,et al.  Vigiles: Fine-Grained Access Control for MapReduce Systems , 2014, 2014 IEEE International Congress on Big Data.

[26]  Elena Ferrari,et al.  Enforcement of Purpose Based Access Control within Relational Database Management Systems , 2014, IEEE Transactions on Knowledge and Data Engineering.

[27]  Katharine Armstrong,et al.  Big data: a revolution that will transform how we live, work, and think , 2014 .

[28]  Edmon Begoli,et al.  A short survey on the state of the art in architectures and platforms for large scale data analysis and knowledge discovery from data , 2012, WICSA/ECSA Companion Volume.

[29]  Jun Gu,et al.  Dynamic Purpose-Based Access Control , 2008, 2008 IEEE International Symposium on Parallel and Distributed Processing with Applications.

[30]  Elisa Bertino,et al.  Context-Based Access Control Systems for Mobile Devices , 2015, IEEE Transactions on Dependable and Secure Computing.

[31]  Saikat Guha,et al.  Bootstrapping Privacy Compliance in Big Data Systems , 2014, 2014 IEEE Symposium on Security and Privacy.

[32]  Ninghui Li,et al.  Purpose based access control for privacy protection in relational database systems , 2008, The VLDB Journal.

[33]  Jorge Lobo,et al.  An obligation model bridging access control policies and privacy policies , 2008, SACMAT '08.

[34]  Elisa Bertino,et al.  Privacy-Preserving Database Systems , 2005, FOSAD.

[35]  Elisa Bertino,et al.  Formal foundations for hybrid hierarchies in GTRBAC , 2008, TSEC.