Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content
Springer Nature Link
Log in

Big Security for Big Data: Addressing Security Challenges for the Big Data Infrastructure

  • Conference paper
  • First Online:
Secure Data Management (SDM 2013)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 8425))

Included in the following conference series:

Abstract

Big Data technologies are changing the traditional technology domains and their successful use will require new security models and new security design approaches to address emerging security challenges. This paper intends to provide initial analysis of the security issues and challenges in Big Data and map new challenges and problems to the traditional security domains and technologies. The paper starts with the Big Data definition and discusses the features that impact the most the Big Data security, such as Veracity, Volume, Variety, and dynamicity. The paper analyses the paradigm change and new challenges to Big Data security. The paper refers to the generic Scientific Data Infrastructure (SDI) model and discusses security services related to the proposed Federated Access and Delivery Infrastructure (FADI) that serves as an integration layer for potentially multi-provider multi-domain federated project oriented services infrastructure. The paper provides suggestions for practical implementation of such important security infrastructure components as federated access control and identity management, fine-grained data-centric access control policies, and the Dynamic Infrastructure Trust Bootstrap Protocol (DITBP) that allows deploying trusted remote virtualised data processing environment. The paper refers to the past and ongoing project experience by authors and discusses how this experience can be consolidated to address new Big Data security challenges identified in this paper.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Global Research Data Infrastructures: Towards a 10-year vision for global research data infrastructures. Final Roadmap, March 2012. http://www.grdi2020.eu/Repository/FileScaricati/6bdc07fb-b21d-4b90-81d4-d909fdb96b87.pdf

  2. Reflections on Big Data, Data Science and Related Subjects: Blog by Irving Wladawsky-Berger. http://blog.irvingwb.com/blog/2013/01/reflections-on-big-data-data-science-and-related-subjects.html

  3. Roundup of Big Data Pundits’ Predictions for 2013. Blog post by David Pittman. 18 Jan 2013. http://www.ibmbigdatahub.com/blog/roundup-big-data-pundits-predictions-2013

  4. NIST Big Data Working Group (NBD-WG). http://bigdatawg.nist.gov/home.php/

  5. Demchenko, Y., Zhao, Z., Grosso, P., Wibisono, A., de Laat, C.: Addressing big data challenges for scientific data infrastructure. In: The 4th IEEE Conference on Cloud Computing Technologies and Science (CloudCom2012), Taipei, 3–6 Dec 2012

    Google Scholar 

  6. Demchenko, Y., Membrey, P., Grosso, P., de Laat, C.: Addressing big data issues in scientific data infrastructure. In: First International Symposium on Big Data and Data Analytics in Collaboration (BDDAC 2013). Proceeding. The 2013 International Conference on Collaboration Technologies and Systems (CTS 2013), San Diego, 20–24 May 2013

    Google Scholar 

  7. The Forrester Wave: Big Data Predictive Analytics Solutions: Q1 2013. Mike Gualtieri, 31 Jan 2013. http://www.forrester.com/pimages/rws/reprints/document/85601/oid/1-LTEQDI

  8. Dumbill, E.: What is big data? An introduction to the big data landscape. http://strata.oreilly.com/2012/01/what-is-big-data.html

  9. The 3Vs that define Big Data. Posted by Diya Soubra on 5 July 2012. http://www.datasciencecentral.com/forum/topics/the-3vs-that-define-big-data

  10. IDG IDC’s Latest Digital Data Study: A Deep Dive, Blogpost by Mary Ludloff. http://blog.patternbuilders.com/2011/07/08/idcs-latest-digital-data-study-deep-dive/

  11. The Big Data Long Tail. Blog post by Jason Bloomberg on 17 Jan 2013. http://www.devx.com/blog/the-big-data-long-tail.html

  12. The Fourth Paradigm: Data-Intensive Scientific Discovery. Hey, T., Tansley, S., Tolle, K. (eds.) Microsoft Corporation, Oct 2009. ISBN: 978-0-9825442-0-4. http://research.microsoft.com/en-us/collaboration/fourthparadigm/

  13. NIST Big Data Workshop, 13–14 June 2012. http://www.nist.gov/itl/ssd/is/big-data.cfm

  14. CSA Big Data Working Group. https://cloudsecurityalliance.org/research/big-data/

  15. Expanded Top Ten Big Data Security and Privacy Challenges. CSA Report, 16 June 2013. https://downloads.cloudsecurityalliance.org/initiatives/bdwg/Expanded_Top_Ten_Big_Data_Security_and_Privacy_Challenges.pdf

  16. Peisert, S., Talbot, E., Bishop, M.: Turtles all the way down: a clean-slate, ground-up, first-principles approach to secure systems. In: Proceedings of the 2012 Workshop on New Security Paradigms, NSPW ’12. ACM, New York (2012)

    Google Scholar 

  17. Bratus, S., Locasto, M., Ramaswamy, A., Smith, S.: VM-based security overkill: a lament for applied systems security research. In: Proceedings of the 2010 Workshop on New Security Paradigms, NSPW ’10. ACM, New York (2010)

    Google Scholar 

  18. Morton, A., Sasse, A.: Privacy is a process, not a pet: a theory for effective privacy practice. In: Proceeding NSPW ’12 Proceedings of the 2012 Workshop on New Security Paradigms. ACM, New York (2012). ISBN: 978-1-4503-1794-8

    Google Scholar 

  19. Deng, M., Nalin, M., Petković, M., Baroni, I., Marco, A.: Towards trustworthy health platform cloud. In: Jonker, W., Petković, M. (eds.) SDM 2012. LNCS, vol. 7482, pp. 162–175. Springer, Heidelberg (2012)

    Google Scholar 

  20. Bienvenu, M., Deutch, D., Suchanek, F.M.: Provenance for Web 2.0 data. In: Jonker, W., Petković, M. (eds.) SDM 2012. LNCS, vol. 7482, pp. 148–155. Springer, Heidelberg (2012)

    Google Scholar 

  21. Demchenko, Y., de Laat, C., Koeroo, O., Groep, D.: Re-thinking grid security architecture. In: Proceedings of IEEE 4th Science 2008 Conference, pp. 79–86. IEEE Computer Society Publishing, Indianapolis, 7–12 Dec 2008. ISBN: 978-0-7695-3535-7

    Google Scholar 

  22. Demchenko, Y., Ngo, C., de Laat, C., Wlodarczyk, T., Rong, C., Ziegler, W.: Security infrastructure for on-demand provisioned cloud infrastructure services. In: Proceedings of 3rd IEEE Conference on Cloud Computing Technologies and Science (CloudCom2011), 29 Nov–1 Dec 2011, Athens, Greece, ISBN: 978-0-7695-4622-3

    Google Scholar 

  23. Oracle Fusion Middleware Security Guide: Overview Java Security Models. http://docs.oracle.com/cd/E12839_01/core.1111/e10043/introjps.htm

  24. Hypervisors, virtualization, and the cloud: learn about hypervisors, system virtualization, and how it works in a cloud environment. By Bhanu P. Tholeti, IBM. http://www.ibm.com/developerworks/cloud/library/cl-hypervisorcompare/

  25. Prins, C.: When personal data, behavior and virtual identities become a commodity: would a property rights approach matter? J. Law Technol. Soc. 3(4) (2006). http://www2.law.ed.ac.uk/ahrc/script-ed/vol3-4/prins.pdf (SCRIPT-ed)

  26. RFC6749: The OAuth 2.0 authorization framework. http://tools.ietf.org/html/rfc6749

  27. European Union: A study on authentication and authorisation platforms for scientific resources in Europe. European Commission, Brussels 2012. Final Report. Contributing author. Internal identification SMART-Nr 2011/0056. http://cordis.europa.eu/fp7/ict/e-infrastructure/docs/aaa-study-final-report.pdf

  28. Data Lifecycle Models and Concepts. http://wgiss.ceos.org/dsig/whitepapers/Data%20Lifecycle%20Models%20and%20Concepts%20v8.docx

  29. Koopa, D., et al.: A provenance-based infrastructure to support the life cycle of executable papers. In: International Conference on Computational Science, ICCS 2011. http://vgc.poly.edu/~juliana/pub/vistrails-executable-paper.pdf

  30. Open access: opportunities and challenges. European Commission for UNESCO. http://ec.europa.eu/research/science-society/document_library/pdf_06/open-access-handbook_en.pdf

  31. OpenAIR – Open access infrastructure for research in Europe. http://www.openaire.eu/

  32. Open Researcher and Contributor ID. http://about.orcid.org/

  33. Demchenko, Y., Lopez, D.R., Garcia Espin, J.A., de Laat, C.: Security services lifecycle management in on-demand infrastructure services provisioning. International Workshop on Cloud Privacy, Security, Risk and Trust (CPSRT 2010). In: 2nd IEEE International Conference on Cloud Computing Technology and Science (CloudCom2010), Indianapolis, 30 Nov–3 Dec 2010

    Google Scholar 

  34. Demchenko, Y., Makkes, M., Strijkers, R., Ngo, C., de Laat, C.: Intercloud architecture framework for heterogeneous multi-provider cloud based infrastructure services provisioning. Int. J. Next-Gener. Comput. (IJNGC) 4(2) (2013)

    Google Scholar 

  35. Makkes, M., Ngo, C., Demchenko, Y., Strijkers, R., Meijer, R., de Laat, C.: Defining intercloud federation framework for multi-provider cloud services integration. In: The 4th International Conference on Cloud Computing, GRIDs, and Virtualization (CLOUD COMPUTING 2013), Valencia, Spain, 27 May–1 June 2013

    Google Scholar 

  36. eduGAIN - Federated access to network services and applications. http://www.edugain.org

  37. Ngo, C., Membrey, P., Demchenko, Y., De Laat, C.: Policy and context management in dynamically provisioned access control service for virtualized cloud infrastructures. In: 2012 7th International Conference on Availability, Reliability and Security (ARES), pp. 343–349, 20–24 Aug 2012

    Google Scholar 

  38. Ngo, C., Demchenko, Y., de Laat, C.: Toward a dynamic trust establishment approach for multi-provider intercloud environment. In: Proceedings of 2012 IEEE 4th International Conference on Cloud Computing Technology and Science (CloudCom), pp. 532–538, 3–6 Dec 2012

    Google Scholar 

  39. Demchenko, Y., Gommans, L., de Laat, C.: Using SAML and XACML for complex resource provisioning in grid based applications. In: Proceedings of IEEE Workshop on Policies for Distributed Systems and Networks (POLICY 2007), Bologna, Italy, 13–15 June 2007

    Google Scholar 

  40. Demchenko, Y., Cristea, M., de Laat, C.: XACML Policy profile for multidomain Network Resource Provisioning and supporting authorisation infrastructure. In: IEEE International Symposium on Policies for Distributed Systems and Networks (POLICY 2009), London, UK, 20–22 July 2009

    Google Scholar 

  41. Ngo, C., Makkes, M., Demchenko, Y., de Laat, C.: Multi-data-types interval decision diagrams for XACML evaluation engine. In: 11th International Conference on Privacy, Security and Trust 2013 (PST 2013), 10–12 July 2013 (to be published)

    Google Scholar 

  42. MongoDB. http://www.mongodb.org/

  43. Apache Cassandra. http://cassandra.apache.org/

  44. Apache Accumulo. http://accumulo.apache.org/

  45. Goyal, V., Pandeyy, O., Sahaiz, A., Waters, B.: Attribute-based encryption for fine-grained access control of encrypted data. In: Proceedings of the 13th ACM Conference on Computer and Communications Security, CCS ’06. http://research.microsoft.com/en-us/um/people/vipul/abe.pdf

  46. Chase, M.: Multi-authority attribute based encryption. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 515–534. Springer, Heidelberg (2007). http://cs.brown.edu/~mchase/papers/multiabe.pdf

    Google Scholar 

  47. Demchenko, Y., Gommans, L., de Laat, C.: Extending user-controlled security domain with TPM/TCG in grid-based virtual collaborative environment. In: Proceedings The 2007 International Symposium on Collaborative Technologies and Systems (CTS 2007), pp. 57–65, Orlando, 21–25 May 2007. ISBN: 0-9785699-1-1

    Google Scholar 

  48. Membrey, P., Chan, K.C.C., Ngo, C., Demchenko, Y., de Laat, C.: Trusted virtual infrastructure bootstrapping for on demand services. In: The 7th International Conference on Availability, Reliability and Security (AReS 2012), Prague, 20–24 Aug 2012. ISBN: 978-0-7695-4775-6

    Google Scholar 

  49. Yahalom, R., Klein, B., Beth, T.: Trust relationships in secure systems-a distributed authentication perspective. In: Proceedings of the 1993 IEEE Computer Society Symposium on Research in Security and Privacy, pp. 150–164. IEEE (1993)

    Google Scholar 

  50. Brickell, E., Camenisch, J., Chen, L.: Direct anonymous attestation. In: Proceedings of the 11th ACM Conference on Trust and Security in Computer Systems (2004). http://portal.acm.org/citation.cfm?id=1030083.1030103

  51. Research Data Alliance (RDA). http://rd-alliance.org/

Download references

Author information

Authors and Affiliations

  1. University of Amsterdam, Amsterdam, The Netherlands

    Yuri Demchenko, Canh Ngo & Cees de Laat

  2. Hong Kong Polytechnic University, Hong Kong, China

    Peter Membrey

  3. Inoitech S.a.r.l., Luxembourg, Luxembourg

    Daniil Gordijenko

Authors
  1. Yuri Demchenko
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Canh Ngo
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Cees de Laat
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Peter Membrey
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Daniil Gordijenko
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yuri Demchenko .

Editor information

Editors and Affiliations

  1. EIT ICT Labs/University of Twente, Enschede, The Netherlands

    Willem Jonker

  2. Philips Research/Eindhoven University of Technology, Eindhoven, The Netherlands

    Milan Petković

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Demchenko, Y., Ngo, C., de Laat, C., Membrey, P., Gordijenko, D. (2014). Big Security for Big Data: Addressing Security Challenges for the Big Data Infrastructure. In: Jonker, W., Petković, M. (eds) Secure Data Management. SDM 2013. Lecture Notes in Computer Science(), vol 8425. Springer, Cham. https://doi.org/10.1007/978-3-319-06811-4_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-06811-4_13

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-06810-7

  • Online ISBN: 978-3-319-06811-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation