1 Arnab Roy Fujitsu Laboratories of America and CSA Big Data WG 1
2 The Big Data Working Group (BDWG) will be identifying scalable techniques for data-centric security and privacy problems. BDWG s investigation is expected to lead to Crystallization of best practices for security and privacy in big data, Help industry and government on adoption of best practices, Establish liaisons with SDOs to influence big data security and privacy standards Accelerate the adoption of novel research aimed to address security and privacy issues.
3 1: Data analytics for security 2: Privacy preserving/enhancing technologies 3: Big datascale crypto 8: Framework and Taxonomy Big Data Working Group 70+ members 4: Big data Infrastructures' Attack Surface Analysis and Reduction 7: Top 10 6: Legal Issues 5: Policy and Governance https://basecamp.com/ /projects/ big-data-working
4 1) Secure computations in distributed programming frameworks 2) Security best practices for nonrelational datastores 3) Secure data storage and transactions logs 4) End-point input validation/filtering 5) Real time security monitoring 6) Scalable and composable privacypreserving data mining and analytics 7) Cryptographically enforced access control and secure communication 8) Granular access control 9) Granular audits 10) Data provenance 4
5 Infrastructure security Data Privacy Data Management Integrity and Reactive Security Secure Computations in Distributed Programming Frameworks Privacy Preserving Data Mining and Analytics Secure Data Storage and Transaction Logs End-point validation and filtering Security Best Practices for Non-Relational Data Stores Cryptographically Enforced Data Centric Security Granular Audits Real time Security Monitoring Granular Access Control Data Provenance 5
6 Malfunctioning compute worker nodes Trust establishment: initiation, periodic trust update Application Computation Infrastructure Access to sensitive data Mandatory access control Privacy of output information Privacy preserving transformations 6
7 Data from Diverse Appliances and Sensors Lack of stringent authentication and authorization mechanisms Enforcement through middleware layer Passwords should never be held in clear Encrypted data at rest Lack of secure communication between compute nodes Protect communication using SSL/TLS 7
8 Consumer Data Archive Data Confidentiality and Integrity Availability Consistency Collusion Encryption and Signatures Proof of data possession Periodic audit and hash chains Policy based encryption 8
9 Adversary may tamper with device or software Tamper-proof Software Data Poisoning Adversary may clone fake devices Adversary may directly control source of data Trust Certificate and Trusted Devices Analytics to detect outliers Adversary may compromise data in transmission Cryptographic Protocols 9
10 Fraud Detection Security of the infrastructure Security of the monitoring code itself Security of the input sources Adversary may cause data poisoning Discussed before Secure coding practices Discussed before Analytics to detect outliers 10
11 Exploiting vulnerability at host Encryption of data at rest, access control and authorization mechanisms Consumer Data Privacy Insider threat Outsourcing analytics to untrusted partners Unintended leakage through sharing of data Separation of duty principles, clear policy for logging access to datasets Awareness of re-identification issues, differential privacy 11
12 Enforcing access control Identity and Attribute-based encryptions Data Integrity and Privacy Search and filter Outsourcing of computation Encryption techniques supporting search and filter Fully Homomorphic Encryption Integrity of data and preservation of anonymity Group signatures with trusted third parties 12
13 Keeping track of secrecy requirements of individual data elements Pick right level of granularity: row level, column level, cell level Data Privacy Maintaining access labels across analytical transformations At the minimum, conform to lattice of access restrictions. More sophisticated data transforms are being considered in active research Keeping track of roles and authorities of users Authentication, authorization, mandatory access control 13
14 Completeness of audit information Audit of usage, pricing, billing Timely access to audit information Integrity of audit information Authorized access to audit information Infrastructure solutions as discussed before. Scaling of SIEM tools. 14
15 Secure collection of data Authentication techniques Keeping track of ownership of data pricing, audit Consistency of data and metadata Message digests Insider threats Access Control through systems and cryptography 15
Cloud Computing Security Auditing Irfan Gul, Atiq ur Rehman Department of Computer Sciences SZABIST Islamabad, Pakistan email: firstname.lastname@example.org, email@example.com M Hasan Islam Department of Computer
Reducing the Cyber Risk in 10 Critical Areas Information Risk Management Regime Establish a governance framework Enable and support risk management across the organisation. Determine your risk appetite
Securing Big Data Learning and Differences from Cloud Security Samir Saklikar RSA, The Security Division of EMC Session ID: DAS-108 Session Classification: Advanced Agenda Cloud Computing & Big Data Similarities
Institute of Parallel and Distributed Systems University of Stuttgart Universitätsstraße 38 D 70569 Stuttgart Diplomarbeit Nr. 3242 Data security in multi-tenant environments in the cloud Tim Waizenegger
Securing Remote Vendor Access with Privileged Account Security Table of Contents Introduction to privileged remote third-party access 3 Do you know who your remote vendors are? 3 The risk: unmanaged credentials
Securing Microsoft s Cloud Infrastructure This paper introduces the reader to the Online Services Security and Compliance team, a part of the Global Foundation Services division who manages security for
Security Models and Requirements for Healthcare Application Clouds Rui Zhang 1,2 and Ling Liu 1 1. College of Computing, Georgia Institute of Technology, Atlanta, GA, USA 2. School of Computer and Information
Identity and Access Management in Multi-tier Cloud Infrastructure by MohammadSadegh Faraji A thesis submitted in conformity with the requirements for the degree of Master of Science Graduate Department
Session 136 Auditing Cloud Computing and Outsourced Operations Monday, May 7, 2012 3:30 PM 5:00 PM Mike Schiller Director of Sales & Marketing IT, Texas Instruments Co Author, IT Auditing: Using Controls
Clouds on the Horizon Cloud Security in Today s DoD Environment Bill Musson Security Analyst Agenda O Overview of Cloud architectures O Essential characteristics O Cloud service models O Cloud deployment
International Telecommunication Union ITU-T X.1601 TELECOMMUNICATION STANDARDIZATION SECTOR OF ITU (01/2014) SERIES X: DATA NETWORKS, OPEN SSTEM COMMUNICATIONS AND SECURIT Cloud computing Overview of cloud
Top 10 SIEM Implementer s Checklist Operationalizing Information Security Compliments of AccelOps www.accelops.com Table of Contents Executive Summary....................................................................
The Future of Mobile Enterprise Security Gearing Up for Ubiquitous Computing August 2014 795 Folsom Street, 1 st Floor San Francisco, CA 94107 Tel.: 415.685.3392 Fax: 415.373.3892 Contents Introduction...
Xerox Litigation Services In the Cybersecurity Hot Seat: How Law Firms are Optimizing Security While Reducing Cost and Risk Your Highest Priority is also Your Greatest Challenge Data breaches are not just
PCI Quick Reference Guide Understanding the Payment Card Industry Data Security Standard version 1.2 For merchants and organizations that store, process or transmit cardholder data Contents Copyright 2008
FRAUNHOFER RESEARCH INSTITUTION AISEC CLOUD COMPUTING SECURITY PROTECTION GOALS.TAXONOMY.MARKET REVIEW. DR. WERNER STREITBERGER, ANGELIKA RUPPEL 02/2010 Parkring 4 D-85748 Garching b. München Tel.: +49
Mandatory Knowledge Units 1.0 Core2Y 1.1 Basic Data Analysis The intent of this Knowledge Unit is to provide students with basic abilities to manipulate data into meaningful information. 1.1.1 Topics Summary
Mike Davis Risk Management / Cyber Security Consultant, MSEE, CISSP (Virtual CISO) Mike.Davis.SD@gmail.com Cloud & Mobile Security What really matters? -- Clarifying the fog of cyber security UoP CyberCon
Cloud Service Level Agreement Standardisation Guidelines Brussels 24/06/2014 1 Table of Contents Preamble... 4 1. Principles for the development of Service Level Agreement Standards for Cloud Computing...
IBM Connections White Paper September 2014 IBM Connections Cloud Security 2 IBM Connections Cloud Security Contents 3 Introduction 4 Security-rich Infrastructure 6 Policy Enforcement Points Provide Application
AWS Security Best Practices Dob Todorov Yinal Ozkan November 2013 (Please consult http://aws.amazon.com/security for the latest version of this paper) Page 1 of 56 Table of Contents Abstract... 4 Overview...
Lecture Click to add text Infrastructure Security Lead IBM Bluemix team Agenda 2 Overview of Cloud security Different security considerations across different types of cloud Differences against traditional
GOVERNANCE STRATEGIES New Requirements for Security and Compliance Auditing in the Cloud Cloud computing poses new challenges for IT security, compliance, and audit professionals who must protect corporate
Secure, private, and trustworthy: enterprise cloud computing with Force.com WHITE PAPER Contents Abstract... 1 Introduction to security, privacy, and trust... 1 Cloud computing and information security
Data Protection Act 1998 Guidance on the use of cloud computing Contents Overview... 2 Introduction... 2 What is cloud computing?... 3 Definitions... 3 Deployment models... 4 Service models... 5 Layered