Moderator: Panelists: Panel #2 Big Data: Application Security and Privacy. Keith Swenson, VP of Research and Development, Fujitsu America, Inc.

Similar documents
Arnab Roy Fujitsu Laboratories of America and CSA Big Data WG

Top Ten Security and Privacy Challenges for Big Data and Smartgrids. Arnab Roy Fujitsu Laboratories of America

Arnab Roy Fujitsu Laboratories of America and CSA Big Data WG

NIST Big Data Public Working Group

Security Management of Cloud-Native Applications. Presented By: Rohit Sharma MSc in Dependable Software Systems (DESEM)

A Study on Security and Privacy in Big Data Processing

APIs The Next Hacker Target Or a Business and Security Opportunity?

Cloud Security Overview

Top Ten Big Data Security and Privacy Challenges

Cloud Data Security. Sol Cates

Organizational Impact of Big Data on Privacy & Security

Big Data, Big Risk, Big Rewards. Hussein Syed

AWS Security. Security is Job Zero! CJ Moses Deputy Chief Information Security Officer. AWS Gov Cloud Summit II

Simone Brunozzi, AWS Technology Evangelist, APAC. Fortress in the Cloud

Analyzing HTTP/HTTPS Traffic Logs

SECURITY CONCERNS AND SOLUTIONS FOR CLOUD COMPUTING

Mobile Application Threat Analysis

FISMA / NIST REVISION 3 COMPLIANCE

全 球 資 安 剖 析, 您 做 確 實 了 嗎? Albert Yung Barracuda Networks

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

Where every interaction matters.

Cloud Computing. Lecture 24 Cloud Platform Comparison

Thick Client Application Security

Security Issues In Cloud Computing And Their Solutions

Client Overview. Engagement Situation. Key Requirements

Security Infrastructure for Trusted Offloading in Mobile Cloud Computing

Embedded Java & Secure Element for high security in IoT systems

Enterprise Security Solutions

Sitefinity Security and Best Practices

SMS. Cloud Computing. Systems Management Specialists. Grupo SMS option 3 for sales

Network Security. Tampere Seminar 23rd October Overview Switch Security Firewalls Conclusion

Developing Secure Software in the Age of Advanced Persistent Threats

Protect the data that drives our customers business. Data Security. Imperva s mission is simple:

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Microsoft Big Data Solutions. Anar Taghiyev P-TSP

CLOUD COMPUTING. DAV University, Jalandhar, Punjab, India. DAV University, Jalandhar, Punjab, India

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense

Cloud S ecurity Security Processes & Practices Jinesh Varia

Securing sensitive data at Rest ProtectFile, ProtectDb and ProtectV. Nadav Elkabets Presale Consultant

Taxonomic Modeling of Security Threats in Software Defined Networking

Big Data Trust and Reputation, Privacy Cyber Threat Intelligence

Data Protection: From PKI to Virtualization & Cloud

NETASQ & PCI DSS. Is NETASQ compatible with PCI DSS? NG Firewall version 9

Malicious Network Traffic Analysis

DISTRIBUTED SYSTEMS [COMP9243] Lecture 9a: Cloud Computing WHAT IS CLOUD COMPUTING? 2

Security Testing & Load Testing for Online Document Management system

319 MANAGED HOSTING TECHNICAL DETAILS

Product Overview. Product Family. Product Features. Powerful intrusion detection and monitoring capacity

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP

SECURITY AND REGULATORY COMPLIANCE OVERVIEW

Cloud Security Introduction and Overview

Someone may be manipulating information in your organization. - and you may never know about it!

Passing PCI Compliance How to Address the Application Security Mandates

Data-Centric security and HP NonStop-centric ecosystems. Andrew Price, XYPRO Technology Corporation Mark Bower, Voltage Security

Big Data-ready, Secure & Sovereign Cloud

White Paper. Sarbanes Oxley and iseries Security, Audit and Compliance

Locking down a Hitachi ID Suite server

Bloombase StoreSafe Security Best Practice

How does IBM deliver cloud security? An IBM paper covering SmartCloud Services 1

What is Web Security? Motivation

A Systems Engineering Approach to Developing Cyber Security Professionals

Securing SaaS Applications: A Cloud Security Perspective for Application Providers

Web Application Security. Radovan Gibala Senior Field Systems Engineer F5 Networks

2013 AWS Worldwide Public Sector Summit Washington, D.C.

SECURITY AND REGULATORY COMPLIANCE OVERVIEW

Secure Code Development

Public Cloud Security: Surviving in a Hostile Multitenant Environment

NoSQL Database Systems and their Security Challenges

How To Manage Security On A Networked Computer System

IINS Implementing Cisco Network Security 3.0 (IINS)

A New Era of Cybersecurity Neil Mohammed, Sales Engineer

1.1.1 Introduction to Cloud Computing

Network Security: A Practical Approach. Jan L. Harrington

Compliance & Data Protection in the Big Data Age - MongoDB Security Architecture

Incident Reporting Guidelines for Constituents (Public)

The Need for Real-Time Database Monitoring, Auditing and Intrusion Prevention

Information Security in Big Data using Encryption and Decryption

KAIST Cyber Security Research Center SAR(Security Analysis Report) Date. August 31, Modified

Basic & Advanced Administration for Citrix NetScaler 9.2

E-commerce. Security. Learning objectives. Internet Security Issues: Overview. Managing Risk-1. Managing Risk-2. Computer Security Classifications

Unified Batch & Stream Processing Platform

The Cyber Threat Profiler

New IBM Security Scanning Software Protects Businesses From Hackers

Introduction to Software Defined Networking (SDN) and how it will change the inside of your DataCentre

Transcription:

Panel #2 Big Data: Application Security and Privacy 2:15 PM 3:00 PM Moderator: Keith Swenson, VP of Research and Development, Fujitsu America, Inc. Panelists: Taka Matsutsuka, Researcher, Fujitsu Laboratories of Europe, Ltd. Praveen Murthy, Member of Research Staff, Fujitsu Laboratories of America, Inc. Arnab Roy, Member of Research Staff, Fujitsu Laboratories of America, Inc. Copyright 2013 FUJITSU LABORATORIES OF AMERICA 0

Big Data: Application Security and Privacy Keith Swenson Vice-President of Research and Development Fujitsu America, Inc.

CSA Big Data Working Group Arnab Roy Software Systems Innovation Group Fujitsu Laboratories of America, Inc.

BDWG Organization Data analytics for security Privacy preserving/enhancing technologies Big data-scale crypto Big Data Working Group 60+ members Cloud Infrastructures' Attack Surface Analysis and Reduction Policy and Governance Framework and Taxonomy Top 10 Legal Issues https://basecamp.com/1825565/projects/511355-big-data-working

CSA BDWG Plan The Big Data Working Group (BDWG) will be identifying scalable techniques for data-centric security and privacy problems. BDWG s investigation is expected to lead to Crystallization of best practices for security and privacy in big data, Help industry and government on adoption of best practices, Establish liaisons with SDOs to influence big data security and privacy standards Accelerate the adoption of novel research aimed to address security and privacy issues. Identify new and fundamentally different technical and organizational problems in big data security and privacy. Establish liaison with NIST (US), ENISA (EU) and Participate in PAPs, SDOs Execute research plans based on funding and IP 9/12 12/12 3/13 3/14 Summarize state of the art, propose best practices, and identify gaps Report on outcomes of BDWG research https://cloudsecurityalliance.org/research/big-data/ 4

First Milestone: Identified Top 10 Challenges 1) Secure computations in distributed programming frameworks 2) Security best practices for non-relational datastores 3) Secure data storage and transactions logs 4) End-point input validation/filtering 5) Real time security monitoring 6) Scalable and composable privacy-preserving data mining and analytics 7) Cryptographically enforced access control and secure communication 8) Granular access control 9) Granular audits 10) Data provenance 4, 10 4, 8, 9 1, 3, 5, 6, 7, 8, 9, 10 Data Storage Public/Private/Hybrid Cloud 5, 7, 8, 9 10 2, 3, 5, 8, 9 5

Initial Set of Topics in Big Data Crypto 1) Communication protocols 2) Access policy based encryption 3) Big data privacy 4) Key management 5) Data integrity and poisoning concerns 6) Searching / filtering encrypted data 7) Secure data collection/aggregation 8) Secure collaboration 9) Proof of data storage 10) Secure outsourcing of computation 2,5,7,10 2,3,6 1,3,6 3,6,8,9

Attack Surface Reduction For Big Data Infrastructure Praveen Murthy Fujitsu Laboratories of America Copyright 2013 Fujitsu Laboratories of America

BDWG Organization Data analytics for security Privacy preserving/enhancing technologies Big data-scale crypto Big Data Working Group 60+ members Cloud Infrastructures' Attack Surface Analysis and Reduction Policy and Governance Framework and Taxonomy Top 10 Legal Issues https://basecamp.com/1825565/projects/511355-big-data-working

Big Data Security New security challenges of big data Public cloud environment coupled with Big data characteristics Volume, Velocity, Variety Increased Attack Surface Big Data based on commodity cloud architecture Demands more cloud infrastructure services to be exposed More APIs exposed for attack Need to identify unused services/apis and block them from access 9 Copyright 2013 Fujitsu Laboratories of America

Cloud attack surface taxonomy SSL certificate spoofing Phishing How much can the cloud learn about a user? Buffer overflow SQL injection Privilege escalation Attacks on cloud control Privacy attack Data integrity attack Data confidentiality attack Resource exhaustion DoS Figure from: Gruschka et al., Attack Surfaces: A Taxonomy for Attacks on Cloud Services. Copyright 2013 Fujitsu Laboratories of America

Attack surface as information flow Potential for Dangerous data to flow from (un-trusted) user to system SQL injection, side channel attack, buffer overflow or For sensitive information to flow from system to unauthorized user Information flow examples: User has read permissions on all files User can create files via APIs User can spawn multiple VMs via APIs

Cloud infrastructure elements and JavaScript Hadoop Software framework for Big Data Microsoft HDInsight has JavaScript API for Hadoop Interactive applications with real-time data Node.js Visualization of Big Data Analytics D3.js Amazon EC2 Cloud platform NodeJS library can communicate with AWS EC2 APIs (Open source)

Attack Surface Analysis on Cloud Software APIs To determine metrics based on number of paths from user APIs to sensitive data/functions in cloud infrastructure code using static analysis on JavaScript. To determine metrics based on higher level audits of virtual images, hypervisors, ports, and host OS s. Infrastructure code Program paths Sensitive data Sensitive functions Attack surface: Paths that access sensitive data/functions as a proportion of all paths 13 Copyright 2013 Fujitsu Laboratories of America

Java 7 0-day: could attack surface analysis catch this? import java.applet.applet; import java.awt.graphics; import java.beans.expression; import java.beans.statement; import java.lang.reflect.field; import java.net.url; import java.security.*; import java.security.cert.certificate; import metasploit.payload; public class Exploit extends Applet { public Exploit() { } public void disablesecurity() throws Throwable { Statement localstatement = new Statement(System.class, "setsecuritymanager", new Object[1]); Permissions localpermissions = new Permissions(); localpermissions.add(new AllPermission()); ProtectionDomain localprotectiondomain = new ProtectionDomain(new CodeSource(new URL("file:///"), new Certificate[0]), localpermissions); AccessControlContext localaccesscontrolcontext = new AccessControlContext(new ProtectionDomain[] { localprotectiondomain }); SetField(Statement.class, "acc", localstatement, localaccesscontrolcontext); localstatement.execute(); } ::Applet ::Statement ::Permissions Sandbox violation!! 14 Copyright 2013 Fujitsu Laboratories of America

BigGraph Taka Matsutsuka, Fujitsu Laboratories of Europe Limited Copyright 2013 Fujitsu Laboratories of Europe Limited

Business Problem Frauds in Social Benefits Costs ~200B yen annually: in UK only!* Hard to bridge and interconnect claims - Heterogeneous formats - Multiple councils Ealing Westminster Difficult to adapt to change of requirements Kent - Dynamism of fraud techniques * 1.6B pound 16 Copyright 2013 Fujitsu Laboratories of Europe Limited

BigGraph connects Big Data with relationships A technology to enable analysis of Big Data with connections This exhibition uses public sector claim analysis (using data from the UK) Analysis Rule Rule Individual Systems Process Graph layer: integrated view System A Month Staff May Month 2012 3 June Month 2012 July Month 2012 5 4 Process System B Month Name No Address Month Nuno 12 3 Clefield Month Roger 33 18 Prince G Month Aisha 28 Flat 2, 223 System C Individual Files 17 Copyright 2013 Fujitsu Laboratories of Europe Limited

A graph from public sector Analysed and graph-formed data from UK public sectors 18 Copyright 2013 Fujitsu Laboratories of Europe Limited

Our Solution BigGraph Big Data Application Platform based on Graph Technology Graph that enables bridging and interconnection of data to solve multiple councils heterogeneity Locally embeddable algorithms to dynamically adapt to change of requirements claim1 claim2 home claim3 school Add new business logic Users phone BigGraph Platform Event ID Theft Anomalies Various Data Sources New business logic attached locally to the data and added to the graph on the fly e.g. Home.coordinate - School.coordinate > 60 miles Essex Leicestershir e Surrey 19 Copyright 2013 Fujitsu Laboratories of Europe Limited

20 FUJITSU EYES ONLY

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information