Arnab Roy Fujitsu Laboratories of America and CSA Big Data WG



Similar documents
Top Ten Security and Privacy Challenges for Big Data and Smartgrids. Arnab Roy Fujitsu Laboratories of America

Arnab Roy Fujitsu Laboratories of America and CSA Big Data WG

Moderator: Panelists: Panel #2 Big Data: Application Security and Privacy. Keith Swenson, VP of Research and Development, Fujitsu America, Inc.

NIST Big Data Public Working Group

A Study on Security and Privacy in Big Data Processing

Agenda 4/21/ Big Data Level Set 2. Who are we? 3. What do we do? 4. What have we done so far? 5. What are we working on? 6.

Top Ten Big Data Security and Privacy Challenges

A Highlight of Security Challenges in Big Data

Big Data Research Sponsorship

CPSC 467: Cryptography and Computer Security

Security Infrastructure for Trusted Offloading in Mobile Cloud Computing

Cloud Data Security. Sol Cates

NSF Workshop on Big Data Security and Privacy

Information Security Basic Concepts

Using Data Encryption to Achieve HIPAA Safe Harbor in the Cloud

Organizational Impact of Big Data on Privacy & Security

Information Security in Big Data using Encryption and Decryption

Big Data, Big Risk, Big Rewards. Hussein Syed

Security/Privacy Models for "Internet of things": What should be studied from RFID schemes? Daisuke Moriyama and Shin ichiro Matsuo NICT, Japan

The Next Generation of Security Leaders

BlackRidge Technology Transport Access Control: Overview

Secure cloud access system using JAR ABSTRACT:

Secure Thinking Bigger Data. Bigger risk?

CLOUD STORAGE SECURITY INTRODUCTION. Gordon Arnold, IBM

A Survey of the Security Use Cases in Big Data

Cloud Computing: A Question of Trust Maintaining Control and Compliance with Data-centric Information Security

FileCloud Security FAQ

Govt. of Karnataka, Department of Technical Education Diploma in Computer Science & Engineering. Sixth Semester

USB Portable Storage Device: Security Problem Definition Summary

NoSQL Database Systems and their Security Challenges

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi

Understanding and evaluating risk to information assets in your software projects

Cloud security architecture

Securing Big Data Learning and Differences from Cloud Security

MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE

ISO 27002:2013 Version Change Summary

Securing Data on Microsoft SQL Server 2012

Secure Computation Martin Beck

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

Chap. 1: Introduction

STORAGE SECURITY TUTORIAL With a focus on Cloud Storage. Gordon Arnold, IBM

Threat Model for Software Reconfigurable Communications Systems

Are your multi-function printers a security risk? Here are five key strategies for safeguarding your data

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

Making Reliable Web Services Message Exchanges Secure and Tamper Proof. Alan J Weissberger. Data Communications Technology. aweissberger@sbcglobal.

MS-55096: Securing Data on Microsoft SQL Server 2012

Network Security. A Quick Overview. Joshua Hill josh-web@untruth.org

Skoot Secure File Transfer

Cryptography and Network Security Chapter 1

preliminary experiment conducted on Amazon EC2 instance further demonstrates the fast performance of the design.

Security and Privacy Controls for Federal Information Systems and Organizations

Big Data - Security and Privacy

9.Web Based Customer Favorite vehicle Search Engine. 10.Step by Step Monitoring for Product Purchasing System

Cyber Security and Privacy

Network Security 網 路 安 全. Lecture 1 February 20, 2012 洪 國 寶

Digital Identity Management

Mobile & Security? Brice Mees Security Services Operations Manager

A Framework for Secure and Verifiable Logging in Public Communication Networks

Brainloop Cloud Security

Information Security

Meeting Technology Risk Management (TRM) Guidelines from the Monetary Authority of Singapore (MAS)

INFORMATION TECHNOLOGY SECURITY STANDARDS

COSC 472 Network Security

Cryptography and Network Security

How To Secure Your Store Data With Fortinet

PCI DSS Policies Outline. PCI DSS Policies. All Rights Reserved. ecfirst Page 1 of 7

ISO Controls and Objectives

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

CHAPTER 1 INTRODUCTION

CSE/EE 461 Lecture 23

Distributed auditing mechanism in order to strengthen user s control over data in Cloud computing Environment

Cloud Security. Let s Open the Box. Abu Shohel Ahmed ahmed.shohel@ericsson.com NomadicLab, Ericsson Research

White Paper: Librestream Security Overview

E-Democracy and e-voting

Network Security. Computer Networking Lecture 08. March 19, HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Associate Prof. Dr. Victor Onomza Waziri

Public Key Applications & Usage A Brief Insight

ISO Information Security Management Systems Professional

Computer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University

MANAGED FILE TRANSFER: 10 STEPS TO PCI DSS COMPLIANCE

Achieving PCI Compliance Using F5 Products

NitroView. Content Aware SIEM TM. Unified Security and Compliance Unmatched Speed and Scale. Application Data Monitoring. Database Monitoring

EU Threat Landscape Threat Analysis in Research ENISA Workshop Brussels 24th February 2015

Introduction to Information Security

Client Server Registration Protocol

ICOM 5018 Network Security and Cryptography

Seven Things To Consider When Evaluating Privileged Account Security Solutions

Testimony of. Patrick Heim. Chief Information Security Officer. on behalf of the. Kaiser Permanente Medical Care Program

Threat Modeling. Frank Piessens ) KATHOLIEKE UNIVERSITEIT LEUVEN

Policy-based Pre-Processing in Hadoop

External Penetration Assessment and Database Access Review

Privacy-Preserving Distributed Encrypted Data Storage and Retrieval

USB Portable Storage Device: Security Problem Definition Summary

Secrecy Maintaining Public Inspecting For Secure Cloud Storage

LogRhythm and PCI Compliance

SECURITY INFRASTRUCTURE Standards and implementation practices for protecting the privacy and security of shared genomic and clinical data

Nominee: Barracuda Networks

Security Issues in Cloud Computing

The Benefits of SSL Content Inspection ABSTRACT

Transcription:

Arnab Roy Fujitsu Laboratories of America and CSA Big Data WG 1

The Big Data Working Group (BDWG) will be identifying scalable techniques for data-centric security and privacy problems. BDWG s investigation is expected to lead to Crystallization of best practices for security and privacy in big data, Help industry and government on adoption of best practices, Establish liaisons with SDOs to influence big data security and privacy standards Accelerate the adoption of novel research aimed to address security and privacy issues.

1: Data analytics for security 2: Privacy preserving/enhancing technologies 3: Big datascale crypto 8: Framework and Taxonomy Big Data Working Group 70+ members 4: Big data Infrastructures' Attack Surface Analysis and Reduction 7: Top 10 6: Legal Issues 5: Policy and Governance https://basecamp.com/1825565/projects/511355-big-data-working

1) Secure computations in distributed programming frameworks 2) Security best practices for nonrelational datastores 3) Secure data storage and transactions logs 4) End-point input validation/filtering 5) Real time security monitoring 6) Scalable and composable privacypreserving data mining and analytics 7) Cryptographically enforced access control and secure communication 8) Granular access control 9) Granular audits 10) Data provenance 4

Infrastructure security Data Privacy Data Management Integrity and Reactive Security Secure Computations in Distributed Programming Frameworks Privacy Preserving Data Mining and Analytics Secure Data Storage and Transaction Logs End-point validation and filtering Security Best Practices for Non-Relational Data Stores Cryptographically Enforced Data Centric Security Granular Audits Real time Security Monitoring Granular Access Control Data Provenance 5

Malfunctioning compute worker nodes Trust establishment: initiation, periodic trust update Application Computation Infrastructure Access to sensitive data Mandatory access control Privacy of output information Privacy preserving transformations 6

Data from Diverse Appliances and Sensors Lack of stringent authentication and authorization mechanisms Enforcement through middleware layer Passwords should never be held in clear Encrypted data at rest Lack of secure communication between compute nodes Protect communication using SSL/TLS 7

Consumer Data Archive Data Confidentiality and Integrity Availability Consistency Collusion Encryption and Signatures Proof of data possession Periodic audit and hash chains Policy based encryption 8

Adversary may tamper with device or software Tamper-proof Software Data Poisoning Adversary may clone fake devices Adversary may directly control source of data Trust Certificate and Trusted Devices Analytics to detect outliers Adversary may compromise data in transmission Cryptographic Protocols 9

Fraud Detection Security of the infrastructure Security of the monitoring code itself Security of the input sources Adversary may cause data poisoning Discussed before Secure coding practices Discussed before Analytics to detect outliers 10

Exploiting vulnerability at host Encryption of data at rest, access control and authorization mechanisms Consumer Data Privacy Insider threat Outsourcing analytics to untrusted partners Unintended leakage through sharing of data Separation of duty principles, clear policy for logging access to datasets Awareness of re-identification issues, differential privacy 11

Enforcing access control Identity and Attribute-based encryptions Data Integrity and Privacy Search and filter Outsourcing of computation Encryption techniques supporting search and filter Fully Homomorphic Encryption Integrity of data and preservation of anonymity Group signatures with trusted third parties 12

Keeping track of secrecy requirements of individual data elements Pick right level of granularity: row level, column level, cell level Data Privacy Maintaining access labels across analytical transformations At the minimum, conform to lattice of access restrictions. More sophisticated data transforms are being considered in active research Keeping track of roles and authorities of users Authentication, authorization, mandatory access control 13

Completeness of audit information Audit of usage, pricing, billing Timely access to audit information Integrity of audit information Authorized access to audit information Infrastructure solutions as discussed before. Scaling of SIEM tools. 14

Secure collection of data Authentication techniques Keeping track of ownership of data pricing, audit Consistency of data and metadata Message digests Insider threats Access Control through systems and cryptography 15

Thank You 16

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information