Advertisement

Big Data Security and Privacy

  • Elisa Bertino
  • Elena FerrariEmail author
Chapter
Part of the Studies in Big Data book series (SBD, volume 31)

Abstract

Recent technologies, such as IoT, social networks, cloud computing, and data analytics, make today possible to collect huge amounts of data. However, for data to be used to their full power, data security and privacy are critical. Data security and privacy have been widely investigated over the past thirty years. However, today we face new issues in securing and protecting data, that result in new challenging research directions. Some of those challenges arise from increasing privacy concerns with respect to the use of such huge amount of data, and from the need of reconciling privacy with the use of data. Other challenges arise because the deployments of new data collection and processing devices, such as those used in IoT systems, increase the attack potential. In this paper, we discuss relevant concepts and approaches for Big Data security and privacy, and identify research challenges to be addressed to achieve comprehensive solutions to data security and privacy in the Big Data scenario.

Keywords

Access Control Access Control Policy Data Confidentiality Access Control Model Smart Object 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Notes

Acknowledgements

The work reported in this paper is partially supported by NSF under the grant ACI-1547358.

References

  1. 1.
    T. Antignac, D. Le Metayer, Privacy by design: from technologies to architectures, in Bart Preneel and Demosthenes ed. by Ikonomou, Privacy Technologies and Policy, LNCS, vol. 8450 (Springer, Berlin, 2014)Google Scholar
  2. 2.
    L. Bahri, B. Carminati, E. Ferrari, COIP - continuous, operable, impartial, and privacy-aware identity validity estimation for OSN profiles. ACM Trans. Web 10(4), 23:1–23:41 (2016)Google Scholar
  3. 3.
    L. Bahri, B. Carminati, E. Ferrari, CARDS - collaborative audit and report data sharing for a-posteriori access control in DOSNs, in Proceedings of the 1st IEEE Conference on Collaboration and Internet Computing (CIC 2015) (2015)Google Scholar
  4. 4.
    C. Batini, M. Scannapieco, Data and Information Quality Dimensions, Principles and Techniques (Springer, Berlin, 2016)Google Scholar
  5. 5.
    E. Bertino, Data privacy for IoT systems: concepts, approaches, and research directions, in Proceedings of the IEEE International Conference on Big Data (BigData 2016) (2016)Google Scholar
  6. 6.
    E. Bertino, Data Protection from Insider Threats. Synthesis Lectures on Data Management (Morgan & Claypool Publishers, 2012)Google Scholar
  7. 7.
    E. Bertino, Data security and privacy: concepts, approaches, and research directions, in Proceedings of the 40th IEEE Computer Software and Applications Conference (COMPSAC 2016) (2016)Google Scholar
  8. 8.
    E. Bertino, R. Sandhu, Database security: concepts, approaches, and challenges. IEEE Trans. Dependable Sec. Comput. 2(1), 2–19 (2005)CrossRefGoogle Scholar
  9. 9.
    O. Bodriagov, G. Kreitz, S. Buchegger, Access control in decentralized online social networks: applying a policy-hiding cryptographic scheme and evaluating its performance, in Pervasive Computing and Communications Workshops (PERCOM Workshops) (2014)Google Scholar
  10. 10.
    J.W. Byun, N. Li, Purpose based access control for privacy protection in relational database systems. The VLDB J. 17(4) (2008)Google Scholar
  11. 11.
    J.W. Byun, E. Bertino, N. Li, Purpose based access control of complex data for privacy protection, in Proceedings of the 10th ACM Symposium on Access Control Models and Technologies (SACMAT 2005) (2005)Google Scholar
  12. 12.
    J.W. Byun, A. Kamra, E. Bertino, N. Li, Efficient k-anonymization using clustering techniques, in Proceedings of the 12th Conference on Database Systems for Advanced Applications (DASFAA 2007) (2007)Google Scholar
  13. 13.
    J. Cao, E.-Y. Rao, E. Bertino, M. Kantarcioglu, A hybrid private record linkage scheme: separating differentially private synopses from matching records, in Proceedings of the 31st Conference on Data Engineering (ICDE 2015) (2015)Google Scholar
  14. 14.
    B. Carminati, P. Colombo, E. Ferrari, G. Sagirlar, Enhancing user control on personal data usage in internet of things ecosystems, in Proceedings of the IEEE International Conference on Services Computing (SCC 2016) (2016)Google Scholar
  15. 15.
    B. Carminati, E. Ferrari, M. Viviani, Security and trust in online social networks. Synthesis Lectures on Information Security, Privacy, and Trust (Morgan & Claypool Publishers, 2013)Google Scholar
  16. 16.
    P. Colombo, E. Ferrari, Enhancing MongoDB with purpose based access control. IEEE Trans. Dependable Sec. Comput. to appearGoogle Scholar
  17. 17.
    P. Colombo, E. Ferrari, Towards a unifying attribute based access control approach for NoSQL datastores, in Proceedings of the 33rd IEEE Conference on Data Engineering (ICDE 2017), to appearGoogle Scholar
  18. 18.
    P. Colombo, E. Ferrari, Towards virtual private NoSQL datastores, in Proceedings of the 32nd IEEE Conference on Data Engineering (ICDE 2016) (2016)Google Scholar
  19. 19.
    P. Colombo, E. Ferrari, Privacy aware access control for big data: a research roadmap. Big Data Res. 2(4), 145–154 (2015)CrossRefGoogle Scholar
  20. 20.
    P. Colombo, E. Ferrari, Enforcing obligations within relational database management systems. IEEE Trans. Dependable Sec. Comput. 11(4), 318–331 (2014)CrossRefGoogle Scholar
  21. 21.
    P. Colombo, E. Ferrari, Enforcement of purpose based access control within relational database management systems. IEEE Trans. Knowl. Data Eng. 26(11), 2703–2716 (2014)CrossRefGoogle Scholar
  22. 22.
    Y.A. De Montjoye, E. Shmueli, S.S. Wang, A.S. Pentlan, openPDS: protecting the privacy of metadata through safe answers, in PLoS One (2014)Google Scholar
  23. 23.
    D.E. Denning, P.J. Denning, Data security. ACM Comput. Surv. 11(3), 227–249 (1979)CrossRefzbMATHGoogle Scholar
  24. 24.
    C. Dwork, A. Roth, The algorithmic foundations of differential privacy. Found. Trends Theor. Comput. Sci. 9(3–4), 211–407 (2014)MathSciNetzbMATHGoogle Scholar
  25. 25.
    D. Florescu, G. Fourny, JSONiq: the history of a query language. IEEE Int. Comput. 17(5) (2013)Google Scholar
  26. 26.
    J. Habibi, A. Panicker, A. Gupta, E. Bertino, DisARM: mitigating buffer overflow attacks on embedded devices, in Proceedings of the 9th Conference on Network and System Security (NSS 2015) (2015)Google Scholar
  27. 27.
    S. Hajian, J. Domingo-Ferrer, A. Monreale, D. Pedreschi, F. Giannotti, Discrimination- and privacy-aware patterns. Data Min. Knowl. Discov. 29(6), 1733–1782 (2015)MathSciNetCrossRefGoogle Scholar
  28. 28.
    B.-Z. He, C.-M. Chen, Y.-P. Su, H.-M. Sun, A defense scheme against identity theft attack based on multiple social networks. Expert Syst. Appl. 41(5), 2345–2352 (2014)CrossRefGoogle Scholar
  29. 29.
    J.L. Hernandez-Ramos, D.G. Carrillo, R. Marin-Lopez, A.F. Skarmeta, Dynamic security credentials pana-based provisioning for IoT smart objects, in Proceedings of the IEEE 2nd World Forum on Internet of Things (WF-IoT’15) (2015)Google Scholar
  30. 30.
    H. Hu, G.J. Ahn, J. Jorgensen, Multiparty access control for online social networks: model and mechanisms. IEEE Trans. Knowl. Data Eng. 25, 1614–1627 (2013)CrossRefGoogle Scholar
  31. 31.
    P. Ilia, B. Carminati, E. Ferrari, P. Fragopoulou, S. Ioannidis, SAMPAC: socially-aware collaborative multi-party access control, in Proceedings of the 7th ACM Conference on Data and Applications Security and Privacy (CODASPY 2017) (2017)Google Scholar
  32. 32.
    S. Jahid, S. Nilizadeh, P. Mittal, N. Borisov, A. Kapadia, Decent: a decentralized architecture for enforcing privacy in online social networks, in Pervasive Computing and Communications Workshops (PERCOM Workshops) (2012)Google Scholar
  33. 33.
    J. Jiang, Z.F. Shan, X. Wang, L. Zhang, Y.F. Dai, Understanding sybil groups in the wild. J. Comput. Sci. Technol. 30(6), 1344–1357 (2015)CrossRefGoogle Scholar
  34. 34.
    L. Jin, H. Takabi, J.B. Joshi, Towards active detection of identity clone attacks on online social networks, in Proceedings of the 1st ACM Conference on Data and Application Security and Privacy (2011)Google Scholar
  35. 35.
    D. Kulkarni, A fine-grained access control model for key-value systems, in Proceedings of the 3rd ACM Conference on Data and Application Security and Privacy (CODASPY 2013) (2013)Google Scholar
  36. 36.
    D. Lin, P. Rao, E. Bertino, N. Li, J. Lobo, EXAM: a comprehensive environment for the analysis of access control policies. Int. J. Inf. Sec. (IJIS) 9(4), 253–273 (2010)CrossRefGoogle Scholar
  37. 37.
    J. Longstaff, J. Noble, Attribute based access control for big data applications by query modification, in Proceedings of IEEE BigDataService (2016)Google Scholar
  38. 38.
    M. Madejski, M.L. Johnson, S.M. Bellovin, The failure of online social network privacy settings. Columbia University Academic Commons (2011)Google Scholar
  39. 39.
    O. Mazhelis et al., Towards enabling privacy preserving smart city apps, in Proceedings of the IEEE Smart Cities Conference (2016)Google Scholar
  40. 40.
    D. Midi, E. Bertino, Node or Link? Fine-Grained Analysis of Packet Loss Attacks in Wireless Sensor Networks. ACM Trans. Sens. Netw. 12(2) (2016). Accepted for publicationGoogle Scholar
  41. 41.
    D. Midi, T. Payer, E. Bertino, nesCheck: Memory Safety for Embedded Devices, submitted for publicationGoogle Scholar
  42. 42.
    S. Mitter, C. Wagner, M. Strohmaier, Understanding the impact of socialbot attacks in online social networks. arXiv preprint arXiv:1402.6289 (2014)
  43. 43.
    A.A. Mudgerikar, A. Singla, I. Papapanagiotou, A.A. Yavuz, HAA: hardware-accelerated authentication for internet of things in mission critical vehicular networks, in Proceedings of the 34th Conference for Military Communications (IEEE MILCOM 2015) (2015)Google Scholar
  44. 44.
    A. Narayanan, V. Toubiana, S. Barocas, H. Nissenbaum, D. Boneh, A critical look at decentralized personal data architectures. arXiv preprint arXiv:1202.4503 (2012)
  45. 45.
    Q. Ni, J. Lobo, S.B. Calo, P. Rohatgi, E. Bertino, Automating role-based provisioning by learning from examples, in Proceedings of the 14th ACM Symposium on Access Control Models and Technologies (SACMAT 2009) (2009)Google Scholar
  46. 46.
    K.W. Ong, Y. Papakonstantinou, R. Vernoux, The SQL++ unifying semi-structured query language, and an expressiveness benchmark of SQL-on-Hadoop, NoSQL and NewSQL databases. CoRR, arXiv:1405.3631 (2014)
  47. 47.
    S.H. Seo, J. Won, E. Bertino, pCLSC-TKEM: a Pairing-free Certificateless Signcryption-tag key encapsulation mechanism for a privacy-preserving IoT. Trans. Data Priv. (2016)Google Scholar
  48. 48.
    S. Sultana, E. Bertino, A Distributed system for the management of fine-grained provenance. J. Database Manag. 26(2), 32–47 (2015)CrossRefGoogle Scholar
  49. 49.
    H. Ulusoy, P. Colombo, E. Ferrari, M. Kantarcioglu, E. Pattuk, GuardMR: fine-grained security policy enforcement for MapReduce systems, in Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security (ASIACCS’15) (2015)Google Scholar
  50. 50.
    H.X. Wang, K. Nayak, C. Liu, E. Shi, E. Stefanov, Y. Huang, Oblivious data structures. IACR Cryptology ePrint Archive (2014)Google Scholar
  51. 51.
    S.D. Warren, L.D. Brandeis, The Right to Privacy. Harvard Law Review (1890), pp. 193–220Google Scholar
  52. 52.
    A. Westin, Privacy And Freedom (Atheneum, New York, 1967), p. 7Google Scholar
  53. 53.
    J. Won, S.H. Seo, E. Bertino, A secure communication protocol for drones and smart objects, in Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security (ASIACCS ’15) (2015)Google Scholar
  54. 54.
    H. Yu, P.B. Gibbons, M. Kaminsky, F. Xiao, Sybillimit: a near-optimal social network defense against sybil attacks, in Proceedings of the IEEE Symposium on Security and Privacy (2008)Google Scholar

Copyright information

© Springer International Publishing AG 2018

Authors and Affiliations

  1. 1.Computer Science DepartmentPurdue UniversityWest LafayetteUSA
  2. 2.Department of Theoretical and Applied SciencesUniversity of InsubriaVareseItaly

Personalised recommendations