10th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing

Research Article

An Access Control Scheme for Big Data Processing

Download58 downloads
  • @INPROCEEDINGS{10.4108/icst.collaboratecom.2014.257649,
        author={Vincent Hu and Tim Grance and David Ferraiolo and D Kuhn},
        title={An Access Control Scheme for Big Data Processing},
        proceedings={10th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing},
        publisher={IEEE},
        proceedings_a={COLLABORATECOM},
        year={2014},
        month={11},
        keywords={access control authorization big data distributed system},
        doi={10.4108/icst.collaboratecom.2014.257649}
    }
    
  • Vincent Hu
    Tim Grance
    David Ferraiolo
    D Kuhn
    Year: 2014
    An Access Control Scheme for Big Data Processing
    COLLABORATECOM
    IEEE
    DOI: 10.4108/icst.collaboratecom.2014.257649
Vincent Hu1,*, Tim Grance1, David Ferraiolo1, D Kuhn1
  • 1: NIST
*Contact email: vhu@nist.gov

Abstract

Access Control (AC) systems are among the most critical of network security components. A system’s privacy and security controls are more likely to be compromised due to the misconfiguration of access control policies rather than the failure of cryptographic primitives or protocols. This problem becomes increasingly severe as software systems become more and more complex, such as Big Data (BD) processing systems, which are deployed to manage a large amount of sensitive information and resources organized into a sophisticated BD processing cluster. Basically, BD access control requires the collaboration among cooperating processing domains to be protected as computing environments that consist of computing units under distributed AC managements. Many BD architecture designs were proposed to address BD challenges; however, most of them were focused on the processing capabilities of the “three Vs” (Velocity, Volume, and Variety). Considerations for security in protecting BD are mostly ad hoc and patch efforts. Even with some inclusion of security in recent BD systems, a critical security component, AC (Authorization), for protecting BD processing components and their users from the insider attacks, remains elusive. This paper proposes a general purpose AC scheme for distributed BD processing clusters.