Current Security Threats and Prevention Measures Relating to Cloud Services, Hadoop Concurrent Processing, and Big DataATHER SHARIF, SARAH COONEY, SHENGQI GONG, DREW VITEK
DEPARTMENT OF COMPUTER SCIENCE
SAINT JOSEPH’S UNIVERSITY
Introduction and Motivation
“Big Data” has become a buzzword in almost every industry
Cloud based services are becoming increasingly popular for data storage and analysis
Massive data breaches are still all too common The security of cloud services is very much reliant on
the measures taken by the service provider As future computer scientists, we feel that
knowledge of Big Data and Cloud security measures is invaluable.
Cloud Services
In 2013 50% of US businesses were using some type of cloud service
“Notorious Nine Cloud Computing Threats”
1. Abuse of Cloud Services2. Account or Service
Traffic Hijacking3. Data Breaches4. Data Loss5. Denial of Service
6. Insecure Interfaces and
APIs7. Insufficient Due
Diligence8. Malicious Insiders9. Shared Technology
Vulnerabilities
Verizon Cloud Security 4 Layered Approach…
Physical Security Measures• Around-the-Clock Video Monitoring, Biometric Accesses, On-Site Guards• Employee Background Checks and Regular Security Training
Data Access and Storage Policies and Procedures• Password Policies, User Authentication and Access Control• Data Encryption, Denial of Service Detection, Firewall Integration
Extra and Customizable Security Features• Customizable Firewall and VPN, Preconfigured Security Tools• Intelligent Security Management System
Checks on Completeness and Compliance of Other Layers• Compliance with Established Security Standards• Agile Methodology for Bug Fixes
Base Security
Logical Security
Value Added Security
Governance Risk &
Compliance
Big Data
In general, security risks associated with Big Data can be categorized by three V’s…
1. Volume…
2. Velocity…
3. Variety…
Theoretical Sticky Policy Framework
Proposed by S. Li, T. Zhang, J. Gao, and Y. Park
Based on the EnCoRe project
Data Center Domain versus Trusted Authority Domain
Inside the Trusted Authority Domain
Identity and Key Management Engine Policy Engine
Policy PortalPolicy ControllerPolicy Negotiation ComponentPolicy Update ComponentEnforcement ComponentPolicy Store
Hadoop
Security Vulnerabilities in the Cloud Based SystemDifficult to locate and track the node
holding a specific file chunkChunk StealingChunk Injection
Twilio
Implementation of Hadoop via Amazon cloud services Access Control Based on:
Job RolesBucket PoliciesAccess Control Lists
Physical Security Measures Third Party Penetration Testing Every 6 Months Safe Harbor Compliance
Conclusion
With the continued increase in available data and growth in the use of cloud services, knowledge of how to secure these systems is imperative for any computer science professional, and will provide continued opportunity for jobs and research as we leave school to enter the professional world.
Top Related