Securing Big Data: New Access Control Challenges and Approaches

Recent cyber attacks have shown that the leakage/stealing of big data may result in enormous monetary loss and damage to organizational reputation, and increased identity theft risks for individuals. Furthermore, in the age of big data, protecting the security and privacy of stored data is paramount for maintaining public trust, and getting the full value from the collected data. In this talk, we first discuss the unique security and privacy challenges arise due to big data and the NoSQL systems designed to analyze big data. Also we discuss our proposed SecureDL system that is built on top of existing NoSQL databases such as Hadoop and Spark and designed as a data access broker where each request submitted by a user app is automatically captured. These captured requests are logged, analyzed and then modified (if needed) to conform with security and privacy policies (e.g.,[5]), and submitted to underlying NoSQL database. Furthermore, SecureDL can allow organizations to audit their big data usage to prevent data misuse and comply with various privacy regulations[2]. SecureDL is totally transparent from the user point of view and does not require any change to the user's code and/or the underlying NoSQL database systems. Therefore, it can be deployed on existing NoSQL databases. Later on, we discuss how to add additional security layer for protecting big data using encryption techniques (e.g., [1, 3, 4]). Especially, we discuss our work on leveraging the modern hardware based trusted execution environments (TEEs) such as Intel SGX for secure encrypted data processing. We also discuss how to provide a simple, secure and high level language based framework that is suitable for enabling generic data analytics for non-security experts who do not have security concepts such as "oblivious execution''. Our proposed framework allows data scientists to perform the data analytic tasks with TEEs using a Python/Matlab like high level language; and automatically compiles programs written in our language to optimal execution code by managing issues such as optimal data block sizes for I/O, vectorized computations to simplify much of the data processing, and optimal ordering of operations for certain tasks. Using these design choices, we show how to provide guarantees for efficient and secure big data analytics over encrypted data.