1. Security Types

2. Scenario

3. Challenges

4. Description

5. Threats

6. Current Mitigations



Application Computation Infrastructure

Secure computations in distributed programming frameworks

Distributed programming frameworks utilize parallelism in computation and storage to process massive amounts of data.

Malfunctioning compute worker nodes

Trust establishment: initiation, periodic trust update

Access to sensitive data

Mandatory access control

Privacy of output information

Privacy preserving transformations

Data from Diverse Appliances and Sensors

Security best practices for non-relational stores

Non-relational data stores popularized by NoSQL databases are still evolving with respect to security infrastructure.

Lack of stringent authentication and authorization mechanisms

Enforcement through middleware layer

Passwords should never be held in clear

Encrypted data at rest

Lack of secure communication between compute nodes

Protect communication using SSL/TLS

Data Management

Consumer Data Archive

Secure data storage and transactions logs

The exponential increasing of data set requires auto-tiering for big data storage management.

Data Confidentiality and Integrity

Encryption and signatures


Proof of data possession


Periodic audit and hash chains


Policy based encryption

Data Management

Audit of usage, pricing, billing

Granular audits

In order to be notified at the attack takes place, we need audit information.

Completeness of audit information

Infrastructure solutions as discussed before. Scaling of SIEM tools.

Timely access to audit information

Integrity of audit information

Authorized access to audit information

Keeping track of ownership of data pricing, audit

Data provenance

Analysis of large provenance graphs to detect metadata dependencies for security/confidentiality applications is computationally intensive.

Secure collection of data

Authentication techniques

Consistency of data and metadata

Message digests

Insider threats

Access Control through systems and cryptography