1. Security Types | 2. Scenario | 3. Challenges | 4. Description | 5. Threats | 6. Current Mitigations |
Infrastructure Security | Application Computation Infrastructure | Secure computations in distributed programming frameworks | Distributed programming frameworks utilize parallelism in computation and storage to process massive amounts of data. | Malfunctioning compute worker nodes | Trust establishment: initiation, periodic trust update |
Access to sensitive data | Mandatory access control | ||||
Privacy of output information | Privacy preserving transformations | ||||
Data from Diverse Appliances and Sensors | Security best practices for non-relational stores | Non-relational data stores popularized by NoSQL databases are still evolving with respect to security infrastructure. | Lack of stringent authentication and authorization mechanisms | Enforcement through middleware layer | |
Passwords should never be held in clear | |||||
Encrypted data at rest | |||||
Lack of secure communication between compute nodes | Protect communication using SSL/TLS | ||||
Data Management | Consumer Data Archive | Secure data storage and transactions logs | The exponential increasing of data set requires auto-tiering for big data storage management. | Data Confidentiality and Integrity | Encryption and signatures |
Availability | Proof of data possession | ||||
Consistency | Periodic audit and hash chains | ||||
Collusion | Policy based encryption | ||||
Data Management | Audit of usage, pricing, billing | Granular audits | In order to be notified at the attack takes place, we need audit information. | Completeness of audit information | Infrastructure solutions as discussed before. Scaling of SIEM tools. |
Timely access to audit information | |||||
Integrity of audit information | |||||
Authorized access to audit information | |||||
Keeping track of ownership of data pricing, audit | Data provenance | Analysis of large provenance graphs to detect metadata dependencies for security/confidentiality applications is computationally intensive. | Secure collection of data | Authentication techniques | |
Consistency of data and metadata | Message digests | ||||
Insider threats | Access Control through systems and cryptography |