Privacy Aware Access Control for Big Data: A Research Roadmap

Big Data Research

Volumn 2, Issue 4, 2015, Pages 145-154

  Colombo, Pietro ^a   Ferrari, Elena ^a  

^a UNIVERSITY OF INSUBRIA   (Italy)

Author keywords

Access control enforcement; Big data; MapReduce systems; NoSQL datastores; Privacy policies

Indexed keywords

ACCESS CONTROL; DIGITAL STORAGE; SENSITIVE DATA;

ACCESS CONTROL ENFORCEMENTS; BUSINESS MODELS; DATA ANALYTICS; DATA PLATFORM; MAP-REDUCE; MAPREDUCE SYSTEM; NOSQL DATASTORE; PRIVACY POLICIES; PRIVACY-AWARE ACCESS CONTROL; RESEARCH ROADMAP;

MAPREDUCE;

EID: 84947043463     PISSN: None     EISSN: 22145796     Source Type: Journal    
DOI: 10.1016/j.bdr.2015.08.001     Document Type: Article

References (38)

1. Mayer-Schönberger V., Cukier K. Big Data: A Revolution That Will Transform How We Live, Work, and Think 2013, Houghton Mifflin Harcourt.
2. Jin X., Wah B.W., Cheng X., Wang Y. Significance and challenges of big data research. Big Data Res. 2015, 2(2):59-64. 10.1016/j.bdr.2015.01.006.
3. Holler J., Tsiatsis V., Mulligan C., Avesand S., Karnouskos S., Boyle D. From Machine-to-Machine to the Internet of Things: Introduction to a New Age of Intelligence 2014, Academic Press.
4. Gandomi A., Haider M. Beyond the hype: big data concepts, methods, and analytics. Int. J. Inf. Manag. 2015, 35(2):137-144. 10.1016/j.ijinfomgt.2014.10.007.
5. Begoli E. A short survey on the state of the art in architectures and platforms for large scale data analysis and knowledge discovery from data. Proceedings of the WICSA/ECSA 2012 Companion Volume 2012, 177-183. ACM, New York, NY, USA. doi:10.1145/2361999.2362039.
6. Co I. Intel's it manager survey on how organizations are using big data http://www.intel.com/content/dam/www/public/us/en/documents/reports/data-insights-peer-research-report.pdf.
7. Okman L., Gal-Oz N., Gonen Y., Gudes E., Abramov J. Security issues in nosql databases. 2011 IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) 2011, 541-547.
8. Ni Q., Trombetta A., Bertino E., Lobo J. Privacy-aware role based access control. Proceedings of the 12th ACM Symposium on Access Control Models and Technologies 2007, ACM.
9. Q. Ni, D. Lin, E. Bertino, J. Lobo, Conditional privacy-aware role based access control, in: Computer Security-ESORICS, 2007.
10. Colombo P., Ferrari E. Enforcement of purpose based access control within relational database management systems. IEEE Trans. Knowl. Data Eng. 2014, 26(11). 10.1109/TKDE.2014.2312112.
11. President's Council of Advisors on Science and Technology, Big data and privacy: a technological perspective 2014, Tech. rep., Executive Office of the President of the United States.
12. Co I. Big data in the cloud: converging technologies http://www.intel.com/content/dam/www/public/us/en/documents/product-briefs/big-data-cloud-technologies-brief.pdf.
13. Colombo P., Ferrari E. Efficient enforcement of action aware purpose based access control within relational database management systems. IEEE Trans. Knowl. Data Eng. 2015, 27(8). 10.1109/TKDE.2015.2411595.
14. Byun J., Li N. Purpose based access control for privacy protection in relational database systems. VLDB J. 2008, 17(4).
15. Ulusoy H., Colombo P., Ferrari E., Kantarcioglu M., Pattuk E. GuardMR: fine-grained security policy enforcement for MapReduce systems. ACM ASIACCS 2015, doi:10.1109/TKDE.2015.2411595.
16. Sen S., Guha S., Datta A., Rajamani S.K., Tsai J., Wing J.M. Bootstrapping privacy compliance in big data systems. Proceedings of the 2014 IEEE Symposium on Security and Privacy 2014, IEEE Computer Society.
17. Bertino E., Byun J.-W., Li N. Privacy-preserving database systems. Foundations of Security Analysis and Design III 2005, 178-206. Springer.
18. Extensible access control markup language (xacml) OASIS, ver. 3.0. http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.pdf.
19. W3C, Enterprise privacy authorization language (epal 1.2). http://www.w3.org/Submission/EPAL/.
20. Kabir M.E., Wang H. Conditional purpose based access control model for privacy protection. Proceedings of the Twentieth Australasian Conference on Australasian Database, vol. 92 2009, 135-142. Australian Computer Society, Inc.
21. Ferraiolo D., Sandhu R., Gavrila S., Kuhn D., Chandramouli R. Proposed nist standard for role-based access control. ACM Trans. Inf. Syst. Secur. 2001, 4(3).
22. Kabir M., Wang H., Bertino E. A role-involved conditional purpose-based access control model. IFIP Advances in Information and Communication Technology 2010, vol. 334:167-180. Springer, Berlin, Heidelberg. M. Janssen, W. Lamersdorf, J. Pries-Heje, M. Rosemann (Eds.).
23. Ni Q., Bertino E., Lobo J., Brodie C., Karat C.-M., Karat J., Trombeta A. Privacy-aware role-based access control. ACM Trans. Inf. Syst. Secur. 2010, 13(3):24.
24. Peng H., Gu J., Ye X. Dynamic purpose-based access control. International Symposium on Parallel and Distributed Processing with Applications 2008, 695-700. doi:10.1109/ISPA.2008.80.
25. Colombo P., Ferrari E. Enforcing obligations within relational database management systems. IEEE Trans. Dependable Secure Comput. 2014, 11(4). 10.1109/TDSC.2013.48.
26. Ni Q., Bertino E., Lobo J. An obligation model bridging access control policies and privacy policies. ACM SACMAT 2008.
27. Li N., Chen H., Bertino E. On practical specification and enforcement of obligations. ACM CODASPY 2012.
28. Shebaro B., Oluwatimi O., Bertino E. Context-based access control systems for mobile devices. IEEE Trans. Dependable Secure Comput. 2015, 12(2):150-163. 10.1109/TDSC.2014.2320731.
29. Damiani M.L., Bertino E., Catania B., Perlasca P. Geo-rbac: a spatially aware rbac. ACM Trans. Inf. Syst. Secur. 2007, 10(1):2.
30. Bettini C., Brdiczka O., Henricksen K., Indulska J., Nicklas D., Ranganathan A., Riboni D. A survey of context modelling and reasoning techniques. Pervasive Mob. Comput. 2010, 6(2):161-180.
31. Bertino E., Ferrari E., Squicciarini A. Trust negotiations: concepts, systems, and languages. Comput. Sci. Eng. 2004, 6(4):27-34.
32. Alliance C.S. Top ten big data security and privacy challenges https://cloudsecurityalliance.org/download/top-ten-big-data-security-and-privacy-challenges/.
33. Kulkarni D. A fine-grained access control model for key-value systems. Proceedings of the third ACM Conference on Data and Application Security and Privacy 2013, 161-164. ACM.
34. Shermin M. An access control model for nosql databases 2013, Master's thesis, University of Western Ontario, Electronic Thesis and Dissertation Repository. Paper 1797. http://ir.lib.uwo.ca/etd/1797.
35. Ulusoy H., Kantarcioglu M., Hamlen K., Pattuk E. Vigiles: fine-grained access control for mapreduce systems. IEEE BigData 2014.
36. Rizvi S., Mendelzon A., Sudarshan S., Roy P. Extending query rewriting techniques for fine-grained access control. ACM SIGMOD 2004 2004, 551-562.
37. Colombo P., Ferrari E. Complementing mongodb with advanced access control features: concepts and research challenges. 23rd Italian Symposium on Advanced Database Systems (SEBD 2015) 2015.
38. Manyika J., Chui M., Brown B., Bughin J., Dobbs R., Roxburgh C., Byers A.H. Big data: the next frontier for innovation, competition, and productivity 2011, Tech. rep., McKinsey Global Institute.