Cloud services for Big Data analytics have to deal with three main concerns:
- the provisioning of AAA (Authentication, Authorization and Accounting),
- the assurance of the security properties of the cloud and Big Data services,
- and the assurance of the privacy of data at the storage level.
- Given the criticality (business or personal) of the data stored, managed, and analysed, Authentication, Authorization and Accounting services/mechanisms are provisioned to all the EUBra-BIGSEA services (e.g. AAA services can be used while provisioning Big Data services, monitoring the behaviour of the Big Data services, or as soft defined services, etc.).
- The assurance of the traditional security properties (availability, integrity and confidentiality) is a concern that is transversal to the cloud services. Security assessment methodologies (e.g. testing, analysis, vulnerability and attack injection, etc.) are used to provide a degree of trustworthiness on the security of all the components, and how resistant they are to malicious attempts. Considerable trade-offs should be also considered between security and efficiency/performance, or even between the different properties of security (e.g. availability and confidentiality).
- Considering that data is stored at backend databases, some of which with poor security mechanisms, it is of outmost importance to implement mechanisms that assure the privacy of the data (including the boundaries of the protected data). As traditional encryption is of no use in Big Data scenarios due to the performance implications, the goal would be to develop more efficient techniques, like data partitioning together with masking and fake data injection to improve privacy.
As a comprehensive and effective security approach cannot take these concerns individually or in an ad-hoc manner, a global security solution that takes into account the requirements and constraints of the cloud for Big Data processing is needed. EUBra-BIGSEA's objective is to:
- Define a coordinated strategy that will allow addressing the security concerns of the Big Data, guaranteeing the required levels of security.
- Research mechanisms that allow integrating AAA requirements in the development of advanced cloud services for Big Data, with limited performance impact.
- Propose security assessment methodologies and tools that allow providing assurances regarding the security of the cloud and data services, in particular regarding how resilient they are to attacks.
- Develop mechanisms to protect the privacy of the data that will ensure that the data is accessed and processed only by authorized services and prevent access otherwise, with limited performance impact.
- Provide measurements of the security properties that can justifiably be guaranteed, which allow the adjustment of the Quality of Protection (QoP) levels in a SLA established by the provider.