Access Control System Analysis in Heterogeneous Big Data Management Systems

Big data management systems are in demand today in practically all industries, and they are also the foundation for artificial intelligence training. The use of heterogeneous poly-stores in big data systems has led to the fact that tools within the same system have different data granularity and access control models. Harmonization of such components by the security administrator and implementation of common access-policy is now done manually. This leads to an increasing number of customization vulnerabilities, which in turn serves as a frequent cause of data leaks. Analysis of works in the area of automation and analysis of access control in big data systems shows the lack of automation solutions for poly-store based systems. This paper poses the problem of automating the analysis of access control analysis in big data management systems. The authors formulate the main contradiction, which consists, on the one hand, in the requirement of scalability and flexibility of access control, and on the other hand - in the growth of the burden on the security administrator, aggravated by the use of different data models and access control in the system components. To solve this problem, we propose a new automated method for analyzing security policies based on a graph model of data processing, which reduces the number of possible vulnerabilities resulting from incorrect administration of big data systems. The proposed method uses the data life cycle model of the system, current settings and the desired security policy. The use of two-pass analysis (from data sources to recipients and back) allows to solve two tasks: analyzing the access control system for possible vulnerabilities and checking compliance with correctness of business logic. The paper gives an example of analysis of security policies of the big data management system using the developed software prototype and analyzes the obtained results.

1. . Mushtaq M. S. et al. Security, integrity, and privacy of cloud computing and big data //Security and Privacy Trends in Cloud Computing and Big Data. – 2022. – С. 19-51.

2. . Yung L. R. B., Ströele V., Dantas M. A. R. A Polystore Proposed Environment Supported by an Edge-Fog Infrastructure //International Conference on Advanced Information Networking and Applications. – Cham : Springer International Publishing, 2023. – С. 292-302. doi: 10.1007/978-3-031-28451-9_26

3. . Gao J. Analysis of enterprise financial accounting information manage-ment from the perspective of big data //International Journal of Science and Research (IJSR). – 2022. – Т. 11. – №. 5. – С. 1272-1276.

4. . Vasa J., Thakkar A. Deep learning: Differential privacy preservation in the era of big data //Journal of Computer Information Systems. – 2023. – Т. 63. – №. 3. – С. 608-631. doi: 10.1080/08874417.2022.2089775

5. . Dhiman G. et al. Federated learning approach to protect healthcare data over big data scenario //Sustainability. – 2022. – Т. 14. – №. 5. – С. 1-14. doi: 10.3390/su14052500

6. . Strzelecki A., Rizun M. Consumers’ Change in Trust and Security after a Personal Data Breach in Online Shopping //Sustainability. – 2022. – Т. 14. – №. 10. – С. 1-17. doi: 10.3390/su14105866

7. . Zhuang Y. et al. Research on big data access control mechanism //International Journal of Computational Science and Engineering. – 2023. – Т. 26. – №. 2. – С. 192-198. doi: 10.1504/IJCSE.2023.129738

8. . Jiang R. et al. T-RBAC Model Based on Two-Dimensional Dynamic Trust Evaluation under Medical Big Data //Wireless Communications and Mobile Computing. – 2021. – Т. 2021. – С. 1-17. doi: 10.1155/2021/9957214

9. . Gupta M., Patwa F., Sandhu R. Object-tagged RBAC model for the Ha-doop ecosystem //IFIP Annual Conference on Data and Applications Secu-rity and Privacy. – Cham : Springer International Publishing, 2017. – С. 63-81. doi: 10.1007/978-3-319-61176-1_4

10. . Servos D., Osborn S. L. Current research and open problems in attribute-based access control //ACM Computing Surveys (CSUR). – 2017. – Т. 49. – №. 4. – С. 1-45. doi: 10.1145/3007204

11. . Zeng W., Yang Y., Luo B. Content-based access control: Use data content to assist access control for large-scale content-centric databases //2014 IEEE International Conference on Big Data (Big Data). – IEEE, 2014. – С. 701-710. doi: 10.1109/BigData.2014.7004294

12. . El Haourani L., Elkalam A. A., Ouahman A. A. Knowledge Based Access Control a model for security and privacy in the Big Data //Proceedings of the 3rd International Conference on Smart City Applications. – 2018. – С. 1-8. doi: 10.1145/3286606.3286793

13. . Anisetti M. et al. Dynamic and scalable enforcement of access control policies for big data //Proceedings of the 13th International Conference on Management of Digital EcoSystems. – 2021. – С. 71-78. doi: 10.1145/3444757.3485107

14. . Tall A. M., Zou C. C. A Framework for Attribute-Based Access Control in Processing Big Data with Multiple Sensitivities //Applied Sciences. – 2023. – Т. 13. – №. 2. – С. 1-28. doi: 10.3390/app13021183

15. . Colombo P., Ferrari E. Access control technologies for Big Data management systems: literature review and future trends //Cybersecurity. – 2019. – Т. 2. – №. 1. – С. 1-13. doi: 10.1186/s42400-018-0020-9

16. . Muneeshwari P., Athisha G. Extended artificial immune system–based op-timized access control for big data on a cloud environment //International Journal of Communication Systems. – 2020. – Т. 33. – №. 13. – С. e3947. C. 1-15. doi: 10.1002/dac.3947

17. . Mounnan O., Abou El Kalam A., El Haourani L. Decentralized access con-trol infrastructure using blockchain for big data //2019 IEEE/ACS 16th International Conference on Computer Systems and Applications (AICCSA). – IEEE, 2019. – С. 1-8. doi: 10.1109/AICCSA47632.2019.9035221

18. . Vijayalakshmi K., Jayalakshmi V. Shared access control models for big data: a perspective study and analysis //Proceedings of International Conference on Intelligent Computing, Information and Control Systems: ICICCS 2020. – Springer Singapore, 2021. – С. 397-410. doi: 10.1007/978-981-15-8443-5_33

19. . Hu V. C. et al. An access control scheme for big data processing //10th IEEE International Conference on Collaborative Computing: Networking, Applications and Worksharing. – IEEE, 2014. – С. 1-7. doi: 10.4108/icst.collaboratecom.2014.257649

20. . Oussous A. et al. Big Data technologies: A survey //Journal of King Saud University-Computer and Information Sciences. – 2018. – Т. 30. – №. 4. – С. 431-448. doi: 10.1016/j.jksuci.2017.06.001

21. . Centonze P. Security and Privacy Frameworks for Access Control Big Data Systems //Computers, Materials & Continua. – 2019. – Т. 59. – №. 2. – С. 361-374

22. . Dziedzic A., Elmore A. J., Stonebraker M. Data transformation and migration in polystores //2016 IEEE High Performance Extreme Computing Conference (HPEC). – IEEE, 2016. – С. 1-6. doi: 10.1109/HPEC.2016.7761594

23. . Kroll J. A., Kohli N., Laskowski P. Privacy and policy in polystores: a data management research agenda //Heterogeneous Data Management, Polystores, and Analytics for Healthcare: VLDB 2019 Workshops, Poly and DMAH, Los Angeles, CA, USA, August 30, 2019, Revised Selected Papers 5. – Springer International Publishing, 2019. – С. 68-81. doi: 10.1007/978-3-030-33752-0_5

24. . Poudel M. et al. Processing analytical queries over polystore system for a large astronomy data repository //Applied Sciences. – 2022. – Т. 12. – №. 5. – С. 1-23. doi: 10.3390/app12052663

25. . Poltavtseva, M. A. Modeling Big Data Management Systems in Information Security / M. A. Poltavtseva, M. O. Kalinin // Automatic Control and Computer Sciences. – 2019. – Vol. 53, No. 8. – C. 895-902. doi: 10.3103/S014641161908025X

26. . Poltavtseva M. A. et al. Data protection in heterogeneous big data sys-tems //Journal of Computer Virology and Hacking Techniques. – 2023. – С. 1-8. doi: 10.1007/s11416-023-00472-3

27. . Sahani G., Thaker C., Shah S. Supervised Learning-Based Approach Min-ing ABAC Rules from Existing RBAC Enabled Systems //EAI Endorsed Transactions on Scalable Information Systems. – 2022. – Т. 10. – №. 1. – С. 1-8. doi: 10.4108/eetsis.v5i16.1560

28. . Talegaon S. et al. Contemporaneous Update and Enforcement of ABAC Policies //Proceedings of the 27th ACM on Symposium on Access Control Models and Technologies. – 2022. – С. 31-42. doi: 10.1145/3532105.3535021

29. . Gupta T., Sural S. Ontology-based Evaluation of ABAC Policies for Inter-Organizational Resource Sharing //Proceedings of the 9th ACM Interna-tional Workshop on Security and Privacy Analytics. – 2023. – С. 85-94. doi: 10.1145/3579987.3586572

30. . Yang K. et al. An Efficient and Fi-ne-Grained Big Data Access Control Scheme With Privacy-Preserving Policy // IEEE Internet of Things Journal. – T. 4. – № 2. – С. 563-571. doi: 10.1109/JIOT.2016.2571718.