Current Security Threats and Prevention Measures Relating to Cloud Services, Hadoop Concurrent Processing, and Big DataATHER SHARIF, SARAH COONEY, SHENGQI GONG, DREW VITEK

DEPARTMENT OF COMPUTER SCIENCE

SAINT JOSEPH’S UNIVERSITY

Introduction and Motivation

“Big Data” has become a buzzword in almost every industry

Cloud based services are becoming increasingly popular for data storage and analysis

Massive data breaches are still all too common The security of cloud services is very much reliant on

the measures taken by the service provider As future computer scientists, we feel that

knowledge of Big Data and Cloud security measures is invaluable.

Cloud Services

In 2013 50% of US businesses were using some type of cloud service

“Notorious Nine Cloud Computing Threats”

1. Abuse of Cloud Services2. Account or Service

Traffic Hijacking3. Data Breaches4. Data Loss5. Denial of Service

6. Insecure Interfaces and

APIs7. Insufficient Due

Diligence8. Malicious Insiders9. Shared Technology

Vulnerabilities

Verizon Cloud Security 4 Layered Approach…

Physical Security Measures• Around-the-Clock Video Monitoring, Biometric Accesses, On-Site Guards• Employee Background Checks and Regular Security Training

Data Access and Storage Policies and Procedures• Password Policies, User Authentication and Access Control• Data Encryption, Denial of Service Detection, Firewall Integration

Extra and Customizable Security Features• Customizable Firewall and VPN, Preconfigured Security Tools• Intelligent Security Management System

Checks on Completeness and Compliance of Other Layers• Compliance with Established Security Standards• Agile Methodology for Bug Fixes

Base Security

Logical Security

Value Added Security

Governance Risk &

Compliance

Big Data

In general, security risks associated with Big Data can be categorized by three V’s…

1. Volume…

2. Velocity…

3. Variety…

Theoretical Sticky Policy Framework

Proposed by S. Li, T. Zhang, J. Gao, and Y. Park

Based on the EnCoRe project

Data Center Domain versus Trusted Authority Domain

Inside the Trusted Authority Domain

Identity and Key Management Engine Policy Engine

Policy PortalPolicy ControllerPolicy Negotiation ComponentPolicy Update ComponentEnforcement ComponentPolicy Store

Hadoop

Security Vulnerabilities in the Cloud Based SystemDifficult to locate and track the node

holding a specific file chunkChunk StealingChunk Injection

Twilio

Implementation of Hadoop via Amazon cloud services Access Control Based on:

Job RolesBucket PoliciesAccess Control Lists

Physical Security Measures Third Party Penetration Testing Every 6 Months Safe Harbor Compliance

Conclusion

With the continued increase in available data and growth in the use of cloud services, knowledge of how to secure these systems is imperative for any computer science professional, and will provide continued opportunity for jobs and research as we leave school to enter the professional world.