Abstract
Recent technologies, such as IoT, social networks, cloud computing, and data analytics, make today possible to collect huge amounts of data. However, for data to be used to their full power, data security and privacy are critical. Data security and privacy have been widely investigated over the past thirty years. However, today we face new issues in securing and protecting data, that result in new challenging research directions. Some of those challenges arise from increasing privacy concerns with respect to the use of such huge amount of data, and from the need of reconciling privacy with the use of data. Other challenges arise because the deployments of new data collection and processing devices, such as those used in IoT systems, increase the attack potential. In this paper, we discuss relevant concepts and approaches for Big Data security and privacy, and identify research challenges to be addressed to achieve comprehensive solutions to data security and privacy in the Big Data scenario.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
Data, data everywhere. The Economist, 25 February 2010, available at http://www.economist.com/node/15557443.
- 2.
- 3.
- 4.
Facebook Help Center - Tag Review. https://www.facebook.com/help/247746261926036/.
- 5.
References
T. Antignac, D. Le Metayer, Privacy by design: from technologies to architectures, in Bart Preneel and Demosthenes ed. by Ikonomou, Privacy Technologies and Policy, LNCS, vol. 8450 (Springer, Berlin, 2014)
L. Bahri, B. Carminati, E. Ferrari, COIP - continuous, operable, impartial, and privacy-aware identity validity estimation for OSN profiles. ACM Trans. Web 10(4), 23:1–23:41 (2016)
L. Bahri, B. Carminati, E. Ferrari, CARDS - collaborative audit and report data sharing for a-posteriori access control in DOSNs, in Proceedings of the 1st IEEE Conference on Collaboration and Internet Computing (CIC 2015) (2015)
C. Batini, M. Scannapieco, Data and Information Quality Dimensions, Principles and Techniques (Springer, Berlin, 2016)
E. Bertino, Data privacy for IoT systems: concepts, approaches, and research directions, in Proceedings of the IEEE International Conference on Big Data (BigData 2016) (2016)
E. Bertino, Data Protection from Insider Threats. Synthesis Lectures on Data Management (Morgan & Claypool Publishers, 2012)
E. Bertino, Data security and privacy: concepts, approaches, and research directions, in Proceedings of the 40th IEEE Computer Software and Applications Conference (COMPSAC 2016) (2016)
E. Bertino, R. Sandhu, Database security: concepts, approaches, and challenges. IEEE Trans. Dependable Sec. Comput. 2(1), 2–19 (2005)
O. Bodriagov, G. Kreitz, S. Buchegger, Access control in decentralized online social networks: applying a policy-hiding cryptographic scheme and evaluating its performance, in Pervasive Computing and Communications Workshops (PERCOM Workshops) (2014)
J.W. Byun, N. Li, Purpose based access control for privacy protection in relational database systems. The VLDB J. 17(4) (2008)
J.W. Byun, E. Bertino, N. Li, Purpose based access control of complex data for privacy protection, in Proceedings of the 10th ACM Symposium on Access Control Models and Technologies (SACMAT 2005) (2005)
J.W. Byun, A. Kamra, E. Bertino, N. Li, Efficient k-anonymization using clustering techniques, in Proceedings of the 12th Conference on Database Systems for Advanced Applications (DASFAA 2007) (2007)
J. Cao, E.-Y. Rao, E. Bertino, M. Kantarcioglu, A hybrid private record linkage scheme: separating differentially private synopses from matching records, in Proceedings of the 31st Conference on Data Engineering (ICDE 2015) (2015)
B. Carminati, P. Colombo, E. Ferrari, G. Sagirlar, Enhancing user control on personal data usage in internet of things ecosystems, in Proceedings of the IEEE International Conference on Services Computing (SCC 2016) (2016)
B. Carminati, E. Ferrari, M. Viviani, Security and trust in online social networks. Synthesis Lectures on Information Security, Privacy, and Trust (Morgan & Claypool Publishers, 2013)
P. Colombo, E. Ferrari, Enhancing MongoDB with purpose based access control. IEEE Trans. Dependable Sec. Comput. to appear
P. Colombo, E. Ferrari, Towards a unifying attribute based access control approach for NoSQL datastores, in Proceedings of the 33rd IEEE Conference on Data Engineering (ICDE 2017), to appear
P. Colombo, E. Ferrari, Towards virtual private NoSQL datastores, in Proceedings of the 32nd IEEE Conference on Data Engineering (ICDE 2016) (2016)
P. Colombo, E. Ferrari, Privacy aware access control for big data: a research roadmap. Big Data Res. 2(4), 145–154 (2015)
P. Colombo, E. Ferrari, Enforcing obligations within relational database management systems. IEEE Trans. Dependable Sec. Comput. 11(4), 318–331 (2014)
P. Colombo, E. Ferrari, Enforcement of purpose based access control within relational database management systems. IEEE Trans. Knowl. Data Eng. 26(11), 2703–2716 (2014)
Y.A. De Montjoye, E. Shmueli, S.S. Wang, A.S. Pentlan, openPDS: protecting the privacy of metadata through safe answers, in PLoS One (2014)
D.E. Denning, P.J. Denning, Data security. ACM Comput. Surv. 11(3), 227–249 (1979)
C. Dwork, A. Roth, The algorithmic foundations of differential privacy. Found. Trends Theor. Comput. Sci. 9(3–4), 211–407 (2014)
D. Florescu, G. Fourny, JSONiq: the history of a query language. IEEE Int. Comput. 17(5) (2013)
J. Habibi, A. Panicker, A. Gupta, E. Bertino, DisARM: mitigating buffer overflow attacks on embedded devices, in Proceedings of the 9th Conference on Network and System Security (NSS 2015) (2015)
S. Hajian, J. Domingo-Ferrer, A. Monreale, D. Pedreschi, F. Giannotti, Discrimination- and privacy-aware patterns. Data Min. Knowl. Discov. 29(6), 1733–1782 (2015)
B.-Z. He, C.-M. Chen, Y.-P. Su, H.-M. Sun, A defense scheme against identity theft attack based on multiple social networks. Expert Syst. Appl. 41(5), 2345–2352 (2014)
J.L. Hernandez-Ramos, D.G. Carrillo, R. Marin-Lopez, A.F. Skarmeta, Dynamic security credentials pana-based provisioning for IoT smart objects, in Proceedings of the IEEE 2nd World Forum on Internet of Things (WF-IoT’15) (2015)
H. Hu, G.J. Ahn, J. Jorgensen, Multiparty access control for online social networks: model and mechanisms. IEEE Trans. Knowl. Data Eng. 25, 1614–1627 (2013)
P. Ilia, B. Carminati, E. Ferrari, P. Fragopoulou, S. Ioannidis, SAMPAC: socially-aware collaborative multi-party access control, in Proceedings of the 7th ACM Conference on Data and Applications Security and Privacy (CODASPY 2017) (2017)
S. Jahid, S. Nilizadeh, P. Mittal, N. Borisov, A. Kapadia, Decent: a decentralized architecture for enforcing privacy in online social networks, in Pervasive Computing and Communications Workshops (PERCOM Workshops) (2012)
J. Jiang, Z.F. Shan, X. Wang, L. Zhang, Y.F. Dai, Understanding sybil groups in the wild. J. Comput. Sci. Technol. 30(6), 1344–1357 (2015)
L. Jin, H. Takabi, J.B. Joshi, Towards active detection of identity clone attacks on online social networks, in Proceedings of the 1st ACM Conference on Data and Application Security and Privacy (2011)
D. Kulkarni, A fine-grained access control model for key-value systems, in Proceedings of the 3rd ACM Conference on Data and Application Security and Privacy (CODASPY 2013) (2013)
D. Lin, P. Rao, E. Bertino, N. Li, J. Lobo, EXAM: a comprehensive environment for the analysis of access control policies. Int. J. Inf. Sec. (IJIS) 9(4), 253–273 (2010)
J. Longstaff, J. Noble, Attribute based access control for big data applications by query modification, in Proceedings of IEEE BigDataService (2016)
M. Madejski, M.L. Johnson, S.M. Bellovin, The failure of online social network privacy settings. Columbia University Academic Commons (2011)
O. Mazhelis et al., Towards enabling privacy preserving smart city apps, in Proceedings of the IEEE Smart Cities Conference (2016)
D. Midi, E. Bertino, Node or Link? Fine-Grained Analysis of Packet Loss Attacks in Wireless Sensor Networks. ACM Trans. Sens. Netw. 12(2) (2016). Accepted for publication
D. Midi, T. Payer, E. Bertino, nesCheck: Memory Safety for Embedded Devices, submitted for publication
S. Mitter, C. Wagner, M. Strohmaier, Understanding the impact of socialbot attacks in online social networks. arXiv preprint arXiv:1402.6289 (2014)
A.A. Mudgerikar, A. Singla, I. Papapanagiotou, A.A. Yavuz, HAA: hardware-accelerated authentication for internet of things in mission critical vehicular networks, in Proceedings of the 34th Conference for Military Communications (IEEE MILCOM 2015) (2015)
A. Narayanan, V. Toubiana, S. Barocas, H. Nissenbaum, D. Boneh, A critical look at decentralized personal data architectures. arXiv preprint arXiv:1202.4503 (2012)
Q. Ni, J. Lobo, S.B. Calo, P. Rohatgi, E. Bertino, Automating role-based provisioning by learning from examples, in Proceedings of the 14th ACM Symposium on Access Control Models and Technologies (SACMAT 2009) (2009)
K.W. Ong, Y. Papakonstantinou, R. Vernoux, The SQL++ unifying semi-structured query language, and an expressiveness benchmark of SQL-on-Hadoop, NoSQL and NewSQL databases. CoRR, arXiv:1405.3631 (2014)
S.H. Seo, J. Won, E. Bertino, pCLSC-TKEM: a Pairing-free Certificateless Signcryption-tag key encapsulation mechanism for a privacy-preserving IoT. Trans. Data Priv. (2016)
S. Sultana, E. Bertino, A Distributed system for the management of fine-grained provenance. J. Database Manag. 26(2), 32–47 (2015)
H. Ulusoy, P. Colombo, E. Ferrari, M. Kantarcioglu, E. Pattuk, GuardMR: fine-grained security policy enforcement for MapReduce systems, in Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security (ASIACCS’15) (2015)
H.X. Wang, K. Nayak, C. Liu, E. Shi, E. Stefanov, Y. Huang, Oblivious data structures. IACR Cryptology ePrint Archive (2014)
S.D. Warren, L.D. Brandeis, The Right to Privacy. Harvard Law Review (1890), pp. 193–220
A. Westin, Privacy And Freedom (Atheneum, New York, 1967), p. 7
J. Won, S.H. Seo, E. Bertino, A secure communication protocol for drones and smart objects, in Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security (ASIACCS ’15) (2015)
H. Yu, P.B. Gibbons, M. Kaminsky, F. Xiao, Sybillimit: a near-optimal social network defense against sybil attacks, in Proceedings of the IEEE Symposium on Security and Privacy (2008)
Acknowledgements
The work reported in this paper is partially supported by NSF under the grant ACI-1547358.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG
About this chapter
Cite this chapter
Bertino, E., Ferrari, E. (2018). Big Data Security and Privacy. In: Flesca, S., Greco, S., Masciari, E., Saccà , D. (eds) A Comprehensive Guide Through the Italian Database Research Over the Last 25 Years. Studies in Big Data, vol 31. Springer, Cham. https://doi.org/10.1007/978-3-319-61893-7_25
Download citation
DOI: https://doi.org/10.1007/978-3-319-61893-7_25
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-61892-0
Online ISBN: 978-3-319-61893-7
eBook Packages: EngineeringEngineering (R0)