Skip to main content
SpringerLink
Log in

Big Data Security and Privacy

  • Chapter
  • First Online:
A Comprehensive Guide Through the Italian Database Research Over the Last 25 Years

Part of the book series: Studies in Big Data ((SBD,volume 31))

Abstract

Recent technologies, such as IoT, social networks, cloud computing, and data analytics, make today possible to collect huge amounts of data. However, for data to be used to their full power, data security and privacy are critical. Data security and privacy have been widely investigated over the past thirty years. However, today we face new issues in securing and protecting data, that result in new challenging research directions. Some of those challenges arise from increasing privacy concerns with respect to the use of such huge amount of data, and from the need of reconciling privacy with the use of data. Other challenges arise because the deployments of new data collection and processing devices, such as those used in IoT systems, increase the attack potential. In this paper, we discuss relevant concepts and approaches for Big Data security and privacy, and identify research challenges to be addressed to achieve comprehensive solutions to data security and privacy in the Big Data scenario.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 169.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 219.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 219.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    Data, data everywhere. The Economist, 25 February 2010, available at http://www.economist.com/node/15557443.

  2. 2.

    https://www.statista.com.

  3. 3.

    http://europa.eu/rapid/press-release_MEMO-15-6385_en.htm.

  4. 4.

    Facebook Help Center - Tag Review. https://www.facebook.com/help/247746261926036/.

  5. 5.

    https://www.owasp.org/index.php/OWASP_Internet_of_Things_Project.

References

  1. T. Antignac, D. Le Metayer, Privacy by design: from technologies to architectures, in Bart Preneel and Demosthenes ed. by Ikonomou, Privacy Technologies and Policy, LNCS, vol. 8450 (Springer, Berlin, 2014)

    Google Scholar 

  2. L. Bahri, B. Carminati, E. Ferrari, COIP - continuous, operable, impartial, and privacy-aware identity validity estimation for OSN profiles. ACM Trans. Web 10(4), 23:1–23:41 (2016)

    Google Scholar 

  3. L. Bahri, B. Carminati, E. Ferrari, CARDS - collaborative audit and report data sharing for a-posteriori access control in DOSNs, in Proceedings of the 1st IEEE Conference on Collaboration and Internet Computing (CIC 2015) (2015)

    Google Scholar 

  4. C. Batini, M. Scannapieco, Data and Information Quality Dimensions, Principles and Techniques (Springer, Berlin, 2016)

    Google Scholar 

  5. E. Bertino, Data privacy for IoT systems: concepts, approaches, and research directions, in Proceedings of the IEEE International Conference on Big Data (BigData 2016) (2016)

    Google Scholar 

  6. E. Bertino, Data Protection from Insider Threats. Synthesis Lectures on Data Management (Morgan & Claypool Publishers, 2012)

    Google Scholar 

  7. E. Bertino, Data security and privacy: concepts, approaches, and research directions, in Proceedings of the 40th IEEE Computer Software and Applications Conference (COMPSAC 2016) (2016)

    Google Scholar 

  8. E. Bertino, R. Sandhu, Database security: concepts, approaches, and challenges. IEEE Trans. Dependable Sec. Comput. 2(1), 2–19 (2005)

    Article  Google Scholar 

  9. O. Bodriagov, G. Kreitz, S. Buchegger, Access control in decentralized online social networks: applying a policy-hiding cryptographic scheme and evaluating its performance, in Pervasive Computing and Communications Workshops (PERCOM Workshops) (2014)

    Google Scholar 

  10. J.W. Byun, N. Li, Purpose based access control for privacy protection in relational database systems. The VLDB J. 17(4) (2008)

    Google Scholar 

  11. J.W. Byun, E. Bertino, N. Li, Purpose based access control of complex data for privacy protection, in Proceedings of the 10th ACM Symposium on Access Control Models and Technologies (SACMAT 2005) (2005)

    Google Scholar 

  12. J.W. Byun, A. Kamra, E. Bertino, N. Li, Efficient k-anonymization using clustering techniques, in Proceedings of the 12th Conference on Database Systems for Advanced Applications (DASFAA 2007) (2007)

    Google Scholar 

  13. J. Cao, E.-Y. Rao, E. Bertino, M. Kantarcioglu, A hybrid private record linkage scheme: separating differentially private synopses from matching records, in Proceedings of the 31st Conference on Data Engineering (ICDE 2015) (2015)

    Google Scholar 

  14. B. Carminati, P. Colombo, E. Ferrari, G. Sagirlar, Enhancing user control on personal data usage in internet of things ecosystems, in Proceedings of the IEEE International Conference on Services Computing (SCC 2016) (2016)

    Google Scholar 

  15. B. Carminati, E. Ferrari, M. Viviani, Security and trust in online social networks. Synthesis Lectures on Information Security, Privacy, and Trust (Morgan & Claypool Publishers, 2013)

    Google Scholar 

  16. P. Colombo, E. Ferrari, Enhancing MongoDB with purpose based access control. IEEE Trans. Dependable Sec. Comput. to appear

    Google Scholar 

  17. P. Colombo, E. Ferrari, Towards a unifying attribute based access control approach for NoSQL datastores, in Proceedings of the 33rd IEEE Conference on Data Engineering (ICDE 2017), to appear

    Google Scholar 

  18. P. Colombo, E. Ferrari, Towards virtual private NoSQL datastores, in Proceedings of the 32nd IEEE Conference on Data Engineering (ICDE 2016) (2016)

    Google Scholar 

  19. P. Colombo, E. Ferrari, Privacy aware access control for big data: a research roadmap. Big Data Res. 2(4), 145–154 (2015)

    Article  Google Scholar 

  20. P. Colombo, E. Ferrari, Enforcing obligations within relational database management systems. IEEE Trans. Dependable Sec. Comput. 11(4), 318–331 (2014)

    Article  Google Scholar 

  21. P. Colombo, E. Ferrari, Enforcement of purpose based access control within relational database management systems. IEEE Trans. Knowl. Data Eng. 26(11), 2703–2716 (2014)

    Article  Google Scholar 

  22. Y.A. De Montjoye, E. Shmueli, S.S. Wang, A.S. Pentlan, openPDS: protecting the privacy of metadata through safe answers, in PLoS One (2014)

    Google Scholar 

  23. D.E. Denning, P.J. Denning, Data security. ACM Comput. Surv. 11(3), 227–249 (1979)

    Article  MATH  Google Scholar 

  24. C. Dwork, A. Roth, The algorithmic foundations of differential privacy. Found. Trends Theor. Comput. Sci. 9(3–4), 211–407 (2014)

    MathSciNet  MATH  Google Scholar 

  25. D. Florescu, G. Fourny, JSONiq: the history of a query language. IEEE Int. Comput. 17(5) (2013)

    Google Scholar 

  26. J. Habibi, A. Panicker, A. Gupta, E. Bertino, DisARM: mitigating buffer overflow attacks on embedded devices, in Proceedings of the 9th Conference on Network and System Security (NSS 2015) (2015)

    Google Scholar 

  27. S. Hajian, J. Domingo-Ferrer, A. Monreale, D. Pedreschi, F. Giannotti, Discrimination- and privacy-aware patterns. Data Min. Knowl. Discov. 29(6), 1733–1782 (2015)

    Article  MathSciNet  Google Scholar 

  28. B.-Z. He, C.-M. Chen, Y.-P. Su, H.-M. Sun, A defense scheme against identity theft attack based on multiple social networks. Expert Syst. Appl. 41(5), 2345–2352 (2014)

    Article  Google Scholar 

  29. J.L. Hernandez-Ramos, D.G. Carrillo, R. Marin-Lopez, A.F. Skarmeta, Dynamic security credentials pana-based provisioning for IoT smart objects, in Proceedings of the IEEE 2nd World Forum on Internet of Things (WF-IoT’15) (2015)

    Google Scholar 

  30. H. Hu, G.J. Ahn, J. Jorgensen, Multiparty access control for online social networks: model and mechanisms. IEEE Trans. Knowl. Data Eng. 25, 1614–1627 (2013)

    Article  Google Scholar 

  31. P. Ilia, B. Carminati, E. Ferrari, P. Fragopoulou, S. Ioannidis, SAMPAC: socially-aware collaborative multi-party access control, in Proceedings of the 7th ACM Conference on Data and Applications Security and Privacy (CODASPY 2017) (2017)

    Google Scholar 

  32. S. Jahid, S. Nilizadeh, P. Mittal, N. Borisov, A. Kapadia, Decent: a decentralized architecture for enforcing privacy in online social networks, in Pervasive Computing and Communications Workshops (PERCOM Workshops) (2012)

    Google Scholar 

  33. J. Jiang, Z.F. Shan, X. Wang, L. Zhang, Y.F. Dai, Understanding sybil groups in the wild. J. Comput. Sci. Technol. 30(6), 1344–1357 (2015)

    Article  Google Scholar 

  34. L. Jin, H. Takabi, J.B. Joshi, Towards active detection of identity clone attacks on online social networks, in Proceedings of the 1st ACM Conference on Data and Application Security and Privacy (2011)

    Google Scholar 

  35. D. Kulkarni, A fine-grained access control model for key-value systems, in Proceedings of the 3rd ACM Conference on Data and Application Security and Privacy (CODASPY 2013) (2013)

    Google Scholar 

  36. D. Lin, P. Rao, E. Bertino, N. Li, J. Lobo, EXAM: a comprehensive environment for the analysis of access control policies. Int. J. Inf. Sec. (IJIS) 9(4), 253–273 (2010)

    Article  Google Scholar 

  37. J. Longstaff, J. Noble, Attribute based access control for big data applications by query modification, in Proceedings of IEEE BigDataService (2016)

    Google Scholar 

  38. M. Madejski, M.L. Johnson, S.M. Bellovin, The failure of online social network privacy settings. Columbia University Academic Commons (2011)

    Google Scholar 

  39. O. Mazhelis et al., Towards enabling privacy preserving smart city apps, in Proceedings of the IEEE Smart Cities Conference (2016)

    Google Scholar 

  40. D. Midi, E. Bertino, Node or Link? Fine-Grained Analysis of Packet Loss Attacks in Wireless Sensor Networks. ACM Trans. Sens. Netw. 12(2) (2016). Accepted for publication

    Google Scholar 

  41. D. Midi, T. Payer, E. Bertino, nesCheck: Memory Safety for Embedded Devices, submitted for publication

    Google Scholar 

  42. S. Mitter, C. Wagner, M. Strohmaier, Understanding the impact of socialbot attacks in online social networks. arXiv preprint arXiv:1402.6289 (2014)

  43. A.A. Mudgerikar, A. Singla, I. Papapanagiotou, A.A. Yavuz, HAA: hardware-accelerated authentication for internet of things in mission critical vehicular networks, in Proceedings of the 34th Conference for Military Communications (IEEE MILCOM 2015) (2015)

    Google Scholar 

  44. A. Narayanan, V. Toubiana, S. Barocas, H. Nissenbaum, D. Boneh, A critical look at decentralized personal data architectures. arXiv preprint arXiv:1202.4503 (2012)

  45. Q. Ni, J. Lobo, S.B. Calo, P. Rohatgi, E. Bertino, Automating role-based provisioning by learning from examples, in Proceedings of the 14th ACM Symposium on Access Control Models and Technologies (SACMAT 2009) (2009)

    Google Scholar 

  46. K.W. Ong, Y. Papakonstantinou, R. Vernoux, The SQL++ unifying semi-structured query language, and an expressiveness benchmark of SQL-on-Hadoop, NoSQL and NewSQL databases. CoRR, arXiv:1405.3631 (2014)

  47. S.H. Seo, J. Won, E. Bertino, pCLSC-TKEM: a Pairing-free Certificateless Signcryption-tag key encapsulation mechanism for a privacy-preserving IoT. Trans. Data Priv. (2016)

    Google Scholar 

  48. S. Sultana, E. Bertino, A Distributed system for the management of fine-grained provenance. J. Database Manag. 26(2), 32–47 (2015)

    Article  Google Scholar 

  49. H. Ulusoy, P. Colombo, E. Ferrari, M. Kantarcioglu, E. Pattuk, GuardMR: fine-grained security policy enforcement for MapReduce systems, in Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security (ASIACCS’15) (2015)

    Google Scholar 

  50. H.X. Wang, K. Nayak, C. Liu, E. Shi, E. Stefanov, Y. Huang, Oblivious data structures. IACR Cryptology ePrint Archive (2014)

    Google Scholar 

  51. S.D. Warren, L.D. Brandeis, The Right to Privacy. Harvard Law Review (1890), pp. 193–220

    Google Scholar 

  52. A. Westin, Privacy And Freedom (Atheneum, New York, 1967), p. 7

    Google Scholar 

  53. J. Won, S.H. Seo, E. Bertino, A secure communication protocol for drones and smart objects, in Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security (ASIACCS ’15) (2015)

    Google Scholar 

  54. H. Yu, P.B. Gibbons, M. Kaminsky, F. Xiao, Sybillimit: a near-optimal social network defense against sybil attacks, in Proceedings of the IEEE Symposium on Security and Privacy (2008)

    Google Scholar 

Download references

Acknowledgements

The work reported in this paper is partially supported by NSF under the grant ACI-1547358.

Author information

Authors and Affiliations

  1. Computer Science Department, Purdue University, West Lafayette, IN, USA

    Elisa Bertino

  2. Department of Theoretical and Applied Sciences, University of Insubria, Via Mazzini 5, Varese, Italy

    Elena Ferrari

Authors
  1. Elisa Bertino
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Elena Ferrari
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Elena Ferrari .

Editor information

Editors and Affiliations

  1. University of Calabria, Rende, Italy

    Sergio Flesca

  2. University of Calabria, Rende, Italy

    Sergio Greco

  3. ICAR-CNR, Rende, Italy

    Elio Masciari

  4. University of Calabria, Rende, Italy

    Domenico Saccà

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer International Publishing AG

About this chapter

Cite this chapter

Bertino, E., Ferrari, E. (2018). Big Data Security and Privacy. In: Flesca, S., Greco, S., Masciari, E., Saccà, D. (eds) A Comprehensive Guide Through the Italian Database Research Over the Last 25 Years. Studies in Big Data, vol 31. Springer, Cham. https://doi.org/10.1007/978-3-319-61893-7_25

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-61893-7_25

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-61892-0

  • Online ISBN: 978-3-319-61893-7

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation