trademark

Recommendations

Info

1.0 Secure Computations in Distributed Programming Frameworks (cont.) 1.3 De-identify data 1.3.1 Why? To prevent the identity of the data subject from being linked with external data. Such linking may compromise the subjects’ privacy. 1.3.2 How? All personally identifiable information (PII), such as name, address, social security number, etc., must be either masked or removed from data. In addition to PII, attention should also be given to the presence of quasi-identifiers, which include data items that can almost uniquely identify a data subject (e.g., zip code, date of birth, and gender). Technologies such as k-anonymity [Swe02] should be applied to reduce re-identification risks. 1.4 Authorize access to files with predefined security policy 1.4.1 Why? To ensure integrity of inputs to the mapper. 1.4.2 How? Mandatory access control (MAC). 1.5 Ensure that untrusted code does not leak information via system resources 1.5.1 Why? To ensure privacy. 1.5.2 How? Mandatory access control (MAC). Use Sentry for HBASE security using RBAC (role-based access controls). In Apache Hadoop, the block access token is configured to ensure that only authorized users are able to access the data blocks stored in data nodes. CLOUD SECURITY ALLIANCE Big Data Working Group Guidance © Copyright 2016, Cloud Security Alliance. All rights reserved. 10
1.0 Secure Computations in Distributed Programming Frameworks (cont.) 1.6 Prevent information leakage through output 1.6.1 Why? To ensure security and privacy. Data leakage may occur in many ways, which needs to be prevented (i.e. improper use of encryption). Debugging messages, uncontrolled output streams, logging functions and detailed error pages help attackers learn about the system and formulate attack plans. 1.6.2 How? • Use function sensitivity to prevent information leakage. • Shadow execution (i.e. communication towards external networks to obtain software version updates) is another aspect that needs to be taken into consideration. • Additionally, all data should be filtered on the network level (in-transit), in line with data loss prevention policies. • Sufficient de-identification of data also contributes to mitigation of the impact. 1.7 Maintain worker nodes 1.7.1 Why? To ensure proper functionality of worker nodes. 1.7.2 How? Frequently check for malfunctioning worker nodes and repair them. Ensure they are configured correctly. 1.8 Detect fake nodes 1.8.1 Why? To avoid attacks in cloud and virtual environments. 1.8.2 How? Build a framework to detect fake nodes introduced by creating snapshots of legitimate nodes. CLOUD SECURITY ALLIANCE Big Data Working Group Guidance © Copyright 2016, Cloud Security Alliance. All rights reserved. 11
Page 2 and 3: The permanent and official location
Page 4 and 5: Table of Contents (cont.) 3.1.1 Why
Page 6 and 7: Table of Contents (cont.) 8.7 Emplo
Page 8 and 9: Introduction The term “big data
Page 12 and 13: 1.0 Secure Computations in Distribu
Page 14 and 15: 2.0 Security Best Practices for Non
Page 16 and 17: 2.0 Security Best Practices for Non
Page 18 and 19: 3.0 Secure Data Storage and Transac
Page 20 and 21: 3.0 Secure Data Storage and Transac
Page 22 and 23: 4.0 Endpoint Input Validation/Filte
Page 24 and 25: 4.0 Enpoint Input Validation/Filter
Page 26 and 27: 4.0 Enpoint Input Validation/Filter
Page 28 and 29: 5.0 Real-Time Security/Compliance M
Page 30 and 31: 5.0 Real-Time Security/Compliance M
Page 32 and 33: 6.0 Scalable and Composable Privacy
Page 38 and 39: 7.0 Cryptographic Technologies for
Page 44 and 45: 8.0 Granular Access Control (cont.)
Page 46 and 47: 8.0 Granular Access Control (cont.)
Page 48 and 49: 9.0 Granular Audits It is a best pr
Page 50 and 51: 9.0 Granular Audits (cont.) 9.5 Saf
Page 52 and 53: 9.0 Granular Audits (cont.) 9.10 Cr
Page 54 and 55: 10.0 Data Provenance (cont.) the da
Page 56 and 57: 10.0 Data Provenance (cont.) 10.5 I
Page 58 and 59: 10.0 Data Provenance (cont.) hashed
Page 60 and 61:
References [ABC+07] Giuseppe Atenie
Page 62 and 63:
References (cont.) [KL10] Seny Kama
show all

trademark

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?