OPEN ACCESS
The distributed data sources and strict security controls of the Enterprise Level Security (ELS) architecture present challenges for data mining. The ELS architecture is a secure enterprise system that enforces strict security controls in a uniform way across an enterprise. It includes end-to-end bilateral authentication for all human as well as machine interactions and verifiable claims-based access controls. Claims provisioning is automated and centrally managed based on authoritative attributes of active entities in the enterprise. While these security provisions are necessary for secure systems, they present some unique challenges to big data analyses. Key among these are non-standard schemas, non-standard access and privilege, restricted access to analysis outcomes, and overall privilege handling. Some of the distributed data sets may be fully or partially accessible, or even not accessible. Users with limited access may compute different results than those with broad access. We discuss the problems encountered for data mining in an ELS architecture and possible solutions.
access control, big data tools, escalation, privilege, security, standardized roles, standardized schemas.
[1] NIST, NIST Big Data Interoperability Framework (seven volumes), NIST Special Publication 1500-1, NIST Big Data Public Working Group (NBD-PWG) Definitions and Taxonomies Subgroup, Information Technology Laboratory, 2015.
[2] Magoulas, R. & Lorica, B., Introduction to Big Data. Release 2.0, O’Reilly Media: Sebastopol, CA, 2009.
[3] Siwach, G. & Esmailpour, A., Encrypted Search & Cluster Formation in Big Data. ASEE 2014 Zone I Conference. University of Bridgeport, Bridgeport, CT, March 2014.
[4] IETF RFC 2585, Internet X.509 Public Key Infrastructure Operational Protocols: FTP and HTTP, May 1999.
[5] Mishra, P. Maler, E., Cahill, C.P., Hughes, A.J., Beach, M., Metz, B.R., Randall, R., Wisniewski, T., Reid, E.I., Austel, P. & Hondo, M., Conformance Requirements for the OASIS Security Assertion Markup Language (SAML) V2.0. OASIS Standard, March 2005.
[6] Foltz, K. & Simpson, W., Enterprise level security – basic security model. 19th World MultiConference on Systemics, Cybernetics and Informatics, WMSCI 2016, Orlando, FL, March 2016, In Publication.
[7] Ullman, J., First Course in Database Systems, Prentice–Hall Inc., Simon & Schuster, 1997.
[8] Hershey, W. & Easthope, C., A set theoretic data structure and retrieval language. Spring Joint Computer Conference, May 1972 in ACM SIGIR Forum, 7(4), pp. 45–55, 1972.
[9] Oracle, My SQL Stored Programs and Views, available at http://docs.oracle.com/cd/E1907801/mysql/mysql-refman-5.0/stored-programs-views.html#stored-routines-syntax (accessed October 2014).
[10] Purdue, Using Stored Procedures to Set Views, available at https://www.cs.purdue.edu/homes/ ninghui/projects/Topics/DB_FineGrained.html (accessed October 2014).
[11] Simpson, W. & Chandersekaran, C., A SAML framework for delegation, attribution and least privilege, 3rd International Multi-Conference on Engineering and Technological Innovation, IMETI 2010, Vol. 2, pp. 303–308, Orlando, FL, 2010.
[12] Simpson, W. & Foltz, K., Lecture notes in engineering and computer science. World Congress on Engineering 2015, Wide Area Network Acceleration in a High Assurance Enterprise, pp. 502–507, London, July 2015.
[13] Simpson, W., Chandersekaran, C. & Foltz, K., Lecture notes in engineering and computer science. World Congress on Engineering and Computer Science 2014, Distributed versus Centralized Protection Schema for the Enterprise, pp. 68–73, Berkeley, CA, October 2015.
[14] Simpson, W. & Foltz, K., Lecture notes in engineering and computer science. Proceedings World Congress on Engineering and Computer Science 2015, Maintaining High Assurance in Asynchronous Messaging, Vol. 1, pp. 178–183, Berkeley, CA, October 2015.