Deakin University
Browse

File(s) under permanent embargo

GuardSpark++: Fine-Grained Purpose-Aware Access Control for Secure Data Sharing and Analysis in Spark

conference contribution
posted on 2020-01-01, 00:00 authored by T Xue, Y Wen, B Luo, B Zhang, Y Zheng, Y Hu, Y Li, Gang LiGang Li, D Meng
With the development of computing and communication technologies, extremely large amount of data has been collected, stored, utilized, and shared, while new security and privacy challenges arise. Existing platforms do not provide flexible and practical access control mechanisms for big data analytics applications. In this paper, we present GuardSpark++, a fine-grained access control mechanism for secure data sharing and analysis in Spark. In particular, we first propose a purpose-aware access control (PAAC) model, which introduces new concepts of data processing/operation purposes to conventional purpose-based access control. An automatic purpose analysis algorithm is developed to identify purposes from data analytics operations and queries, so that access control could be enforced accordingly. Moreover, we develop an access control mechanism in Spark Catalyst, which provides unified PAAC enforcement for heterogeneous data sources and upper-layer applications. We evaluate GuardSpark++ with five data sources and four structured data analytics engines in Spark. The experimental results show that GuardSpark++ provides effective access control functionalities with a very small performance overhead (average 3.97%).

History

Event

Computer Security Applications. Conference (2020 : Online)

Series

ICPS Proceedings

Pagination

582 - 596

Publisher

Association for Computing Machinery

Location

Online

Place of publication

New York, N.Y.

Start date

2020-12-07

End date

2020-12-11

ISBN-13

9781450388580

Language

eng

Publication classification

E1 Full written paper - refereed

Title of proceedings

ACSAC '20 : Proceedings of the Annual Computer Security Applications Conference

Usage metrics

    Research Publications

    Categories

    No categories selected

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC