File(s) under permanent embargo
GuardSpark++: Fine-Grained Purpose-Aware Access Control for Secure Data Sharing and Analysis in Spark
conference contribution
posted on 2020-01-01, 00:00 authored by T Xue, Y Wen, B Luo, B Zhang, Y Zheng, Y Hu, Y Li, Gang LiGang Li, D MengWith the development of computing and communication technologies, extremely large amount of data has been collected, stored, utilized, and shared, while new security and privacy challenges arise. Existing platforms do not provide flexible and practical access control mechanisms for big data analytics applications. In this paper, we present GuardSpark++, a fine-grained access control mechanism for secure data sharing and analysis in Spark. In particular, we first propose a purpose-aware access control (PAAC) model, which introduces new concepts of data processing/operation purposes to conventional purpose-based access control. An automatic purpose analysis algorithm is developed to identify purposes from data analytics operations and queries, so that access control could be enforced accordingly. Moreover, we develop an access control mechanism in Spark Catalyst, which provides unified PAAC enforcement for heterogeneous data sources and upper-layer applications. We evaluate GuardSpark++ with five data sources and four structured data analytics engines in Spark. The experimental results show that GuardSpark++ provides effective access control functionalities with a very small performance overhead (average 3.97%).
History
Event
Computer Security Applications. Conference (2020 : Online)Series
ICPS ProceedingsPagination
582 - 596Publisher
Association for Computing MachineryLocation
OnlinePlace of publication
New York, N.Y.Publisher DOI
Start date
2020-12-07End date
2020-12-11ISBN-13
9781450388580Language
engPublication classification
E1 Full written paper - refereedTitle of proceedings
ACSAC '20 : Proceedings of the Annual Computer Security Applications ConferenceUsage metrics
Categories
No categories selectedKeywords
Licence
Exports
RefWorks
BibTeX
Ref. manager
Endnote
DataCite
NLM
DC