Download Slide - cse.sc.edu - University of South Carolina

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
Document related concepts
no text concepts found
Transcript 
Big Data Analytics
Are we at risk?
Dr. Csilla Farkas
Director
Center for Information Assurance Engineering (CIAE)
Department of Computer Science and Engineering
University of South Carolina, Columbia
1
Who is Impacted by Cyber Attacks?
2
Who is Impacted by Cyber Attacks?
3
Who is Impacted by Cyber Attacks?
4
Risk Assessment
• Business Policy Decision
• Communication between technical and
administrative employees
• Internal vs. external resources
• Legal and regulatory requirements
• Developing security capabilities
Optimal level of security
at a minimum cost
Cost
Security Investment
0%
Cost of Breaches
Security level
100%
5
Understanding Cyber Security Risk
2016 Cyber Security Threats
• Extortion Hacks
• Attacks That Change or
Manipulate Data
• Chip-and-PIN Innovations
• The Rise of the IoT Zombie
Botnet
• More Backdoors
Source: Wired,
http://www.wired.com/2016/01/thebiggest-security-threats-well-face-in-2016/
6
Security Objectives
Confidentiality: prevent/detect/deter improper
disclosure of information
 Integrity: prevent/detect/deter improper
modification of information
 Availability: prevent/detect/deter improper
denial of access to services

7
Traditional Data Security
• Independent from system and network
• Database Management System (DBMS) is
responsible for protecting data items
• Main database types:
– Enterprise
– Statistical
8
Sensitive Data
•
•
•
•
•
Inherently sensitive
From a sensitive source
Declared sensitive
Part of a sensitive attribute or record
In relation to previously disclosed information
9
Types of Disclosures
• Exact data
• Range of data
• Negative
results
• Existence
• Probable values
SSN: 111-22-3333
10
Access Control Mechanisms
•
•
•
•
•
Cryptography
Security through Views
Stored Procedures
Grant and Revoke
Query modification
11
Statistical Databases

Goal: provide aggregate information about groups of
individuals
 E.g.,

average grade point of students
Security risk: specific information about a particular
individual
 E.g.,
grade point of student John Smith
12
Statistical Data Protection
• Query restriction
• Data perturbation
• Output perturbation
?
?
13
Database Inference Attacks
General Purpose Database:
Non-confidential data + Metadata 
Undesired Inferences
Web Enabled Data:
Non-confidential data + Metadata (data and application
semantics) + Computational Power + Connectivity 
Undesired Inferences
14
What is Big Data?
/
Source: http://www.cagle.com/2010/05/internet-privacy
15
Big Data Characteristics
• Volume
– Simple SQL analytics (data warehouse)
– Complex analytics (clustering, trend detection, etc.)
• Variety
– Enterprise data: spreadsheets, documents, web pages
– Public data
• Velocity
– Live database
– Fast growth
Hadoop
16
Big Data Security
• Access Control
– Distributed, massively parallel processing
– Data at rest, in transit, during processing
• Inference control
– Discovery
– Sensitive metadata
– Use of discovered knowledge
17
Inference Example
• Latanya Sweeney, Director of Data Privacy
Lab, Harvard
• Only You, Your Doctor, and Many Others May
Know, Technology Science, 2015092903.
September 29, 2015.
18
Data Matching
Source: L. Sweeney, http://techscience.org/a/2015092903/
19
Present: Big Data Inferences
Private ?
Ontology
Data Integration
and
Inferences
Web Data
Secure ?
20
Future: Research Challenges
• Security for raw data
– Flexible access control
– Data removal
– Data quality
• Security for metadata
– Protection need of novel, new concept
– Metadata guided attacks
• Cross-context attacks
Semantic
Web
Technologies
– Correlate data across multiple contexts
21
Usability and Visualization
Facebook
Online Banking
Gmail
22
Questions?
23
National Center of Academic Excellence in
• Information Assurance Education
• Information Assurance Research
24
CIAE Mission
RESEARCH
OUTREACH
EDUCATION
25
CIAE Mission
RESEARCH
External funding
Peer-reviewed
publications
Ph.D. graduates
OUTREACH
EDUCATION
26
CIAE Mission
RESEARCH
OUTREACH
EDUCATION
IA courses
IA specialization
Applied Computing
Graduate IA Certificate
27
CIAE Mission
RESEARCH
OUTREACH
Collaborations
Academia
Government
Industry
EDUCATION
28
Center for Information Assurance
Engineering
http://www.cse.sc.edu/isl
Csilla Farkas
http://www.cse.sc.edu/~farkas
[email protected]
29
Related documents