Nowadays, Big Data management and processing is crucial for any business to succeed in the data-driven world. Given the volume of sensitive information being captured, any unauthorized or accidental disclosure of or access to the data can have severe consequences for companies. Many organisations attempt to secure data by means of e.g. encryption and/or architectural solutions. Implementing a supplementary access control (AC) mechanism can be very effective in reducing the attack surface for the most common types of data breaches, such as data leakage or data theft. Two complementary aspects need to be considered: the definition and management of access permissions (AC models) and the application of those restrictions (mechanisms and technologies for AC).
Related to this, there is a need for reliable authentication and identity management solutions. Authentication is the basic building block on top of which it is possible to develop so-called "zero-trust architectures," i.e. systems that are based on the notion of distrusting any entity (user or application) until the latter is authenticated at an appropriate level of assurance so that afterwards, entities can be accountably authorized according to a predefined set of access control policies. The security of identity management protocols, based on standards (such as OAuth/OpenID Connect), is a mandatory prerequisite for building solutions for access control. The deployment of such protocols has proved to be difficult because they inherit the difficulties of designing, implementing, and deploying the cryptographic mechanisms on top of which they are built.
Another important aspect is who is in control of data protection. It may be preferable in some applications that users control themselves how much of their data is shared and with whom. However, in other contexts, companies handling data have to ensure that it remains secure, in order to respect compliance regulations. Both solutions are needed and can be combined to ensure data protection.
Authentication and authorization bring many challenges ranging from technical (such as security and interoperability) to legal and regulatory (such as data protection and privacy). Even if some practical approaches, mostly platform specific, exist, research efforts are still needed for the design and enforcement of new solutions in Big Data platforms.
Topics may include but are not limited to:
- Authorization/authentication frameworks for different kinds of systems (Distributed systems, Cloud, Fog and Edge-computing systems, IoT systems, mobile systems, etc.),
- Access control at different levels (Infrastructure level, platform level, data level),
- Zero Trust authorization/authentication approaches (encompassing users, applications and infrastructure),
- Authentication and Identity management (e.g. federated identity, Identity of Things),
- Privacy-Enhancing Technologies for Identity Management,
- Trust Frameworks for Identity Management Solutions,
- Risk-based Authentication Mechanisms,
- Theoretical (formal) models of access control for Big Data,
- Data models and languages for access control, Multi-level security (MLS) access control, attribute-based access control, cryptographic access control,
- Access control in data stream processing,
- Access control policies analysis and verification (using formal methods, machine learning, data mining techniques, etc),
- Access control policies administration and reasoning.
Keywords:
Security policies, access control, Big Data, data protection, data management systems.
Important Note:
All contributions to this Research Topic must be within the scope of the section and journal to which they are submitted, as defined in their mission statements. Frontiers reserves the right to guide an out-of-scope manuscript to a more suitable section or journal at any stage of peer review.
Nowadays, Big Data management and processing is crucial for any business to succeed in the data-driven world. Given the volume of sensitive information being captured, any unauthorized or accidental disclosure of or access to the data can have severe consequences for companies. Many organisations attempt to secure data by means of e.g. encryption and/or architectural solutions. Implementing a supplementary access control (AC) mechanism can be very effective in reducing the attack surface for the most common types of data breaches, such as data leakage or data theft. Two complementary aspects need to be considered: the definition and management of access permissions (AC models) and the application of those restrictions (mechanisms and technologies for AC).
Related to this, there is a need for reliable authentication and identity management solutions. Authentication is the basic building block on top of which it is possible to develop so-called "zero-trust architectures," i.e. systems that are based on the notion of distrusting any entity (user or application) until the latter is authenticated at an appropriate level of assurance so that afterwards, entities can be accountably authorized according to a predefined set of access control policies. The security of identity management protocols, based on standards (such as OAuth/OpenID Connect), is a mandatory prerequisite for building solutions for access control. The deployment of such protocols has proved to be difficult because they inherit the difficulties of designing, implementing, and deploying the cryptographic mechanisms on top of which they are built.
Another important aspect is who is in control of data protection. It may be preferable in some applications that users control themselves how much of their data is shared and with whom. However, in other contexts, companies handling data have to ensure that it remains secure, in order to respect compliance regulations. Both solutions are needed and can be combined to ensure data protection.
Authentication and authorization bring many challenges ranging from technical (such as security and interoperability) to legal and regulatory (such as data protection and privacy). Even if some practical approaches, mostly platform specific, exist, research efforts are still needed for the design and enforcement of new solutions in Big Data platforms.
Topics may include but are not limited to:
- Authorization/authentication frameworks for different kinds of systems (Distributed systems, Cloud, Fog and Edge-computing systems, IoT systems, mobile systems, etc.),
- Access control at different levels (Infrastructure level, platform level, data level),
- Zero Trust authorization/authentication approaches (encompassing users, applications and infrastructure),
- Authentication and Identity management (e.g. federated identity, Identity of Things),
- Privacy-Enhancing Technologies for Identity Management,
- Trust Frameworks for Identity Management Solutions,
- Risk-based Authentication Mechanisms,
- Theoretical (formal) models of access control for Big Data,
- Data models and languages for access control, Multi-level security (MLS) access control, attribute-based access control, cryptographic access control,
- Access control in data stream processing,
- Access control policies analysis and verification (using formal methods, machine learning, data mining techniques, etc),
- Access control policies administration and reasoning.
Keywords:
Security policies, access control, Big Data, data protection, data management systems.
Important Note:
All contributions to this Research Topic must be within the scope of the section and journal to which they are submitted, as defined in their mission statements. Frontiers reserves the right to guide an out-of-scope manuscript to a more suitable section or journal at any stage of peer review.