Big Data Analytics Are we at risk? Dr. Csilla Farkas Director Center for Information Assurance Engineering (CIAE) Department of Computer Science and Engineering.

Slides:



Advertisements
Similar presentations
CSE 5392By Dr. Donggang Liu1 CSE 5392 Sensor Network Security Course Introduction.
Advertisements

By: Mr Hashem Alaidaros MIS 211 Lecture 4 Title: Data Base Management System.
1 The Science, Engineering, and Business of Cyber Security Prof. Ravi Sandhu Executive Director, Institute for Cyber Security Lutcher Brown Endowed Chair.
UTEPComputer Science Dept.1 University of Texas at El Paso Privacy in Statistical Databases Dr. Luc Longpré Computer Science Department Spring 2006.
Database – Part 3 Dr. V.T. Raja Oregon State University External References/Sources: Data Warehousing – Mr. Sakthi Angappamudali.
Report on Intrusion Detection and Data Fusion By Ganesh Godavari.
MS DB Proposal Scott Canaan B. Thomas Golisano College of Computing & Information Sciences.
Trust, Privacy, and Security Moderator: Bharat Bhargava 1 Coordinators: Bharat Bhargava 1, Csilla Farkas 2, and Leszek Lilien 1 1 Purdue University and.
Database – Part 2b Dr. V.T. Raja Oregon State University External References/Sources: Data Warehousing – Sakthi Angappamudali at Standard Insurance; BI.
Integration and Insight Aren’t Simple Enough Laura Haas IBM Distinguished Engineer Director, Computer Science Almaden Research Center.
Distributed Database Management Systems. Reading Textbook: Ch. 4 Textbook: Ch. 4 FarkasCSCE Spring
Copyright © 2014 Pearson Education, Inc. 1 It's what you learn after you know it all that counts. John Wooden Key Terms and Review (Chapter 6) Enhancing.
LÊ QU Ố C HUY ID: QLU OUTLINE  What is data mining ?  Major issues in data mining 2.
A First Course in Information Security
Data Mining. 2 Models Created by Data Mining Linear Equations Rules Clusters Graphs Tree Structures Recurrent Patterns.
© 2011 IBM Corporation Smarter Software for a Smarter Planet The Capabilities of IBM Software Borislav Borissov SWG Manager, IBM.
Understanding Data Warehousing
Computer Science and Engineering 1 Csilla Farkas Associate Professor Center for Information Assurance Engineering Dept. of Computer Science and Engineering.
Chapter 6: Foundations of Business Intelligence - Databases and Information Management Dr. Andrew P. Ciganek, Ph.D.
An Introduction to Information Security Why there’s more to hide than you might think and why hiding it is a lot tougher than you ever dreamed of in your.
Computer Science and Engineering 1 Cyber Security University of South Carolina Columbia Center for Information Assurance Engineering (CIAE)
CSCE 727 Information Warfare
Computer Security: Principles and Practice
Computer Science and Engineering 1 Information Assurance Research Department of Computer Science and Engineering University of South Carolina, Columbia.
Secure Sensor Data/Information Management and Mining Bhavani Thuraisingham The University of Texas at Dallas October 2005.
Data Warehousing Data Mining Privacy. Reading Bhavani Thuraisingham, Murat Kantarcioglu, and Srinivasan Iyer Extended RBAC-design and implementation.
C6 Databases. 2 Traditional file environment Data Redundancy and Inconsistency: –Data redundancy: The presence of duplicate data in multiple data files.
CSCE 824 Secure and Distributed Database Management Systems FarkasCSCE 8241.
Security Control Methods for Statistical Database Li Xiong CS573 Data Privacy and Security.
Database Security Outline.. Introduction Security requirement Reliability and Integrity Sensitive data Inference Multilevel databases Multilevel security.
6.1 © 2010 by Prentice Hall 6 Chapter Foundations of Business Intelligence: Databases and Information Management.
MANAGING DATA RESOURCES ~ pertemuan 7 ~ Oleh: Ir. Abdul Hayat, MTI.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Inference Problem Privacy Preserving Data Mining.
Database Security.
Data and Applications Security Developments and Directions Dr. Bhavani Thuraisingham The University of Texas at Dallas Inference Problem - I September.
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
Csilla Farkas Department of Computer Science and Engineering University of South Carolina
CSCE 824 Secure (and Distributed) Database Management Systems FarkasCSCE
Introduction Database Security Overview. Readings This lecture: This lecture: –Textbook: Chapter 5.2 –Lecture materials from CSCE 522, Nov. 3, Lecture.
IoT Meets Big Data Standardization Considerations
Inference Problem Privacy Preserving Data Mining.
Data Warehousing Data Mining Privacy. Reading FarkasCSCE Spring
The School of Electrical Engineering and Computer Science (EECS) CS/ECE Advanced Network Security Dr. Attila Altay Yavuz Topic 1.0 Big Picture, Vision.
Information Security Principles and Practices by Mark Merkow and Jim Breithaupt Chapter 1: Why Study Information Security?
Computer Science and Engineering 1 Cyber Security University of South Carolina Columbia Center for Information Assurance Engineering (CIAE)
Big Data Security and Privacy
Pengantar Sistem Informasi
Lecture 1 Introduction Basic Security Concepts
Big Data Enterprise Patterns
CMIT100 Chapter 15 - Information.
Computer Science Department, University of Missouri, Columbia
Security.
UTSA's New Center Center for Security and Privacy Enhanced Cloud Computing (C-SPECC) Ravi Sandhu Executive Director of ICS and C-SPECC Professor.
Attribute-Based Access Control: Insights and Challenges
Internet of Things: Security Challenges
Threat Trends and Protection Strategies Barbara Laswell, Ph. D
Csilla Farkas Cybersecurity Csilla Farkas
Institute for Cyber Security: Research Vision
Attribute-Based Access Control: Insights and Challenges
About Thetus Thetus develops knowledge discovery and modeling infrastructure software for customers who: Have high value data that does not neatly fit.
World-Leading Research with Real-World Impact!
Data Warehousing Data Mining Privacy
Institute for Cyber Security Overview
Dark Data Are we at risk?.
Andrei G. Stoica and Csilla Farkas
Cyber Security R&D: A Personal Perspective
Unit # 1: Overview of the Course Dr. Bhavani Thuraisingham
Presentation transcript:

Big Data Analytics Are we at risk? Dr. Csilla Farkas Director Center for Information Assurance Engineering (CIAE) Department of Computer Science and Engineering University of South Carolina, Columbia 1

Who is Impacted by Cyber Attacks? 2

3

4

Risk Assessment Business Policy Decision Communication between technical and administrative employees Internal vs. external resources Legal and regulatory requirements Developing security capabilities Cost Security level 0 %100% Optimal level of security at a minimum cost Security Investment Cost of Breaches 5

Understanding Cyber Security Risk Cyber Security Threats Extortion Hacks Attacks That Change or Manipulate Data Attacks That Change or Manipulate Data Chip-and-PIN Innovations The Rise of the IoT Zombie Botnet More Backdoors Source: Wired, biggest-security-threats-well-face-in-2016/ biggest-security-threats-well-face-in-2016/

Security Objectives Confidentiality: prevent/detect/deter improper disclosure of information Integrity: prevent/detect/deter improper modification of information Availability: prevent/detect/deter improper denial of access to services 7

Independent from system and network Database Management System (DBMS) is responsible for protecting data items Main database types: – Enterprise – Statistical Traditional Data Security 8

Sensitive Data Inherently sensitive From a sensitive source Declared sensitive Part of a sensitive attribute or record In relation to previously disclosed information 9

Types of Disclosures Exact data Range of data Negative results Existence Probable values SSN:

Access Control Mechanisms Cryptography Security through Views Stored Procedures Grant and Revoke Query modification 11

Goal Goal: provide aggregate information about groups of individuals  E.g., average grade point of students Security risk Security risk: specific information about a particular individual  E.g., grade point of student John Smith Statistical Databases 12

Statistical Data Protection Query restriction Data perturbation Output perturbation ? ? 13

Database Inference Attacks General Purpose Database: Non-confidential data + Metadata  Undesired Inferences Web Enabled Data: Non-confidential data + Metadata (data and application semantics) + Computational Power + Connectivity  Undesired Inferences 14

Source: / / What is Big Data? 15

Big Data Characteristics Big Data Characteristics Volume – Simple SQL analytics (data warehouse) – Complex analytics (clustering, trend detection, etc.) Variety – Enterprise data: spreadsheets, documents, web pages – Public data Velocity – Live database – Fast growth Hadoop 16

Big Data Security Access Control – Distributed, massively parallel processing – Data at rest, in transit, during processing Inference control – Discovery – Sensitive metadata – Use of discovered knowledge 17

Inference Example Latanya Sweeney, Director of Data Privacy Lab, Harvard Only You, Your Doctor, and Many Others May Know, Technology Science, September 29,

Data Matching Source: L. Sweeney, 19

Present: Big Data Inferences Private ? Ontology Data Integration and Inferences Web Data Secure ? 20

Future: Research Challenges Security for raw data Security for raw data – Flexible access control – Data removal – Data quality Security for metadata Security for metadata – Protection need of novel, new concept – Metadata guided attacks Cross-context attacks Cross-context attacks – Correlate data across multiple contexts SemanticWebTechnologies 21

Usability and Visualization Facebook Gmail Online Banking 22

Questions? 23

National Center of Academic Excellence in Information Assurance Education Information Assurance Education Information Assurance Research Information Assurance Research 24

OUTREACH EDUCATION RESEARCH CIAE Mission 25

OUTREACH EDUCATION RESEARCH External funding Peer-reviewed publications Ph.D. graduates CIAE Mission 26

CIAE Mission OUTREACH EDUCATION IA courses IA specialization Applied Computing Graduate IA Certificate RESEARCH 27

CIAE Mission OUTREACH Collaborations Academia Government Industry EDUCATION RESEARCH 28

Center for Information Assurance Engineering Csilla Farkas Center for Information Assurance Engineering Csilla Farkas