Titulo Estágio
Big Data Self-Adaptable Security on the Cloud
Áreas de especialidade
Engenharia de Software
Local do Estágio
DEI/CISUC/SSE and CMU (USA)/Institute of Software Research
Enquadramento
The Big Data era will be led by companies that deliver platforms and tools for exploration and development, visualization, search and discovery, while guaranteeing security and scalability.
Cloud providers such as Amazon, Google, and Microsoft, besides traditional DBMS, also adhered to NoSQL paradigms.
However, security and privacy are identified as a major issue in this scenario, because data contains confidential and sensitive information such as credit card numbers. Companies need to ensure that others do not access their data stores. This is a major impediment for the use of the cloud by businesses.
In order to guarantee that others do not access data, mechanisms have to be added that are very expensive in terms of processing. Preventive data security techniques are used for protecting data in advance of attacks, such as data access policies, data masking and encryption techniques for changing original data values, and checksums for integrity checks on changed data.
Objetivo
In this project, we propose and test solutions to optimize data security in the cloud. On one hand, we need to investigate the use of a set of security techniques, such as encryption, masking, anonymity and access control, and also to apply and test a set of new techniques that we developed in the past. On the other hand, we need to adapt these approaches to a cloud environment and to guarantee elastic scalability and service level agreements. In terms of scalability and elasticity, it is necessary to guarantee that the system scales adequately in presence of specialized security and privacy techniques.
Self-adaptation techniques can be used in this context to provide architecture-based self-protection, thereby allowing reasoning about security properties in the context of other business properties, such as performance, cost, availability, etc. We plan to take advantage of some of the general patterns identified in “Architecture- based self-protecting software systems” work, and instantiate them in the context of Big Data protection in order to achieve scalable security, while making reasonable tradeoffs with other qualities. Moreover, this will imply the implementation of preventive techniques as adaptation tactics in Rainbow (a framework for architecture-based self-adaptation developed at CMU) that can be applied proactively to minimize the risks associated with potential threats.
Plano de Trabalhos - Semestre 1
This work includes the following activities:
(a) [2014-09-01 to 2014-10-31] Review of the state-of-the-art in data confidentiality techniques and current security mechanisms on the cloud;
(b) [2014-11-01 to 2015-01-31] Proposal of scalable security mechanisms for cloud data;
(c) [2014-12-01 to 2015-01-31] Write Thesis Proposal;
Plano de Trabalhos - Semestre 2
(d) [2015-02-01 to 2015-04-30] Implementation of prototype with scalable security mechanisms;
(e) [2014-11-01 to 2015-04-30] Experimental validation of the approaches;
(f) [2015-04-01 to 2015-05-31] Write a paper;
(g) [2015-03-01 to 2015-07-31] Write the thesis.
Condições
The work is to be executed at the laboratories of the CISUC’s Software and Systems Engineering Group and eventually at Institute of Software Research-Carnegie Mellon University (CMU). A work place will be provided as well as the required computational resources. The student will apply for a CMU-Portugal international internship of 1350€/month during 8-12 weeks (http://www.cmuportugal.org/tiercontent.aspx?id=5204).
Observações
CMU Co-advisers:
- Bradley Schmerl (schmerl+@cs.cmu.edu) and Javier Camara Moreno (jcmoreno@cs.cmu.edu)
DEI Co-advisers:
- Jorge Bernardino (jorge@isec.pt) and Pedro Furtado (pnf@dei.uc.pt)
Orientador
Jorge Bernardino, Pedro Furtado
jorge@isec.pt 📩