Access Control in the Era of Big-Data Driven Models and Simulations
(Room 320C)
04 Dec 19
10:30 AM
-
11:00 AM
Tracks:
Full Schedule, Wednesday Schedule
In today’s mobile-first, cloud-enabled world, where simulation-enabled training is designed for use anywhere and from multiple different types of devices, new paradigms are needed to control access to sensitive data. Large, distributed data sets sourced from a wide-variety of sensors require advanced approaches to authorizations and access control (AC). Motivated by large-scale, publicized data breaches and data privacy laws, data protection policies and fine-grained AC mechanisms are an imperative in data intensive simulation systems. Although the public may suffer security incident fatigue, there are significant impacts to corporations and government organizations in the form of settlement fees and senior executive dismissal. This paper presents an analysis of the challenges to controlling access to big data sets. Implementation guidelines are provided based upon new attribute-based access control (ABAC) standards. Best practices start with AC for the security of large data sets processed by models and simulations (M&S). Currently widely supported eXtensible Access Control Markup Language (XACML) is the predominant model for big data ABAC. The more recently developed Next Generation Access Control (NGAC) standards addresses additional areas in securing distributed, multi-owner big data sets. We present a comparison and evaluation of standards and technologies for different simulation data protection requirements. A concrete example is included to illustrate the differences. The example scenario is based upon synthetically generated very sensitive health care data combined with less sensitive fitness data and open social media data. This model data set is accessed by representative groups with a range of trust from highly-trusted roles to open public. The AC security challenges and approaches to mitigate risk are discussed.
Approved for Public Release; Distribution Unlimited. Public Release Case Number 19-0526 The author's affiliation with The MITRE Corporation is provided for identification purposes only and is not intended to convey or imply MITRE's concurrence with, or support