CLASSIFICATION OF PROCESSING NODES IN BIG DATA SYSTEMS ACCORDING TO THE ZERO TRUST APPROACH
Abstract
Data cybersecurity is one of the most important factors for the successful implementation of the national project ‘Data Economy and Digital Transformation of the State’. The challenges of building secure big data systems lie in their heterogeneous nature, large number of heterogeneous tools, high connectivity and high trust between distributed components. Reducing the internal trust and reducing the attack surface according to the zero-trust approach is necessary to increase the security of such systems with the least impact on their performance. The aim of the paper is to create a method for dynamic classification of nodes and data processing components in heterogeneous big data systems based on the application of different approaches to trust reduction with respect to the objects realising the information processing process. The paper considers the zero trust approach as applied to the class of systems under study, as well as the task of extended implementation of the principle of minimum privilege to reduce the attack surface. The authors present a classification of nodes - handlers based on their operations with data, unified according to the previously developed conceptual data model. A comparison of nodes and security methods applied to them based on the need for access to semantics and data components to perform operations is proposed. Based on this classification, a method of dynamic node type determination during system operation is developed for situations of changing component composition of a big data processing system, typical for multi-component distributed highly loaded systems. The results of the work are a part of the complex consistency approach to the construction of secure big data processing systems.
References
1. Dumitru I.A. Zero trust security, Proceedings of the International Conference on Cybersecurity and Cybercrime-2022. Asociatia Romana pentru Asigurarea Securitatii Informatiei, 2022, pp. 99-104.
2. Pravikov D.I., Shcherbakov A.Yu. K voprosu ob izmenenii paradigmy informatsionnoy bezopasnosti [On the issue of changing the paradigm of information security], Sistemy vysokoy dostupnosti [High Availa-bility Systems], 2018, Vol. 14, No. 2, pp. 35-39.
3. Malinskiy S.V. Kontseptsiya bezopasnosti Zero Trust: printsipy i praktika vnedreniya [Zero Trust securi-ty concept: principles and implementation practices], Intellektual'nye transportnye sistemy [Intelligent Transport Systems], 2022, pp. 430-437.
4. Gryzunov V.V. i dr. Obespechenie informatsionnoy bezopasnosti integriruemykh informatsi-onnykh sistem na baze doveriya [Ensuring information security of integrated information systems based on trust], Tr. uchebnykh zavedeniy svyazi [Proceedings of educational institutions of communication], 2024, Vol. 10, No. 4, pp. 110-125.
5. Poltavtseva M. A., Zegzhda D.P., Kalinin M.O. Mnogourovnevaya kontseptsiya bezopasnosti sistem upravleniya bol'shimi dannymi [Multi-level concept of security of big data management systems], Vo-prosy kiberbezopasnosti [Issues of Cybersecurity], 2023, No. 5, pp. 25-36.
6. Mishra K.N. et al. Cloud and big data security system’s review principles: A decisive investigation, Wireless Personal Communications, 2022, Vol. 126, No. 2, pp. 1013-1050.
7. Awaysheh F.M. et al. Security by design for big data frameworks over cloud computing, IEEE Transac-tions on Engineering Management, 2021, Vol. 69, No. 6, pp. 3676-3693.
8. Stafford V. Zero trust architecture, NIST special publication, 2020, Vol. 800, 207 p.
9. Attaallah A. et al. Analyzing the Big Data Security Through a Unified Decision-Making Approach, In-telligent Automation & Soft Computing, 2022, Vol. 32, No. 2.
10. Alani M.M. Big data in cybersecurity: a survey of applications and future trends, Journal of Reliable Intelligent Environments, 2021, Vol. 7, No. 2, pp. 85-114.
11. Wang Z., Yu X., Xue P., Qu Y., Ju L. Research on Medical Security System Based on Zero Trust, Sen-sors, 2023, Vol. 23, 3774, 16 p. DOI: 10.3390/s23073774
12. Daah C., Qureshi A., Awan I., Konur S. Enhancing Zero Trust Models in the Financial Industry through Blockchain Integration: A Proposed Framework, Electronics, 2024, Vol. 13, 865, 49 p. DOI: 10.3390/electronics13050865.
13. Fernandez E.B., Brazhuk A. A critical analysis of Zero Trust Architecture (ZTA), Computer Standards & Interfaces, 2024, Vol. 89, 103832, 12 p. DOI: 10.1016/j.csi.2024.103832.
14. Poltavtseva M.A., Platonov V.V., Semyanov P.V. Secure data processing architectures in big data sys-tems. December 16-17, 2024, 2024, pp. 104-108.
15. Zhao Y. et al. A zone-based data lake architecture for IoT, small and big data, Proceedings of the 25th International Database Engineering & Applications Symposium, 2021, pp. 94-102.
16. Awaysheh F.M. et al. Security by design for big data frameworks over cloud computing, IEEE Transac-tions on Engineering Management, 2021, Vol. 69, No. 6, pp. 3676-3693.
17. Roy P., Kumar R. Multilevel Security Framework based on An Onion Encryption in Public Cloud Net-work, 2021 3rd International Conference on Advances in Computing, Communication Control and Networking (ICAC3N). IEEE, 2021, pp. 1442-1446.
18. Kuhn C. et al. Onion routing with replies, Advances in Cryp-tology–ASIACRYPT 2021: 27th Interna-tional Conference on the Theory and Application of Cryptology and Information Security, Singapore, December 6–10, 2021, Proceedings, Part II 27. Springer International Pub-lishing, 2021, pp. 573-604.
19. Thirumalaisamy M. et al. Interaction of secure cloud network and crowd computing for smart city data obfuscation, Sensors, 2022, Vol. 22, No. 19, Art. 7169.
20. Poltavtseva, M.A., Kalinin M.O., Zegzhda D.P. Modelirovanie dannykh v zadachakh informatsionnoy bezopasnosti polikhranilishch [Data modeling in problems of information security of polystorage facili-ties], Problemy informatsionnoy bezopasnosti. Komp'yuternye sistemy [Problems of Information Securi-ty. Computer Systems], 2023, No. 4 (57), pp. 122-132. DOI: 10.48612/jisp/x468-hp82-adav.
21. Duncan G. and Stokes L. Data masking for disclosure limitation, WIREs Comp Stat., 2009, Vol. 1,
pp. 83-92. DOI: 10.1002/wics.3.
22. Jain R.B., Puri M. An approach towards the development of scalable data masking for preserving priva-cy of sensitive business data, Artificial Intelligence and Evolutionary Computations in Engineering Sys-tems. Springer Singapore, 2020, Vol. 1056, pp. 733-743. DOI: 10.1007/978-981-15-0199-9.
