Secure Development of Big Data Ecosystems

A Big Data environment is a powerful and complex ecosystem that helps companies extract important information from data to make the best business and strategic decisions. In this context, due to the quantity, variety, and sensitivity of the data managed by these systems, as well as the heterogeneity of the technologies involved, privacy and security especially become crucial issues. However, ensuring these concerns in Big Data environments is not a trivial issue, and it cannot be treated from a partial or isolated perspective. It must be carried out through a holistic approach, starting from the definition of requirements and policies, and being present in any relevant activity of its development and deployment. Therefore, in this paper, we propose a methodological approach for integrating security and privacy in Big Data development based on main standards and common practices. In this way, we have defined a development process for this kind of ecosystems that considers not only security in all the phases of the process but also the inherent characteristics of Big Data. We describe this process through a set of phases that covers all the relevant stages of the development of Big Data environments, which are supported by a customized security reference architecture (SRA) that defines the main components of this kind of systems along with the key concepts of security

Engineering security into distributed systems: a survey of methodologies

Rapid technological advances in recent years have precipitated a general shift towards software distribution as a central computing paradigm. This has been accompanied by a corresponding increase in the dangers of security breaches, often causing security attributes to become an inhibiting factor for use and adoption. Despite the acknowledged importance of security, especially in the context of open and collaborative environments, there is a growing gap in the survey literature relating to systematic approaches (methodologies) for engineering secure distributed systems. In this paper, we attempt to fill the aforementioned gap by surveying and critically analyzing the state-of-the-art in security methodologies based on some form of abstract modeling (i.e. model-based methodologies) for, or applicable to, distributed systems. Our detailed reviews can be seen as a step towards increasing awareness and appreciation of a range of methodologies, allowing researchers and industry stakeholders to gain a comprehensive view of the field and make informed decisions. Following the comprehensive survey we propose a number of criteria reflecting the characteristics security methodologies should possess to be adopted in real-life industry scenarios, and evaluate each methodology accordingly. Our results highlight a number of areas for improvement, help to qualify adoption risks, and indicate future research directions.Anton V. Uzunov, Eduardo B. Fernandez, Katrina Falkne