Array (Sep 2022)
Mechanisms and techniques to enhance the security of big data analytic framework with MongoDB and Linux Containers
Abstract
The frequency and scale of unauthorized access cases and misuses of data access privileges are a growing concern of many organizations. The protection of confidential data, such as social security numbers, financial information, etc., of the customers and/or employees is among the key responsibilities of any organization, and damage to such sensitive data can easily pose a threat to the future of a business and the security of the customers. Therefore, this paper proposes and implements some security mechanisms and techniques, such as secure authentication, secure authorization, and encryption, to assure the overall security of a big data analytic framework with MongoDB free community edition. This paper presents the fourth phase of our continuous research where in the first phase we proposed a data analytic framework with MongoDB and Linux Containers (LXCs) with basic security requirements. Next, in the second phase we proposed a vulnerability analysis testbed to find vulnerabilities associated with the system. Finally, in the third phase we discussed in detail root causes and some prevention techniques of vulnerabilities found in the system. In addition, this paper introduces a new security mechanism for privacy preserving data handling with MongoDB to ensure the privacy of the data before being processed. Our results show, with our initial model of the analytic framework, how well our newly introduced security mechanisms work and how these security mechanisms and techniques can be used to assure the confidentiality, integrity, and availability (CIA) of any data science project conducted on our proposed analytic framework. In addition, these security mechanisms and techniques help us to strengthen the current system against zero-day attacks where attacks on vulnerabilities that have not been patched or made public yet. Therefore, our vulnerability analysis testbed which is proposed in the second phase of this research will not be able to finds vulnerabilities related to zero-day attacks.