An Access Control Approach for a Distributed Big Data File using an XACML Framework

Abstract

A cloud is a definite IT environment that is designed for the aim of remotely provisioning scalable and measured IT resources. Big data is a manner of describing data issues that are unsolvable using traditional tools. The volumes of big data are starting from dozens of terabytes and petabytes. Hence, it is impossible to store them in local storage and analyze them with traditional tools. The cloud storage is the best way to store the big data. However, single cloud storage may cause threats for the stored big data. In this paper, we propose an access control approach based on the XACML framework to guarantee data security and privacy. The access control of the big data file is ensured by using the XACML framework and proof of ownership (POW) methodology. In the proposed approach, the big data file  is  divided  into  parts  which are encrypted and distributed over multiple cloud storage devices, then a metadata file which contains the locations of the divided parts, access paths and private keys of each part file is created. The metadata file is encrypted and stored in different cloud storage. Moreover, the access of the metadata file is controlled through the XACML framework by generating a security token for sending responses and receiving user requests for decrypting data based on the previously stored attributes in the XACML policy. The security mechanism will be strengthened by deploying a fingerprint authentication parameter. Therefore, the metadata will be accessed only by authorized users through XACML framework. Moreover, if cloud storage, containing a part file, is breached, the intruder gets only a part of the big data file, hence, he cannot get the whole file. Therefore, the proposed approach ensures the security of a big data file in cloud storage devices.

 Keywords: XACML framework, Big data, access control, fingerprint, POW