Access control system analysis in heterogeneous big data management systems

Big data management systems are in demand today in practically all industries, and they are also the foundation for artificial intelligence training. The use of heterogeneous poly-stores in big data systems has led to the fact that tools within the same system have different data granularity and access control models. Harmonization of such components by the security administrator and implementation of common access-policy is now done manually. This leads to an increasing number of customization vulnerabilities, which in turn serves as a frequent cause of data leaks. Analysis of works in the area of automation and analysis of access control in big data systems shows the lack of automation solutions for poly-store based systems. This paper poses the problem of automating the analysis of access control analysis in big data management systems. The authors formulate the main contradiction, which consists, on the one hand, in the requirement of scalability and flexibility of access control, and on the other hand - in the growth of the burden on the security administrator, aggravated by the use of different data models and access control in the system components. To solve this problem, we propose a new automated method for analyzing security policies based on a graph model of data processing, which reduces the number of possible vulnerabilities resulting from incorrect administration of big data systems. The proposed method uses the data life cycle model of the system, current settings and the desired security policy. The use of two-pass analysis (from data sources to recipients and back) allows to solve two tasks: analyzing the access control system for possible vulnerabilities and checking compliance with correctness of business logic. The paper gives an example of analysis of security policies of the big data management system using the developed software prototype and analyzes the obtained results.