Attribute-based Access Control Implementation Targeting Big Data Access Management Tools

This is a proposal for joint work in the general area of Computer Security as it needs to scale to Big Data. Oneof the challenges in that area is access management - who has access to what information in a complex datasystem? The Snowden incident and others like it indicate the general need for scalable, user-friendly solutionsthat would enable data owners to set up access policies that would allow users to access the data they need, andonly that data. This is challenging: on the one hand, services-oriented, virtualized and enterprise cloudarchitectures are creating unprecedented access control management complexity and risk. On the other hand,organizational and regulatory requirements are dictating increasingly fine-grained access control policies.The emergence of "NoSQL" databases and related "big data" technologies and implementations are furtherdriving the need for dramatically improved access control. Within the NoSQL database market, Accumulo isdifferentiated on the basis of uniquely providing what it describes as "fine grained, cell based" access control.We will, in this project, research and implement a solution that will enable defining cell-level access rulesusing the de facto standard XACML language. The solution will position Devera Logic as a unique partner toAccumulo providing this functionality. The research will also advance the progress of the PhD student workingon it