SEcure Service-oriented Architectures Research Lab

Data-Centric Security Countermeasures

We provide an overview of existing countermeasures that focus on one or more threats, and address gaps and challenges in Appendix A.4 of document D4.3. This section aims to present the status of cybersecurity solutions connecting them to identified threats and gaps. We discuss classes of countermeasures, each describing the most relevant solutions to date.

  • C4.1 – Identity access management. Identity and Access Management (IAM) provides strategies and frameworks for managing digital identities. It enables IT, administrators, to control user access to sensitive data within organizations. Some of the technologies for IAM that enable secure storage and profiling of data and ensure enforcement of the required policies include single sign-on systems, two-factor authentication, multi-factor authentication, privileged access management, etc. Organizations also have to deploy authorization frameworks to provide only the required access rights to the users. Furthermore, automated tools and intermittent reviews should be utilized for reviewing and removing authorization rights from users that do not require them [1].
    Threats: T4.2.2 – Unauthorized acquisition of information (data breach), T4.3.1– Data poisoning, T4.3.2 – Model poisoning, T4.4.1 – Identity fraud, T4.4.4 – Generation and use of rogue certificates, T4.4.5 – Misuse of assurance tools, T4.4.6 – Failures of business process, T4.5.1 – Violation of laws or regulations, T4.6.2 – Malicious insider
    Gaps: G4.1 – Gaps on data protection, G4.5 – Gaps on data trustworthiness, G4.9 – Gaps on data management across borders, G4.10 – Gaps on the distributed data and frameworks
  • C4.2 – Data masking and encryption. Data masking enables end-users to create a faux version of the data that can be used for testing, training, processing, etc. Masked data keeps its type, while its values get changed. That way real data is protected. Methods for data masking include encryption, character shuffling, and character/word substitution. End-users have to do the data masking in a way that its values cannot be reverse-engineered. Data encryption is critical for fulfilling the majority of the security strategies and compliance standards [1].
    Threats: T4.2.2 -Unauthorized acquisition of information (data breach), T4.3.1 – Data poisoning, T4.3.2 – Model poisoning, T4.4.6 – Failures of business process, T4.6.2 – Malicious insider
    Gaps: G4.1 – Gaps on data protection, G4.2 – Gaps on the use of cryptography in applications and back-end data-intensive services, G4.11 – Gaps on the use of non-relational databases
  • C4.3 – Anti-malware, antivirus, and endpoint protection. Endpoint protection platforms combine antivirus tools with machine learning capabilities to detect abnormal behavior on the devices for detecting never before seen attacks. Endpoint detection and response capabilities can aid in identifying data breaches on endpoints in real-time, enabling security teams to investigate them and lock affected endpoints promptly.
    Threats: T4.2.1 – Interception of information, T4.2.2 -Unauthorized acquisition of information (data breach), T4.4.3 – Malicious code/software/activity, T4.4.7 – Code execution and injection (unsecured APIs)
    Gaps: G4.1 – Gaps on data protection, G4.9 – Gaps on data management across borders, G4.10 – Gaps on the distributed data and frameworks
  • C4.4 – Data security auditing. Security audits should be carried out periodically to identify potential gaps and vulnerabilities related to the organization. Security audits can be performed either by security experts from the organizations or by a third party (e.g. penetration testing model). Once the pertained security risks have been identified, organizations or end-users should invest available resources for resolving them [1].
    Threats: T4.2.1 – Interception of information, T4.4.2 – Denial of service, T4.4.3 – Malicious code/software/activity, T4.4.6 – Failures of business process, T4.4.7 – Code execution and injection (unsecured APIs)
    Gaps: G4.6 – Gaps on decision support systems, G4.9 – Gaps on data management across borders, G4.11 – Gaps on the use of non-relational databases
  • C4.5 – Enforcing password hygiene. Having unique and strong passwords is one of the best ways to protect sensitive data. Unfortunately, the majority of the end-users jeopardize their sensitive information by using easily guessable weak passwords that can be broken with brute force attacks. The solution is enforcing multi-factor authentication that asks the user to identify themselves by token or fingerprints. Other solutions, such as the enforcement of longer passwords or enterprise password management systems come with security caveats for the organizations.
    Threats: T4.1.1 – Information leakage/sharing due to human errors, T4.1.3 – Information leakage/sharing due to the hostile home network – COVID19, T4.2.2 – Unauthorized acquisition of information (data breach), T4.4.1 – Identity fraud
    Gaps: G4.1 – Gaps on data protection, G4.8 – Gaps on videoconferencing tools
  • C4.6 – Data backups. Creating backups of critical data or information in different locations is of high importance to aid in recovering from attacks that can tamper the data [2]. Apart from attacks, physical redundancy of data can also preserve it from natural disasters and sudden power outages. Periodically, it is also a good practice to audit backups and databases to find out who was trying to access the data [3]. For that matter and for enforcing data protection policies, data loss protection (DLP) software can be utilized, since it can alert administrators when large quantities of data are being copied outside the organization [1].
    Threats: T4.4.2 – Denial of service, T4.4.3 – Malicious code/software/activity, T4.4.6 – Failures of business process
    Gaps: G4.1 – Gaps on data protection, G4.11 – Gaps on the use of non-relational databases
  • C4.7 – Deployment of intrusion detection and prevention systems. The distributed nature of big data opens door to intrusion attempts. Intrusion-detection systems (IDSs) can be set to check and collect data about potential attacks on database systems. Once the attack is identified by IDS, database administrators should be notified immediately. To further bolster protection against intrusions, intrusion prevention systems (IPS) should be deployed. Those systems enable security teams to safeguard big data platforms from weakness exploits by assessing network traffic. In most cases, IPS are set up behind firewalls and can therefore isolate intrusion before any damage is done. Moreover, IPS can be used to manage user privileges, for instance, denying access to certain resources.
    Threats: T4.2.1 – Interception of information, T4.2.2 -Unauthorized acquisition of information (data breach), T4.4.2 – Denial of service, T4.4.3 – Malicious code/software/activity, T4.4.4 – Generation and use of rogue certificates, T4.4.5 – Misuse of assurance tools, T4.4.7 – Code execution and injection (unsecured APIs)
    Gaps: G4.6 – Gaps on decision support systems
  • C4.8 – User awareness training and education. Insufficient level of cybersecurity expertise and inadequate education of employees can lead to database breaches. Non-technical employees can jeopardize the database by not following the security rules. IT security personnel should undergo education and training for implementing security controls, enforcing policies, and conducting response processes, while the end-users should undergo basic training in database security. In addition, both IT professionals and end-users should strive to stay up-to-date with cybersecurity trends [3].
    Threats: T4.1.1 – Information leakage/sharing due to human errors, T4.1.2 – Inadequate design and planning or incorrect adaptation, T4.1.3 – Information leakage/sharing due to the hostile home network – COVID19, T4.4.1 – Identity fraud, T4.5.1 – Violation of laws or regulations, T4.6.1 – Skill shortage
    Gaps: G4.4 – Gaps on roles (skill shortage), G4.7 – Gaps on ethics, G4.8 – Gaps on videoconferencing tools
  • C4.9 – Data poisoning detection. It is possible to identify poisoning on the model level by comparing the output of a new version of a model to its previous iterations. The common attack technique is to provide the model training data with mislabelled entries to persuade the target function to shift its edge cases. Using large and fixed test sets it is possible to identify alteration in the behavior of the model, indicating a possible poisoning attack.
    Threats: T4.3.1 – Data poisoning, T4.3.2 – Model poisoning
    Gaps: G4.1 – Gaps on data protection, G4.3 – Gaps on computing and storage models and infrastructures, G4.11 – Gaps on the use of non-relational databases

Highlights on Identified Countermeasures

IT administrators can use IAM to control user access to sensitive data inside organizations through techniques such as single sign-on systems, two-factor authentication, multi-factor authentication, and privileged access management. Data masking methods including encryption, character shuffling, and character/word substitution can enable users to protect their data by changing their values, while still keeping their type. Endpoint protection and response techniques are useful to identify data breaches in real-time and lock jeopardized endpoints. Data security audits have to be performed periodically by security experts to identify new gaps and weaknesses. Enforcing password hygiene practices such as using multi-factor authentication solutions is one of the best ways of protecting sensitive data. To alleviate the process of recovering from the potential attacks data backups of critical data should be deployed in different locations. IDSs and IPSs should be deployed for the collection of data containing information about the potential attacks, as well as for hardening protection against intrusions.  

[1] What is Data Security?, https://www.imperva.com/learn/data-security/data-security/

[2] Cyber security: Threats, Vulnerabilities and Countermeasures -A Perspective on the State of Affairs in Mauritius, https://www.academia.edu/13578905/Cyber_security_Threats_Vulnerabilities_and_Countermeasures_A_Perspective_on_the_State_of_Affairs_in_Mauritius?auto=download

[3] Database Security Threats And Countermeasures, https://www.datasunrise.com/blog/potential-db-threats/database-security-threats-and-countermeasures/

footerlogo

SEcure Service-oriented Architectures Research Lab

Università degli Studi di Milano

Via Celoria 18, 20133 Milano MI - Italy
+39 02 503 16333 - sesarlab@unimi.it

Privacy and Cookies