SBIR-STTR Award

A Security, Privacy and Governance Policy Enforcement Framework for Big Data
Award last edited on: 1/23/2019

Sponsored Program
SBIR
Awarding Agency
NSF
Total Award Amount
$983,231
Award Phase
2
Solicitation Topic Code
IT
Principal Investigator
Fahad Shaon

Company Information

Data Security Technologies LLC

851 Greenside Drive Unit 1321
Richardson, TX 75080
   (972) 729-9582
   N/A
   www.datasectech.com
Location: Single
Congr. District: 32
County: Dallas

Phase I

Contract Number: 1647681
Start Date: 12/15/2016    Completed: 5/31/2017
Phase I year
2016
Phase I Amount
$223,238
The broader impact/commercial potential of this Small Business Innovation Research (SBIR) Phase I project will be the creation of a new tool that could prevent the loss of sensitive data stored in big data management systems due to various cyberattacks. Furthermore, the proposed tool can allow organizations to audit big data usage to prevent abuse and misuse of the stored data. The existence of such a novel tool may increase trust in these big data management systems, and protect the sensitive data stored in such systems against various outsider and insider attacks. The company believes that such a tool would address an important customer need and has the potential to have significant commercial impact as more and more companies are adopting big data management technologies such as Hadoop and Spark. The company plans to pursue a freemium business model and open source some of the developed code. This in turn may improve the data protection capabilities provided by existing freely available open source tools that can be used by many different companies and organizations.This Small Business Innovation Research (SBIR) Phase I project will prove the feasibility of a novel big data privacy, security and governance management tool. This new tool will provide enhanced security and privacy protection capabilities such as enforcing privacy policies using on-the-fly data masking, enforcing security policies using role-based access control techniques, and enforcing governance policies using data encryption, and advanced auditing and accountability features in one tool without the need to modify/change the underlying big data management system. To successfully develop the proposed prototype, the company will address many technical challenges such as developing efficient privacy-preserving policy enforcement solutions with very little overhead, and designing an interactive user interface that supports easy governance and privacy policy specification tasks. To address these technical challenges, the company proposes to leverage recent advances in aspect oriented programming to inject code directly into submitted data analysis jobs in a seamless manner to enable transparent data encryption, data sanitization, and accountability, compliance and governance policy enforcement. Using this injected code, the data that is stored in encrypted format could be decrypted and sanitized before it is used for data analysis as needed. Furthermore, necessary logs could be generated for accountability purposes.

Phase II

Contract Number: 1758628
Start Date: 4/1/2018    Completed: 3/31/2020
Phase II year
2018
(last award dollars: 2019)
Phase II Amount
$759,993

The broader impact/commercial potential of this Small Business Innovation Research (SBIR) Phase II project will be the creation of a new tool that could prevent the loss of sensitive data stored in big data management systems due to cyber-attacks. Furthermore, the proposed cybersecurity tool can allow organizations to audit their big data usage to prevent data misuse and comply with various privacy regulations. Recent attacks have shown that the leakage/stealing of stored data may result in enormous monetary loss and damage to organizational reputation, and increased identity theft risks for individuals. Furthermore, in the age of big data, protecting the security and privacy of stored data is paramount for maintaining public trust, and getting the full value from the collected data. The company's proposed tool will potentially have significant impact by addressing these important societal needs with respect to big data security and privacy. Based on customer discovery findings, this tool will also address an important customer need found in many different industries and has the potential to have significant commercial impact as more and more companies are adopting big data technologies.This Small Business Innovation Research Phase II project will commercialize a novel big data privacy, security and governance management tool that provides efficient data sanitization, attribute-based access control, accountability and governance policy enforcement capabilities for protecting sensitive data stored in big data management systems. In addition, the proposed product will provide novel data sensitivity aware intrusion detection capabilities. The Phase II research objectives are: 1) to develop an efficient attribute-based access control framework to prevent unauthorized access to sensitive data; 2) to develop data sanitization capabilities for complying with various regulations; 3) to develop a scalable audit log capture, storage and querying framework for increasing accountability for big data usage; and 4) to develop a data sensitivity aware intrusion detection framework to quickly detect potential attacks against sensitive data. These objectives pose significant research challenges with respect to scaling to big data without impacting the existing workflow of the companies. The company proposes to address these challenges by using novel code injection techniques combined with risk aware audit log generation and data sensitivity aware machine learning based intrusion detection techniques.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.