Design of a Security Framework on MapReduce

Abstract

To deploy Map-Reduce as a data processing service over cloud computing, we must provide necessary security mechanisms to protect customers confidential data processed. In this paper, we present Map-Reduce based framework which provides strong security and privacy guarantees for distributed computations on sensitive data. The framework is a novel integration of access control via attribute-based encryption, and privacy-preserving aggregate computation via homomorphic encryption. Data providers control the security policy for their sensitive data. Users without security expertise can perform computations on the data, but the framework confines these computations, preventing information leakage beyond the data provider's policy. Our prototype implementation demonstrates the flexibility of the framework on several case studies. It was proved more efficient than fully homomorphic encryption.