DISTRIBUTED BIG DATA SECURITY ARCHITECTURE
First Claim
1. A system of a resource management platform, comprising:
- one or more processors;
memory coupled to the one or more processors, the memory including one or more modules that are executable by the one or more processors to;
receive a message that includes a request from a subject to access a set of data items associated with a secure data container;
identify a set of permissions associated with the subject based at least in part on the message, the message including a set of access permissions that authorize the subject to access the set of data items having a first data sensitivity rating;
determine that the subject is authorized to access the secure data container based on a comparison of the set of access permissions and a second data sensitivity rating associated with the secure data container; and
establish a secure data corridor between the subject and the secure data container, the secure data corridor having a third data sensitivity rating that is based at least in part on the first data sensitivity rating and the second data sensitivity rating.
5 Assignments
0 Petitions
Accused Products
Abstract
This disclosure describes techniques for defining security measures of a secure data corridor that enables data feeds to transmit from an ingress point to an egress point, while maintaining a desired security protection. This disclosure further describes techniques to quantify the desired security protection by determining and further associating a data sensitivity rating with individual data feeds in transmit through the secure data corridor. In some examples, the data sensitivity rating of the secure data corridor may be locked at a default rating that is commensurate with access permissions of a subject or a data sensitivity rating of an adjoining secure data container. Alternatively, the data sensitivity rating may be dynamically set based on data feeds transmitting through the secure data corridor or set based on the data sensitivity rating of data feeds at an ingress point or egress point of the secure data corridor.
22 Citations
20 Claims
-
1. A system of a resource management platform, comprising:
-
one or more processors; memory coupled to the one or more processors, the memory including one or more modules that are executable by the one or more processors to; receive a message that includes a request from a subject to access a set of data items associated with a secure data container; identify a set of permissions associated with the subject based at least in part on the message, the message including a set of access permissions that authorize the subject to access the set of data items having a first data sensitivity rating; determine that the subject is authorized to access the secure data container based on a comparison of the set of access permissions and a second data sensitivity rating associated with the secure data container; and establish a secure data corridor between the subject and the secure data container, the secure data corridor having a third data sensitivity rating that is based at least in part on the first data sensitivity rating and the second data sensitivity rating. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A computer-implemented method, comprising:
-
under control of one or more processors; receiving a request to from a subject to access a set of data items associated with a use case, the use case being associated with a secure data container; determining that the subject is authorized to access the set of data items, based at least in part on access privileges of the subject and a first data sensitivity rating associated with the use case; and establishing a secure data corridor between the subject and the secure data container, the secure data corridor having a second data sensitivity rating that is at least substantially similar to the first data sensitivity rating. - View Dependent Claims (14, 15, 16, 17)
-
-
18. One or more non-transitory computer-readable media storing computer-executable instructions, that when executed on one or more processors, causes the one or more processors to perform acts comprising:
-
receiving a request from a subject to access data feeds associated with a use case, the use case having a first data sensitivity rating; determining that the subject is authorized to access data items associated with the use case; and establishing, via a scheduling algorithm, a secure data corridor between the subject and a secure data container associated with the use case, the secure data corridor having a second data sensitivity rating that is greater than or equal to the first data sensitivity rating. - View Dependent Claims (19, 20)
-
Specification