Big Data And A Black Hat

In just over a week, Black Hat USA 2013 will be convening at Caesar’s Palace in Las Vegas. In this series, intended to preview many of the talks and presentations scheduled for the event, SiliconANGLE will focus on the exploitative vulnerabilities associated with big data and how those vulnerabilities can be limited.

The first in our series focuses on a presentation by Dmitry Chastuhin, a student in the computer science department at St. Petersburg State Polytechnic University and an SAP acknowledged security expert. His presentation, entitled ‘With Big Data Comes Big Responsibility: Practical Exploiting of MDX Injections’ will be held Wednesday, July 31 at 10:15am.

Chastuhin’s abstract states he intends to delve into where critical data is stored prior to being explored for further analytics. Specifically, this refers to both Big Data and what is commonly referred to as Business Warehouse. With online analytical processing (OLAP) and its multi-dimensional structures replacing the previous online transaction processing systems (OLTP) protocol, Chastuhin notes the singularity of location for this critical corporate data makes it a particularly vulnerable target for potential attackers.

Of course, the mainstream adoption of a new protocol makes for a bit of a learning curve for organizations that adopt the technology and this is true with OLAP. Chastuhin will address terminologies associated with OLAP like: OLAP cube, measures, dimensions, XMLA and the MDX language. MDX is a crucial component for OLAP as it is the language used to make requests to multi-dimensional data structures.

With the wide adoption of OLAP, a substantial portion of the presentation will be spent going into detail on each of the individual components associated with this technology, most especially the MDX request language. Additionally, Chastuhin’s abstract states he will provide an overview of potential MDX-related attacks as well as highlighting code injection, data retrieval and update vectors.

Rounding out his presentation, Chastuhin will provide real-world examples of systems vulnerable to MDX-related exploitation, the system-related differences, post-exploitation vectors and instruction on how to simplify MDX Injections.

Black Hat USA 2013 will be held Saturday, July 27 through Thursday, August 1, 2013.