Computer Science

Computer Science ›› 2014, Vol. 41 ›› Issue (5): 155-163.doi: 10.11896/j.issn.1002-137X.2014.05.033

Previous Articles     Next Articles

New Trust Based Access Control Model in Hadoop

LIU Sha and TAN Liang   

  • Online:2018-11-14 Published:2018-11-14

PDF (PC)

65

Abstract: Hadoop is one of the most popular cloud computing platforms.In this platform,the existing access control model adopts Kerberos for identity verification,combines with authorization mechanism based on ACL,and uses the Delegation Token and Block Access Token,realizing a simple access control mechanism.There is an obvious shortco-ming in this model,namely,it considers only the identity authenticity of a user while authorizing,nevertheless the credibi-lity of its following behaviors.Once access control right is granted,there won’t be any kind of supervision.This paper proposed a new trust-based access control model in Hadoop,which is based on the existing access control model in Hadoop and is called LT.LT sets a trust value for each user,updates this value according to users’ behavior records,and controls the user to access Hadoop cluster with the trust value dynamically.Comparing with the existing access control model in Hadoop,the access and authorization mechanism realized in LT isn’t a one-time access and authorization,but a thoroughly real-time and dynamic process,so LT is more secure,more flexible and has a finer control particle size.Experiments show that this model is not only right and effective but also overcomes the disadvantage on lacking of security about the existing access control model in Hadoop.It can control a user to access or use the resources supplied by a Hadoop cluster dynamically and effectively.

[1] 刘玮,王丽宏.云计算应用及其安全问题研究[J].计算机研究与发展,2012,49:186-191
[2] 云计算百科.什么是云计算平台?云计算平台有哪些?[EB/OL].http://www.cloudwhy.com/ mingci/2011/0317/128.html,2012-06-12
[3] 韩伟,张福生,胡志勇.基于Hadoop云计算平台下DDoS攻击防御研究[D].太原:太原科技大学,2011,7
[4] Hadoop.[EB/OL].http://hadoop.apache.org/,2012-06-12
[5] Nutch.[EB/OL].http://nutch.apache.org/,2012-06-12
[6] White T.Hadoop:The Definitive Guide(2ndedition)[M].2009-05
[7] it168.com.浅谈Hadoop系统架构与海量数据分析[EB/OL].http://wenku.it168.com/d_ 00076703.shtml,2012-06-12
[8] Becherer A.Attacking Kerberos and the New Hadoop Security Design[EB/OL].http://www.ipma-wa.com/prof_dev/2011/HadoopSecurityDesign_201104_AndrewBecherer.pdf,2012-06-13
[9] Yahoo.Scaling Hadoop to 4000nodes atYahoo! [EB/OL].http://developer.yahoo.com/blogs/hadoop/scaling-hadoop-4000-nodes-yahoo-410.html,2008-09-30
[10] O’Malley O,Zhang Kan,Radia S.Hadoop Security Design[EB/OL].http:/www.valleytalk.org/wp-content/uploads/2013/03/hadoop-security-design.pdf,2009-10
[11] Hadoop Releases[EB/OL].http://hadoop.apache.org/co-mmon/releases.html,2012-06-14
[12] Yahoo,Hadoop 0.20.S Virtual Machine Appliance[EB/OL].http://developer.yahoo.com/blogs/hadoop/hadoop-0-20-virtual-machine-appliance-460.html,2010-06-29
[13] Cloudera.CDH3 Security Guide[EB/OL].https://ccp.clou-dera.com/display/CDHDOC/CDH3+Security+Guide
[14] Chang Bao-rong,Tsai H F.Access Security on Cloud Computing Implemented in Hadoop System[C]∥IEEE 2011Fifth International Conference on Genetic and Evolutionary Computing.2010,27:77-80
No related articles found!
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.