Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Bücher
Zeitschriften
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
ATZ-Fachkongress

Chassis.tech plus 2024


4 Kongresse in einer Veranstaltung

Treffen Sie in München die Fachleute von Chassis, Lenkung, Bremsen sowie Reifen/Räder.
Erweiterte Suche
Anmelden
nach oben
Erschienen in:
Cryptographically Enforced Role-Based Access Control for NoSQL Distributed Databases Kapitel lesen Erstes Kapitel lesen

2017 | OriginalPaper | Buchkapitel

Object-Tagged RBAC Model for the Hadoop Ecosystem

verfasst von : Maanak Gupta, Farhan Patwa, Ravi Sandhu

Erschienen in: Data and Applications Security and Privacy XXXI

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

Hadoop ecosystem provides a highly scalable, fault-tolerant and cost-effective platform for storing and analyzing variety of data formats. Apache Ranger and Apache Sentry are two predominant frameworks used to provide authorization capabilities in Hadoop ecosystem. In this paper we present a formal multi-layer access control model (called \(\mathrm {HeAC}\)) for Hadoop ecosystem, as an academic-style abstraction of Ranger, Sentry and native Apache Hadoop access-control capabilities. We further extend \(\mathrm {HeAC}\) base model to provide a cohesive object-tagged role-based access control (OT-RBAC) model, consistent with generally accepted academic concepts of RBAC. Besides inheriting advantages of RBAC, OT-RBAC offers a novel method for combining RBAC with attributes (beyond NIST proposed strategies). Additionally, a proposed implementation approach for OT-RBAC in Apache Ranger, is presented. We further outline attribute-based extensions to OT-RBAC.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren
Vorheriges Kapitel Preventing Unauthorized Data Flows
Nächstes Kapitel Identification of Access Control Policy Sentences from Natural Language Policy Documents
Literatur
1.
2.
3.
4.
5.
6.
7.
8.
Al-Kahtani, M.A., Sandhu, R.: A model for attribute-based user-role assignment. In: Proceedings of IEEE ACSAC, pp. 353–362 (2002)
9.
Armando, A., Bezzi, M., Metoui, N., Sabetta, A.: Risk-based privacy-aware information disclosure. IJSSE 6(2), 70–89 (2015)
10.
Badar, N., Vaidya, J., Atluri, V., Shafiq, B.: Risk based access control using classification. In: Al-Shaer, E., Ou, X., Xie, G. (eds.) Automated Security Management, pp. 79–95. Springer, Cham (2013)CrossRef
11.
Barhamgi, M., Benslimane, D., Oulmakhzoune, S., Cuppens-Boulahia, N., Cuppens, F., Mrissa, M., Taktak, H.: Secure and privacy-preserving execution model for data services. In: Salinesi, C., Norrie, M.C., Pastor, Ó. (eds.) CAiSE 2013. LNCS, vol. 7908, pp. 35–50. Springer, Heidelberg (2013). doi:10.​1007/​978-3-642-38709-8_​3 CrossRef
12.
Colombo, P., Ferrari, E.: Complementing MongoDB with advanced access control features: concepts and research challenges. In: Proceedings of SEBD 2015 (2015)
13.
Colombo, P., Ferrari, E.: Privacy aware access control for Big Data: a research roadmap. Big Data Res. 2(4), 145–154 (2015)CrossRef
14.
Das, D., O’Malley, O., Radia, S., Zhang, K.: Adding security to Apache Hadoop. Hortonworks, IBM (2011)
15.
Derbeko, P., Dolev, S., Gudes, E., Sharma, S.: Security and privacy aspects in mapreduce on clouds: a survey. Comput. Sci. Rev. 20, 1–28 (2016)MathSciNetCrossRefMATH
16.
Di Vimercati, S.D.C., Foresti, S., Paraboschi, S., Pelosi, G., Samarati, P.: Protecting access confidentiality with data distribution and swapping. In: Proceedings of IEEE BdCloud, pp. 167–174 (2014)
17.
Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST standard for role-based access control. ACM TISSEC 4(3), 224–274 (2001)CrossRef
18.
Gupta, M., Patwa, F., Benson, J., Sandhu, R.: Multi-layer authorization framework for a representative Hadoop ecosystem deployment. In: Proceedings of ACM SACMAT (2017, to appear). 8 pages
19.
Gupta, M., Patwa, F., Sandhu, R.: POSTER: access control model for the Hadoop ecosystem. In: Proceedings of ACM SACMAT (2017, to appear). 3 pages
20.
Gupta, M., Sandhu, R.: The \(\rm GURA_G\) administrative model for user and group attribute assignment. In: Chen, J., Piuri, V., Su, C., Yung, M. (eds.) NSS 2016. LNCS, vol. 9955, pp. 318–332. Springer, Cham (2016). doi:10.​1007/​978-3-319-46298-1_​21 CrossRef
21.
Hsu, A.C., Ray, I.: Specification and enforcement of location-aware attribute-based access control for online social networks. In: Proceedings of ACM ABAC 2016, pp. 25–34 (2016)
22.
Hu, V.C., Grance, T., Ferraiolo, D.F., Kuhn, D.R.: An access control scheme for Big Data processing. In: Proceedings of IEEE CollaborateCom, pp. 1–7 (2014)
23.
Hu, V.C., Kuhn, D.R., Ferraiolo, D.F.: Attribute-based access control. IEEE Comput. 48(2), 85–88 (2015)CrossRef
24.
Jin, X., Krishnan, R., Sandhu, R.: A unified attribute-based access control model covering DAC, MAC and RBAC. In: Cuppens-Boulahia, N., Cuppens, F., Garcia-Alfaro, J. (eds.) DBSec 2012. LNCS, vol. 7371, pp. 41–55. Springer, Heidelberg (2012). doi:10.​1007/​978-3-642-31540-4_​4 CrossRef
25.
Jin, X., Sandhu, R., Krishnan, R.: RABAC: role-centric attribute-based access control. In: Kotenko, I., Skormin, V. (eds.) MMM-ACNS 2012. LNCS, vol. 7531, pp. 84–96. Springer, Heidelberg (2012). doi:10.​1007/​978-3-642-33704-8_​8 CrossRef
26.
Krautsevich, L., Lazouski, A., Martinelli, F., Yautsiukhin, A.: Towards attribute-based access control policy engineering using risk. In: Bauer, T., Großmann, J., Seehusen, F., Stølen, K., Wendland, M.-F. (eds.) RISK 2013. LNCS, vol. 8418, pp. 80–90. Springer, Cham (2014). doi:10.​1007/​978-3-319-07076-6_​6
27.
Kuhn, D.R., Coyne, E.J., Weil, T.R.: Adding attributes to role-based access control. IEEE Comput. 43(6), 79–81 (2010)CrossRef
28.
Lu, H., Hong, Y., Yang, Y., Duan, L., Badar, N.: Towards user-oriented RBAC model. J. Comput. Secur. 23(1), 107–129 (2015)CrossRef
29.
Lu, R., Zhu, H., Liu, X., Liu, J.K., Shao, J.: Toward efficient and privacy-preserving computing in Big Data era. IEEE Netw. 28(4), 46–50 (2014)CrossRef
30.
Moyano, F., Fernandez-Gago, C., Lopez, J.: A conceptual framework for trust models. In: Fischer-Hübner, S., Katsikas, S., Quirchmayr, G. (eds.) TrustBus 2012. LNCS, vol. 7449, pp. 93–104. Springer, Heidelberg (2012). doi:10.​1007/​978-3-642-32287-7_​8 CrossRef
31.
Nunez, D., Agudo, I., Lopez, J.: Delegated access for Hadoop clusters in the cloud. In: Proceedings of IEEE CloudCom, pp. 374–379 (2014)
32.
OMalley, O., Zhang, K., Radia, S., Marti, R., Harrell, C.: Hadoop security design. Technical report, Yahoo Inc. (2009)
33.
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. IEEE Comput. 29(2), 38–47 (1996)CrossRef
34.
Sänger, J., Richthammer, C., Hassan, S., Pernul, G.: Trust and Big Data: a roadmap for research. In: Proceedings of IEEE DEXA, pp. 278–282. IEEE (2014)
35.
Servos, D., Osborn, S.L.: HGABAC: towards a formal model of hierarchical attribute-based access control. In: Cuppens, F., Garcia-Alfaro, J., Zincir Heywood, N., Fong, P.W.L. (eds.) FPS 2014. LNCS, vol. 8930, pp. 187–204. Springer, Cham (2015). doi:10.​1007/​978-3-319-17040-4_​12
36.
Sharma, P.P., Navdeti, C.P.: Securing big data Hadoop: a review of security issues, threats and solution. IJCSIT 5, 2126–2131 (2014)
37.
Soria-Comas, J., Domingo-Ferrer, J.: Big Data privacy: challenges to privacy principles and models. Data Sci. Eng. 1(1), 21–28 (2016)CrossRef
38.
Tene, O., Polonetsky, J.: Big Data for all: privacy and user control in the age of analytics. Nw. J. Tech. Intell. Prop. 11, xxvii (2012)
39.
Ulusoy, H., Colombo, P., Ferrari, E., Kantarcioglu, M., Pattuk, E.: GuardMR: fine-grained security policy enforcement for MapReduce systems. In: Proceedings of ACM ASIACCS, pp. 285–296 (2015)
40.
Ulusoy, H., Kantarcioglu, M., Pattuk, E., Hamlen, K.: Vigiles: fine-grained access control for MapReduce systems. In: Proceedings of IEEE Big Data Congress, pp. 40–47 (2014)
41.
Vimercati, S.D.C.D., Foresti, S., Paraboschi, S., Pelosi, G., Samarati, P.: Shuffle index: efficient and private access to outsourced data. ACM TOS 11(4), 19 (2015)
42.
Wang, L., Wijesekera, D., Jajodia, S.: A logic-based framework for attribute based access control. In: Proceedings of ACM FMSE, pp. 45–55 (2004)
43.
White, T.: Hadoop: The Definitive Guide. O’Reilly Media, Inc., Sebastopol (2012)
44.
Wrona, K., Oudkerk, S., Armando, A., Ranise, S., Traverso, R., Ferrari, L., McEvoy, R.: Assisted content-based labelling and classification of documents. In: Proceedings of IEEE ICMCIS, pp. 1–7 (2016)
45.
Yu, S., Wang, C., Ren, K., Lou, W.: Attribute based data sharing with attribute revocation. In: Proceedings of ACM ASIACCS, pp. 261–270 (2010)
46.
Zhao, J., Wang, L., Tao, J., Chen, J., Sun, W., Ranjan, R., Kołodziej, J., Streit, A., Georgakopoulos, D.: A security framework in G-Hadoop for Big Data computing across distributed cloud data centres. JCSS 80(5), 994–1007 (2014)MathSciNetMATH
Metadaten
Titel
Object-Tagged RBAC Model for the Hadoop Ecosystem
verfasst von
Maanak Gupta
Farhan Patwa
Ravi Sandhu
Copyright-Jahr
2017
Buch
Data and Applications Security and Privacy XXXI

Print ISBN: 978-3-319-61175-4

Electronic ISBN: 978-3-319-61176-1

Copyright-Jahr: 2017

DOI
https://doi.org/10.1007/978-3-319-61176-1_4

Premium Partner

    Bildnachweise