An identity-based capability (ID-CAP) method is given to provide secure access control to Hadoop cloud computing platforms. The capability-based access control design follows the least privilege principle with the platform running tenant jobs using a least privilege set. Tests show that the capability-based access control can be efficiently implemented to support mutual authentication between different servers in a Hadoop platform while satisfying the least privilege requirement to improve platform security and stability.
Lampson B K. Protection [J]. Operating Systems Review, 1974, 8(1): 18-24.
Snyder L. Formal models of capability-based protection systems[J]. IEEE Transactions on Computers, 1981, 30(3): 172-181.
Kain R Y, Landwehr C E. On access checking in capability-based systems[J]. IEEE Transactions on Software Engineering, 1987, SE13(2): 95-101.
Karger P A. Improving security and performance for capability systems [D]. London, UK: University of Cambridge, 1988.
Gong L. A secure identity-based capability system [C]// Proceedings of the 1989 IEEE Symposium on. Security and Privacy. Oakland, USA: IEEE Computer Society Press, 1989: 56-63.
Boebert W E. On the inability of an unmodified capability machine to enforce the property [C]// Proceedings of the 7th DoD/NBS Computer Security Conference. Gaithersburg, USA: National Bureau of Standards, 1984: 291-293.
Landwehr C E. Formal models for computer security[J]. ACM Computing Surveys, 1981, 13(3): 247-278.
Lampson B W. A note on the confinement problem[J]. Communications of the ACM on Operation Systems, 1973, 16(10): 613-615.