Access control for Hadoop-based cloud computing

Abstract
Figures/Tables
References
Related Articles
Metrics

Download: PDF(1150 KB) HTML
Export: BibTeX | EndNote | Reference Manager | ProCite | RefWorks Supporting Info

Guide

Abstract

An identity-based capability (ID-CAP) method is given to provide secure access control to Hadoop cloud computing platforms. The capability-based access control design follows the least privilege principle with the platform running tenant jobs using a least privilege set. Tests show that the capability-based access control can be efficiently implemented to support mutual authentication between different servers in a Hadoop platform while satisfying the least privilege requirement to improve platform security and stability.

Keywords access control capability Hadoop cloud computing the least-privilege principle

ZTFLH:

Fund:

Issue Date: 15 January 2014

	Service

	E-mail this article
	E-mail Alert
	RSS
	Articles by authors

	Zhihua WANG
	Haibo PANG
	Zhanbo LI

Cite this article:

Zhihua WANG,Haibo PANG,Zhanbo LI. Access control for Hadoop-based cloud computing[J]. Journal of Tsinghua University(Science and Technology), 2014, 54(1): 53-59.

URL:

http://jst.tsinghuajournals.com/EN/ OR http://jst.tsinghuajournals.com/EN/Y2014/V54/I1/53

[1]	Lampson B K. Protection [J]. Operating Systems Review, 1974, 8(1): 18-24. url: http://dx.doi.org/10.1145/775265.775268
[2]	Snyder L. Formal models of capability-based protection systems[J]. IEEE Transactions on Computers, 1981, 30(3): 172-181.
[3]	Kain R Y, Landwehr C E. On access checking in capability-based systems[J]. IEEE Transactions on Software Engineering, 1987, SE13(2): 95-101.
[4]	Karger P A. Improving security and performance for capability systems [D]. London, UK: University of Cambridge, 1988.
[5]	Gong L. A secure identity-based capability system [C]// Proceedings of the 1989 IEEE Symposium on. Security and Privacy. Oakland, USA: IEEE Computer Society Press, 1989: 56-63.
[6]	Boebert W E. On the inability of an unmodified capability machine to enforce the property [C]// Proceedings of the 7th DoD/NBS Computer Security Conference. Gaithersburg, USA: National Bureau of Standards, 1984: 291-293.
[7]	Landwehr C E. Formal models for computer security[J]. ACM Computing Surveys, 1981, 13(3): 247-278. url: http://dx.doi.org/10.1145/356850.356852
[8]	Lampson B W. A note on the confinement problem[J]. Communications of the ACM on Operation Systems, 1973, 16(10): 613-615.

[1]	LI Cong, LU Yifei, CHEN Chen, XU Zixuan, YANG Rui. Analysis of emergency rescue characteristics and evaluation of rescue capability for accidents associated with urban gas pipeline networks[J]. Journal of Tsinghua University(Science and Technology), 2023, 63(10): 1537-1547.
[2]	CAO Laicheng, LI Yuntao, WU Rong, GUO Xian, FENG Tao. Multi-key privacy protection decision tree evaluation scheme[J]. Journal of Tsinghua University(Science and Technology), 2022, 62(5): 862-870.
[3]	LI Qing, FAN Yiping, LI Dachuan, JIANG Xin, LIU Enyu, CHEN Jia. Architecture of a microservice-based flight management system simulation[J]. Journal of Tsinghua University(Science and Technology), 2020, 60(7): 589-596.
[4]	YIN Mingwei, WANG Xianyu, LI Jingyang, BAOYIN Hexi. Assessing spacecraft agility[J]. Journal of Tsinghua University(Science and Technology), 2019, 59(9): 720-728.
[5]	WANG Kai, LIU Ronghua, WEI Jiahua, LIU Qi, WANG Guangqian. Model integration methods in the hydro-modeling platform (HydroMP) based on cloud computing[J]. Journal of Tsinghua University(Science and Technology), 2019, 59(12): 1006-1015.
[6]	LI Taoshen, LIU Qing, HUANG Ruwei. Multi-user fully homomorphic encryption scheme based on proxy re-encryption for cloud computing[J]. Journal of Tsinghua University(Science and Technology), 2018, 58(2): 143-149.
[7]	LEI Zhen, TANG Wenzhe, SUN Hongxin, YOU Richun. Relationships between organizational network coordination and capability: Evidence from Chinese hydropower firms[J]. Journal of Tsinghua University(Science and Technology), 2017, 57(7): 738-746.
[8]	LIU Jinzhao, ZHOU Yuezhi, ZHANG Yaoxue. Wavelet-based approach for anomaly detection of online services in cloud computing systems[J]. Journal of Tsinghua University(Science and Technology), 2017, 57(5): 550-554.
[9]	LI Yu, ZHAO Yong, GUO Xiaodong, LIU Guole. An assurance model for accesscontrol on cloud computing systems[J]. Journal of Tsinghua University(Science and Technology), 2017, 57(4): 432-436.
[10]	GAO Xiaolin, YAN Jian, LU Jianhua. Priority weighted rate control algorithm in aeronautical Ad hoc networks[J]. Journal of Tsinghua University(Science and Technology), 2017, 57(3): 293-298.
[11]	WANG Yuding, YANG Jiahai. Data access control model based on data's role and attributes for cloud computing[J]. Journal of Tsinghua University(Science and Technology), 2017, 57(11): 1150-1158.
[12]	LIU Yang, WEI Wei. Fast Nash bargaining algorithm for resource scheduling problems with a large number of media streaming channels[J]. Journal of Tsinghua University(Science and Technology), 2017, 57(10): 1056-1062.
[13]	TIAN Wenhong, LI Guozhong, CHEN Yu, HUANG Chaojie, YANG Wutong. Combined load balancing and energy efficiency in Hadoop[J]. Journal of Tsinghua University(Science and Technology), 2016, 56(11): 1226-1231.
[14]	QIANG Maoshan, YUAN Shangnan, WEN Qi. Team capabilities in engineering projects: Measurement and evaluation[J]. Journal of Tsinghua University(Science and Technology), 2015, 55(6): 624-632.
[15]	Lungui ZHENG,Zheng YOU,Gaofei ZHANG,Shumin ZHAO. Acquisition of weak GNSS signals based on non-coherent integration[J]. Journal of Tsinghua University(Science and Technology), 2014, 54(6): 794-798.

Viewed

Full text

Abstract

Cited

Shared

Discussed