PDF(1150 KB)
Access control for Hadoop-based cloud computing
Zhihua WANG, Haibo PANG, Zhanbo LI
Journal of Tsinghua University(Science and Technology) ›› 2014, Vol. 54 ›› Issue (1) : 53-59.
PDF(1150 KB)
PDF(1150 KB)
Access control for Hadoop-based cloud computing
An identity-based capability (ID-CAP) method is given to provide secure access control to Hadoop cloud computing platforms. The capability-based access control design follows the least privilege principle with the platform running tenant jobs using a least privilege set. Tests show that the capability-based access control can be efficiently implemented to support mutual authentication between different servers in a Hadoop platform while satisfying the least privilege requirement to improve platform security and stability.
access control / capability / Hadoop / cloud computing / the least-privilege principle
| [1] | Lampson B K. Protection [J]. Operating Systems Review, 1974, 8(1): 18-24. |
| [2] | Snyder L. Formal models of capability-based protection systems[J]. IEEE Transactions on Computers, 1981, 30(3): 172-181. |
| [3] | Kain R Y, Landwehr C E. On access checking in capability-based systems[J]. IEEE Transactions on Software Engineering, 1987, SE13(2): 95-101. |
| [4] | Karger P A. Improving security and performance for capability systems [D]. London, UK: University of Cambridge, 1988. |
| [5] | Gong L. A secure identity-based capability system [C]// Proceedings of the 1989 IEEE Symposium on. Security and Privacy. Oakland, USA: IEEE Computer Society Press, 1989: 56-63. |
| [6] | Boebert W E. On the inability of an unmodified capability machine to enforce the property [C]// Proceedings of the 7th DoD/NBS Computer Security Conference. Gaithersburg, USA: National Bureau of Standards, 1984: 291-293. |
| [7] | Landwehr C E. Formal models for computer security[J]. ACM Computing Surveys, 1981, 13(3): 247-278. |
| [8] | Lampson B W. A note on the confinement problem[J]. Communications of the ACM on Operation Systems, 1973, 16(10): 613-615. |
/
| 〈 |
|
〉 |
