More Web Proxy on the site http://driver.im/

research-article

Public Access

Multi-Layer Authorization Framework for a Representative Hadoop Ecosystem Deployment

Authors:

Ravi SandhuAuthors Info & Claims

SACMAT '17 Abstracts: Proceedings of the 22nd ACM on Symposium on Access Control Models and Technologies

Pages 183 - 190

https://doi.org/10.1145/3078861.3084173

Published: 07 June 2017 Publication History

Abstract

Apache Hadoop is a predominant software framework to store and process vast amount of data, produced in varied formats. Data stored in Hadoop multi-tenant data lake often includes sensitive data such as social security numbers, intelligence sources and medical particulars, which should only be accessed by legitimate users. Apache Ranger and Apache Sentry are important authorization systems providing fine-grained access control across several Hadoop ecosystem services. In this paper, we provide a comprehensive explanation for the authorization framework offered by Hadoop ecosystem, incorporating core Hadoop 2.x native access control features and capabilities offered by Apache Ranger, with prime focus on data services including Apache Hive and Hadoop 2.x core services. A multi-layer authorization system is discussed and demonstrated, reflecting access control for services, data, applications and infrastructure resources inside a representative Hadoop ecosystem instance. A concrete use case is discussed to underline the application of aforementioned access control points. We use Hortonworks Hadoop distribution HDP 2.5 to exhibit this multi-layer access control framework.

References

[1]

Apache Ambari. https://ambari.apache.org/.

[2]

Apache Atlas. http://atlas.apache.org/.

[3]

Apache Hadoop. http://hadoop.apache.org/.

[4]

Apache Knox. https://knox.apache.org/.

[5]

Apache Ranger. http://ranger.apache.org/.

[6]

Apache Sentry. http://sentry.apache.org/.

[7]

Cloudera. Cloudera Distribution Hadoop. https://www.cloudera.com/.

[8]

Devaraj Das, Owen O'Malley, Sanjay Radia, and Kan Zhang. 2011. Adding Security to Apache Hadoop. Hortonworks, IBM (2011).

[9]

Balaji Ganeshan and Alok Nath. 2015. Dynamic Policy Hooks in Ranger. https://cwiki.apache.org/confluence/display/RANGER/Dynamic+Policy+Hooks+in+Ranger+-+Configure+and+Use. (2015).

[10]

John Gantz et al. 2012. Digital universe in 2020: Big data, bigger digital shadows, and biggest growth in the far east. IDC iView: IDC Analyze the future (2012).

[11]

Maanak Gupta, Farhan Patwa, and Ravi Sandhu. 2017. Object-Tagged RBAC Model for the Hadoop Ecosystem. In Proc. of IFIP DBSec (To appear). Springer, 18 Pages.

[12]

Maanak Gupta, Farhan Patwa, and Ravi Sandhu. 2017. POSTER: Access Control Model for the Hadoop Ecosystem. In Proc. of ACM SACMAT (To appear). ACM, 3 Pages.

Digital Library

[13]

Maanak Gupta and Ravi Sandhu. 2016. The GURAG Administrative Model for User and Group Attribute Assignment. In Proc. of NSS. Springer, 318--332.

[14]

Hortonworks. Hortonworks Data Platform. https://hortonworks.com/.

[15]

Robert Hryniewicz. 2016. Best Practices in HDFS Autorization with Apache Ranger. https://hortonworks.com/blog/best-practices-in-hdfs-authorization-with-apache-ranger/. (2016).

[16]

Robert Hryniewicz. 2016. Best Practices in Hive Autorization with Apache Ranger. https://hortonworks.com/blog/best-practices-for-hive-authorization-using-apache-ranger -in-hdp-2--2/. (2016).

[17]

MapR. Converged Data Platform. https://mapr.com/.

[18]

Madhan Neethiraj. 2016. Geo-location based policies. https://cwiki.apache.org/confluence/display/RANGER/Geo-location+based+policies. (2016).

[19]

Owen O'Malley, Kan Zhang, Sanjay Radia, Ram Marti, and Christopher Harrell. 2009. Hadoop Security Design. Yahoo, Inc., Tech. Rep (2009).

[20]

Ravi S. Sandhu, Edward J. Coyne, Hal L. Feinstein, and Charles E. Youman. 1996. Role-based access control models. IEEE Computer 29, 2 (1996), 38--47.

Digital Library

[21]

Ben Spivey and Joey Echeverria. 2015. Hadoop Security. Protecting your Platform. "O'Reilly Media, Inc."

Digital Library

[22]

Tom White. 2012. Hadoop: The Definitive Guide. "O'Reilly Media, Inc.".

Digital Library

[23]

Chandhu Yalla et al. 2016. Big Data: Intel IT's Secure Hadoop Platform. (2016).

Cited By

Gupta MAbdelsalam MKhorsandroo SMittal S(2020)Security and Privacy in Smart Farming: Challenges and OpportunitiesIEEE Access10.1109/ACCESS.2020.29751428(34564-34584)Online publication date: 2020
https://doi.org/10.1109/ACCESS.2020.2975142
Yang CChen TKristiani EWu S(2020)The implementation of data storage and analytics platform for big data lake of electricity usage with sparkThe Journal of Supercomputing10.1007/s11227-020-03505-6Online publication date: 13-Nov-2020
https://doi.org/10.1007/s11227-020-03505-6
Gupta MBenson JPatwa FSandhu RAhn GThuraisingham BKantarcioglu MKrishnan R(2019)Dynamic Groups and Attribute-Based Access Control for Next-Generation Smart CarsProceedings of the Ninth ACM Conference on Data and Application Security and Privacy10.1145/3292006.3300048(61-72)Online publication date: 13-Mar-2019
https://dl.acm.org/doi/10.1145/3292006.3300048
Show More Cited By

Index Terms

Multi-Layer Authorization Framework for a Representative Hadoop Ecosystem Deployment
1. Security and privacy
  1. Formal methods and theory of security
    1. Security requirements
  2. Security services
    1. Access control
    2. Authorization

Recommendations

POSTER: Access Control Model for the Hadoop Ecosystem
SACMAT '17 Abstracts: Proceedings of the 22nd ACM on Symposium on Access Control Models and Technologies

Apache Hadoop is an important framework for fault-tolerant and distributed storage and processing of Big Data. Hadoop core platform along with other open-source tools such as Apache Hive, Storm, HBase offer an ecosystem to enable users to fully harness ...
An Attribute-Based Access Control Model for Secure Big Data Processing in Hadoop Ecosystem
ABAC'18: Proceedings of the Third ACM Workshop on Attribute-Based Access Control

Apache Hadoop is a predominant software framework for distributed compute and storage with capability to handle huge amounts of data, usually referred to as Big Data. This data collected from different enterprises and government agencies often includes ...
Practical Hadoop Ecosystem: A Definitive Guide to Hadoop-Related Frameworks and Tools

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

SACMAT '17 Abstracts: Proceedings of the 22nd ACM on Symposium on Access Control Models and Technologies

June 2017

276 pages

ISBN:9781450347020

DOI:10.1145/3078861

General Chair:
Elisa Bertino
Purdue University, USA
,
Program Chairs:
Ravi Sandhu
University of Texas at San Antonio, USA
,
Edgar Weippl
SBA Research, Austria

Copyright © 2017 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 07 June 2017

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

National Science Foundation
DoD ARL
The Texas Sustainable Energy Research Institute at UTSA

Conference

SACMAT'17

Sponsor:

SIGSAC

SACMAT'17: The 22nd ACM Symposium on Access Control Models and Technologies

June 21 - 23, 2017

Indiana, Indianapolis, USA

Acceptance Rates

SACMAT '17 Abstracts Paper Acceptance Rate 14 of 50 submissions, 28%;

Overall Acceptance Rate 177 of 597 submissions, 30%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

14
Total Citations
View Citations
574
Total Downloads

Downloads (Last 12 months)127
Downloads (Last 6 weeks)11

Reflects downloads up to 13 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Gupta MAbdelsalam MKhorsandroo SMittal S(2020)Security and Privacy in Smart Farming: Challenges and OpportunitiesIEEE Access10.1109/ACCESS.2020.29751428(34564-34584)Online publication date: 2020
https://doi.org/10.1109/ACCESS.2020.2975142
Yang CChen TKristiani EWu S(2020)The implementation of data storage and analytics platform for big data lake of electricity usage with sparkThe Journal of Supercomputing10.1007/s11227-020-03505-6Online publication date: 13-Nov-2020
https://doi.org/10.1007/s11227-020-03505-6
Gupta MBenson JPatwa FSandhu RAhn GThuraisingham BKantarcioglu MKrishnan R(2019)Dynamic Groups and Attribute-Based Access Control for Next-Generation Smart CarsProceedings of the Ninth ACM Conference on Data and Application Security and Privacy10.1145/3292006.3300048(61-72)Online publication date: 13-Mar-2019
https://dl.acm.org/doi/10.1145/3292006.3300048
Awaysheh FCabaleiro JPena TAlazab M(2019)Big Data Security Frameworks Meet the Intelligent Transportation Systems Trust Challenges2019 18th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE)10.1109/TrustCom/BigDataSE.2019.00117(807-813)Online publication date: Aug-2019
https://doi.org/10.1109/TrustCom/BigDataSE.2019.00117
Li NGao HLiu LZhang FWang W(2019)Attack Models for Big Data Platform Hadoop2019 IEEE 5th Intl Conference on Big Data Security on Cloud (BigDataSecurity), IEEE Intl Conference on High Performance and Smart Computing, (HPSC) and IEEE Intl Conference on Intelligent Data and Security (IDS)10.1109/BigDataSecurity-HPSC-IDS.2019.00037(154-159)Online publication date: May-2019
https://doi.org/10.1109/BigDataSecurity-HPSC-IDS.2019.00037
Maleki NRahmani AConti M(2019)MapReduce: an infrastructure review and research insightsThe Journal of Supercomputing10.1007/s11227-019-02907-575:10(6934-7002)Online publication date: 1-Oct-2019
https://dl.acm.org/doi/10.1007/s11227-019-02907-5
Gupta MPatwa FSandhu RBertino ESandhu RKrishnan R(2018)An Attribute-Based Access Control Model for Secure Big Data Processing in Hadoop EcosystemProceedings of the Third ACM Workshop on Attribute-Based Access Control10.1145/3180457.3180463(13-24)Online publication date: 14-Mar-2018
https://dl.acm.org/doi/10.1145/3180457.3180463
Mayer BArnold JBegoli ERush EDrewry MBrown KPonce ESrinivas S(2018)Evaluating Text Analytic Frameworks for Mental Health Surveillance2018 IEEE 34th International Conference on Data Engineering Workshops (ICDEW)10.1109/ICDEW.2018.00014(39-47)Online publication date: Apr-2018
https://doi.org/10.1109/ICDEW.2018.00014
Gupta MPatwa FSandhu RBertino ESandhu RWeippl E(2017)POSTERProceedings of the 22nd ACM on Symposium on Access Control Models and Technologies10.1145/3078861.3084164(125-127)Online publication date: 7-Jun-2017
https://dl.acm.org/doi/10.1145/3078861.3084164
Gupta MPatwa FSandhu R(2017)Object-Tagged RBAC Model for the Hadoop EcosystemData and Applications Security and Privacy XXXI10.1007/978-3-319-61176-1_4(63-81)Online publication date: 22-Jun-2017
https://doi.org/10.1007/978-3-319-61176-1_4
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents