Attribute-based Access Control Model for Hadoop
- 分享到:
摘要:
针对Hadoop平台缺乏有效访问控制机制的问题,提出一种适用于Hadoop平台的基于属性访问控制模型H-ABAC.该模型将传统ABAC模型扩充为五元组,加入安全等级属性增加了灵活性,选择XACML为策略描述语言并提供标准化、可大规模扩展的访问控制策略.对该模型进行形式化定义,构建模型框架并详述各个模块的功能与实现,对模型的适用性和优势进行了分析.分析得出:该模型可以满足自主、细粒度以及动态授权的需求.仿真实验显示:H-ABAC可以有效控制策略数量并且减少系统的开销,所增加时间开销也在可控范围之内.
An attribute-based access control model for Hadoop(H-ABAC)is proposed to solve the access control problem in Hadoop.The traditional ABAC model is expanded to five elements.The security level is considered as an important element for H-ABAC like subject,object,operation and environment.Standardized and extensible access control policies are evolved by XACML.Modules of H-ABAC are formally defined.The functions and implementation of these modules are detailedly described.The applicabilities and superiorities of H-ABAC are analysed.The conclusion shows that H-ABAC can provide independent,fine-grained and dynamic access control and Reduce the system overhead.The simulation experiment shows that H-ABAC can keep the amount of access control policies slowly increasing and the cost of time is acceptable.All that shows H-ABAC is a practical access control model for Hadoop.
作者:
陈垚坤 刘文丽
CHEN Yaokun LIU Wenli(Jiangnan CoMputing Technology Research Institute, Wuxi 214083, China)
机构地区:
江南计算技术研究所
出处:
《betway官方app 学报:自然科学版》 CAS 北大核心 2016年第5期146-153,共8页
基金:
国家核高基项目(2013ZX01029002-001)
关键词:
HADOOP 访问控制 基于属性 XACML 细粒度
Hadoop access control attribute-based XACML fine-grained
分类号:
TP393 [自动化与计算机技术—计算机应用技术]
