Object-Tagged RBAC Model for the Hadoop Ecosystem

Gupta, Maanak; Patwa, Farhan; Sandhu, Ravi

doi:10.1007/978-3-319-61176-1_4

Cited by 27 publications

(17 citation statements)

References 34 publications

(38 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The access control requirements and privacy analysis of Hadoop frameworks have been addressed in the literature [5,27]. Recently, Gupta et al [18] and [19] Big data privacy issues are also well addressed, and novel solutions have been proposed in [27,33,34,35], in addition to an SSO framework for Hadoop services in [36]. Colombo et al conducted a comprehensive study of big data technologies, including access control requirements, state-of-the-art and future trends, in [37,5,21].…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Next-generation big data federation access control: A reference model

Awaysheh

Alazab

Gupta

et al. 2020

Future Generation Computer Systems

Self Cite

View full text Add to dashboard Cite

This paper discusses one of the most significant challenges of next-generation big data (BD) federation platforms, namely, Hadoop access control. Privacy and security on a federation scale remain significant concerns among practitioners.Apache Hadoop [1], the BD landmark, has become a large-scale data analytics operating system. The large community behind Hadoop has been working to improve its stack to meet the increasing demands and requirements of BD.Enterprises across all major industries have adopted Hadoop due to its capability to store and process an abundance of new types of data and leverage modern data architecture. With a broad spectrum of both structured and unstructured workloads, Hadoop abstracts the computing resource management, task scheduling, and data management, while maintaining a satisfactory level of security and isolation.The Hadoop distributed file system (HDFS) [2] is typically deployed as part of a large-scale Hadoop platform to support commodity hardware and accommodate different processing frameworks. It is utilized to handle data management and access to the Hadoop ecosystem using a master/slave architecture. It is also successfully employed by several distributed systems and can be used by different resource schedulers as a data storage system, e.g., HTCondor [3] and Spark [4]. IAM in the HDFS ecosystem can be defined as the set of tools and mechanisms that enables end users and applications to interact securely with system core functionalities, thus ensuring appropriate access to data across the cluster. This security discipline can be separated into three abstraction layers: identification and access control, authentication, and authorization.As more services and users have joined the Hadoop federation portfolio in pursuit of a scalable BD hub, access control has become increasingly critical.One of the main obstacles in the development of an adaptive access control solution for BD platforms is the lack of a standard model to which access control rules and the associated enforcement monitor can be bound. A recent study [5] indicates that BD, as an emerging research trend, lacks standardized models

show abstract

Section: Related Workmentioning

confidence: 99%

“…We have formally defined the federation supported access control model in Table 2. This model has been adapted from the object tagged RBAC model [19] for Hadoop, and introduces required components to demonstrate the federation. User Subject…”

Section: Formal Access Control Model Componentsmentioning

confidence: 99%

Next-generation big data federation access control: A reference model

Awaysheh

Alazab

Gupta

et al. 2020

Future Generation Computer Systems

Self Cite

View full text Add to dashboard Cite

show abstract

“…A recent work targeting access control enforcement within MapReduce systems is described in Gupta et al (2017). More precisely, Gupta et al (2017) introduces the foundations of an access control model, called HeAC, which formalizes the authorization model of Apache Ranger 6 and Apache Sentry 7 , as well as the native access control features of Hadoop. Apache Ranger and Apache Sentry represent state of the art technologies for the enforcement of fine grained access control in Hadoop ecosystems.…”

Section: Mapreduce Systemsmentioning

confidence: 99%

“…Authorization assignments are specified for operations and objects, possibly on the basis of object tags, namely attributes specifying properties, like sensitivity, content, or expiration date. Moreover, Gupta et al (2017) introduces the foundation of Object Tagged RBAC, an RBAC model which, while preserving RBAC role based permission assignments, introduces support for object attributes. A prototypical implementation of the model has been defined by introducing role support into Apache Ranger.…”

Section: Mapreduce Systemsmentioning

confidence: 99%

Access control technologies for Big Data management systems: literature review and future trends

Colombo

Ferrari

2019

Cybersecur

View full text Add to dashboard Cite

Data security and privacy issues are magnified by the volume, the variety, and the velocity of Big Data and by the lack, up to now, of a reference data model and related data manipulation languages. In this paper, we focus on one of the key data security services, that is, access control, by highlighting the differences with traditional data management systems and describing a set of requirements that any access control solution for Big Data platforms may fulfill. We then describe the state of the art and discuss open research issues.

show abstract

“…Since the authors of this scheme proposed only a conceptual model, the next step that they would like to do is to implement the actual model in the Hadoop Framework. In 2018, Gubta et al [Gupta, Patwa, and Sandhu (2017)] proposed a fine-grained Attribute-Based Access Control model (HeABAC), which satisfies the security and privacy necessities of multi-tenant Hadoop environment. The scheme is an extension to the existing Hadoop Access Control model (HeAC), which includes the authorization capabilities of core Hadoop (2.x), two important security projects, such as Apache Ranger (version 0.6), Sentry (version 1.7.0), and RBAC extension object-tagged rolebased access control (OT-RBAC) model [Wenrong, Yang and Luo (2013)], a previously proposed work done by the same authors.…”

Section: Framework For Access Control Big Datamentioning

confidence: 99%

Security and Privacy Frameworks for Access Control Big Data Systems

Centonze¹

2019

Computers, Materials &Amp; Continua

View full text Add to dashboard Cite

In the security and privacy fields, Access Control (AC) systems are viewed as the fundamental aspects of networking security mechanisms. Enforcing AC becomes even more challenging when researchers and data analysts have to analyze complex and distributed Big Data (BD) processing cluster frameworks, which are adopted to manage yottabyte of unstructured sensitive data. For instance, Big Data systems' privacy and security restrictions are most likely to failure due to the malformed AC policy configurations. Furthermore, BD systems were initially developed toped to take care of some of the DB issues to address BD challenges and many of these dealt with the "three Vs" (Velocity, Volume, and Variety) attributes, without planning security consideration, which are considered to be patch work. Some of the BD "three Vs" characteristics, such as distributed computing, fragment, redundant data and node-to node communication, each with its own security challenges, complicate even more the applicability of AC in BD. This paper gives an overview of the latest security and privacy challenges in BD AC systems. Furthermore, it analyzes and compares some of the latest AC research frameworks to reduce privacy and security issues in distributed BD systems, which very few enforce AC in a cost-effective and in a timely manner. Moreover, this work discusses some of the future research methodologies and improvements for BD AC systems. This study is valuable asset for Artificial Intelligence (AI) researchers, DB developers and DB analysts who need the latest AC security and privacy research perspective before using and/or improving a current BD AC framework.

show abstract

Object-Tagged RBAC Model for the Hadoop Ecosystem

Cited by 27 publications

References 34 publications

Next-generation big data federation access control: A reference model

Next-generation big data federation access control: A reference model

Access control technologies for Big Data management systems: literature review and future trends

Security and Privacy Frameworks for Access Control Big Data Systems

Contact Info

Product

Resources

About