Vigiles: Fine-Grained Access Control for MapReduce Systems

Ulusoy, Huseyin; Kantarcıoğlu, Murat; Pattuk, Erman; Hamlen, Kevin W.

doi:10.1109/bigdata.congress.2014.16

Cited by 41 publications

(16 citation statements)

References 23 publications

(18 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Apache Accumulo is built on top of Apache Hadoop, Zookeeper, and Thrift. [3] M 8 Apache Sentry [4] S Apache Ranger [4] M Project Rhino [5] S Apache Accumulo [6] S Airavat [92] S Khaled et al [57] Vigiles [109] GuardMR [107] G-Hadoop [135] SecDM [97] M iBigTable [119] Lin et al [64] S 9 10 SAPSC [96] M ClusterBFT [99] S, H 11 Moca et al [76] SecureMR [118] S AccountableMR [123] S VIAF [115] S CCMR [116] M IntegrityMR [117] M VAWS [39] S Hatman [58] S 12 TrustMR [108] S TS-TRV [38] S Log-based [125] S Watermarking based [53,37] S Accountable MapReduce (RBAC) [110] S Airavat. Airavat [92] is a system that provides mandatory access control together with differential privacy for data protection.…”

Section: Authentication Authorization and Access Control Based Apprmentioning

confidence: 99%

Security and privacy aspects in MapReduce on clouds: A survey

Derbeko

Dolev

Gudes

et al. 2016

Computer Science Review

View full text Add to dashboard Cite

MapReduce is a programming system for distributed processing large-scale data in an efficient and fault tolerant manner on a private, public, or hybrid cloud. MapReduce is extensively used daily around the world as an efficient distributed computation tool for a large class of problems, e.g., search, clustering, log analysis, different types of join operations, matrix multiplication, pattern matching, and analysis of social networks. Security and privacy of data and MapReduce computations are essential concerns when a MapReduce computation is executed in public or hybrid clouds. In order to execute a MapReduce job in public and hybrid clouds, authentication of mappers-reducers, confidentiality of data-computations, integrity of data-computations, and correctness-freshness of the outputs are required. Satisfying these requirements shield the operation from several types of attacks on data and MapReduce computations. In this paper, we investigate and discuss security and privacy challenges and requirements, considering a variety of adversarial capabilities, and characteristics in the scope of MapReduce. We also provide a review of existing security and privacy protocols for MapReduce and discuss their overhead issues.

show abstract

Section: Authentication Authorization and Access Control Based Apprmentioning

confidence: 99%

Security and privacy aspects in MapReduce on clouds: A survey

Derbeko

Dolev

Gudes

et al. 2016

Computer Science Review

View full text Add to dashboard Cite

show abstract

“…In [6], [7], it has been proposed to create dynamic authorized data views via the enforcement of filter functions on the individual records of the input files. The filter functions can support a broad class of security checks on the records, ranging from blacklisting to advanced pattern matching.…”

Section: B Fine-grained Access Control In Mapreducementioning

confidence: 99%

“…In [6], the data flow of MapReduce is transparently interposed during the preprocessing step, and specified functions are applied to the newly formed key-values to filter out the unauthorized pairs. The interposition is carried out via aspect oriented programming (AOP) without changing the source code.…”

Section: B Fine-grained Access Control In Mapreducementioning

confidence: 99%

Honeypot based unauthorized data access detection in MapReduce systems

Ulusoy

Kantarcıoğlu

Thuraisingham

et al. 2015

2015 IEEE International Conference on Intelligence and Security Informatics (ISI)

Self Cite

View full text Add to dashboard Cite

The data processing capabilities of MapReduce systems pioneered with the on-demand scalability of cloud computing have enabled the Big Data revolution. However, the data controllers/owners worried about the privacy and accountability impact of storing their data in the cloud infrastructures as the existing cloud computing solutions provide very limited control on the underlying systems. The intuitive approach-encrypting data before uploading to the cloud-is not applicable to MapReduce computation as the data analytics tasks are ad-hoc defined in the MapReduce environment using general programming languages (e.g., Java) and homomorphic encryption methods that can scale to big data do not exist. In this paper, we address the challenges of determining and detecting unauthorized access to data stored in MapReduce based cloud environments. To this end, we introduce alarm raising honeypots distributed over the data that are not accessed by the authorized MapReduce jobs, but only by the attackers and/or unauthorized users. Our analysis shows that unauthorized data accesses can be detected with reasonable performance in MapReduce based cloud environments.978-1-4799-9889-0/15/$31.00 ©2015 IEEE

show abstract

“…This became the reason for the system policies to be more understandable. Another advantage of FGAC is that the users have the right to arrange their own policies and determine who can reach their own information [70,[75][76][77][78][79][80][81]. Until FGAC was introduced, many access control mechanisms were using an all-or-nothing approach.…”

Section: Fine Grained Access Controlmentioning

confidence: 99%

Survey on Access Control Mechanisms in Cloud Computing

Karataş

Akbulut

2018

JCSM

View full text Add to dashboard Cite

The benefits that Internet-based applications and services have given to the end user with today's cloud computing technology are very remarkable. The distributed services instantly scaled over the Internet provided by cloud computing can be achieved by using some mechanisms in the background. It is a critical task for end users to control access to resources because lack of control often leads to security risks. In addition, this may cause systems to fail. This paper describes seven different access control mechanisms used in cloud computing platforms for different purposes. Besides, the advantages and disadvantages of various models developed from previous service-based architectures and used for cloud computing are detailed and classified. During the assessments, NIST's metrics were taken as a reference, and in the study, 109 articles from the past decade were examined. We also compared our research with the existing survey papers.

show abstract

Vigiles: Fine-Grained Access Control for MapReduce Systems

Cited by 41 publications

References 23 publications

Security and privacy aspects in MapReduce on clouds: A survey

Security and privacy aspects in MapReduce on clouds: A survey

Honeypot based unauthorized data access detection in MapReduce systems

Survey on Access Control Mechanisms in Cloud Computing

Contact Info

Product

Resources

About