Title | HBD-Authority: Streaming Access Control Model for Hadoop |
Publication Type | Conference Paper |
Year of Publication | 2020 |
Authors | Chen, Congwei, Elsayed, Marwa A., Zulkernine, Mohammad |
Conference Name | 2020 IEEE 6th International Conference on Dependability in Sensor, Cloud and Big Data Systems and Application (DependSys) |
Keywords | Access Control, Analytical models, Authorization, Big Data, big data security, cryptography, Data models, Distributed databases, Human Behavior, Kerberos, Metrics, parallel processing, pubcrawl, Resiliency, security |
Abstract | Big data analytics, in essence, is becoming the revolution of business intelligence around the world. This momentum has given rise to the hype around analytic technologies, including Apache Hadoop. Hadoop was not originally developed with security in mind. Despite the evolving efforts to integrate security in Hadoop through developing new tools (e.g., Apache Sentry and Ranger) and employing traditional mechanisms (e.g., Kerberos and LDAP), they mainly focus on providing encryption and authentication features, albeit with limited authorization support. Existing solutions in the literature extended these evolving efforts. However, they suffer from limitations, hindering them from providing robust authorization that effectively meets the unique requirements of big data environments. Towards covering this gap, this paper proposes a hybrid authority (HBD-Authority) as a formal attribute-based access control model with context support. This model is established on a novel hybrid approach of authorization transparency that pertains to three fundamental properties of accuracy: correctness, security, and completeness. The model leverages streaming data analytics to foster distributed parallel processing capabilities that achieve multifold benefits: a) efficiently managing the security policies and promptly updating the privileges assigned to a high number of users interacting with the analytic services; b) swiftly deciding and enforcing authorization of requests over data characterized by the 5Vs; and c) providing dynamic protection for data which is frequently updated. The implementation details and experimental evaluation of the proposed model are presented, demonstrating its performance efficiency. |
DOI | 10.1109/DependSys51298.2020.00012 |
Citation Key | chen_hbd-authority_2020 |