| 一种适用于Hadoop平台的基于属性访问控制模型 |
| |
| 作者单位: | ;1.江南计算技术研究所 |
| |
| 摘 要: | 针对Hadoop平台缺乏有效访问控制机制的问题,提出一种适用于Hadoop平台的基于属性访问控制模型H-ABAC.该模型将传统ABAC模型扩充为五元组,加入安全等级属性增加了灵活性,选择XACML为策略描述语言并提供标准化、可大规模扩展的访问控制策略.对该模型进行形式化定义,构建模型框架并详述各个模块的功能与实现,对模型的适用性和优势进行了分析.分析得出:该模型可以满足自主、细粒度以及动态授权的需求.仿真实验显示:H-ABAC可以有效控制策略数量并且减少系统的开销,所增加时间开销也在可控范围之内.
|
| 关 键 词: | Hadoop 访问控制 基于属性 XACML 细粒度 |
Attribute-based Access Control Model for Hadoop |
| |
| Affiliation: | ,Jiangnan Computing Technology Research Institute |
| |
| Abstract: | An attribute-based access control model for Hadoop(H-ABAC)is proposed to solve the access control problem in Hadoop.The traditional ABAC model is expanded to five elements.The security level is considered as an important element for H-ABAC like subject,object,operation and environment.Standardized and extensible access control policies are evolved by XACML.Modules of H-ABAC are formally defined.The functions and implementation of these modules are detailedly described.The applicabilities and superiorities of H-ABAC are analysed.The conclusion shows that H-ABAC can provide independent,fine-grained and dynamic access control and Reduce the system overhead.The simulation experiment shows that H-ABAC can keep the amount of access control policies slowly increasing and the cost of time is acceptable.All that shows H-ABAC is a practical access control model for Hadoop. |
| |
| Keywords: | Hadoop access control attribute-based XACML fine-grained |
| 本文献已被 CNKI 等数据库收录! |
|
