Hadoop生态体系安全框架综述

摘要/Abstract

摘要： Hadoop项目已经成为最流行的开源云计算和大数据分析框架，同时其安全机制也受到越来越多的重视.从设计原则、系统架构、主要威胁、安全机制、设计挑战等方面对Hadoop的安全框架进行综述，其中包括Hadoop开源项目的安全机制及企业级安全解决方案.学术界对Hadoop安全机制的研究也很活跃，提出了可信平台、加密演算法、混合加密算法、三重数据加密算法、并行加密等多种方案.Hadoop生态系统涉及很多组件，不同组件有不同的安全策略，当前的研究热点是在提升细粒度、高度模块化、可扩展等目标的同时，兼顾考虑性能、开销、易用性等问题.

关键词: Hadoop, 大数据, 安全机制, 安全组件, 细粒度, 高度模块化

Abstract: Hadoop has become the most popular analysis framework which is used to open source of cloud computing and big data , at the same time,its security mechanism has also been treated as a critical item. This paper first gives an overview on Hadoop design principle, architecture, major threat, security mechanism, and design challenge which include the security solutions of enterprise and the security mechanism of Hadoop. The research on security mechanism of Hadoop are active, which present trusted platform, encryption algorithm,mixed encryption algorithm,TDEA and parallel encrypt algorithm and so on. Since Hadoop ecosystem involves many components, and different components have different security mechanisms, the current research focus is to enhance finegrained, highly modular, expandability and other aspects, while taking the performance, cost, usability and other issues into account.

Key words: Hadoop, big data, security mechanism, security component, finegrained, highly modular

陈玺. Hadoop生态体系安全框架综述[J]. 信息安全研究, 2016, 2(8): 684-698.

参考文献

［1］Hortonworks. What is apache Hadoop［EBOL］. 2013 ［20160708］. http:hortonworks.com hadoop［2］Shvachko K, Kuang H, Radia S, et al. The Hadoop distributed file system［C］ Proc of the 26th IEEE Symp on Mass Storage Systems and Technologies (MSST). Piscataway, NJ: IEEE, 2010: 110［3］Dean J, Ghemawat S. MapReduce: Simplified data processing on large clusters［J］. Magazine Communications of the ACM, 2008, 51(1): 107113 ［4］Mall N, Rana S. Overview of big data and Hadoop［J］. Imperial Journal of Interdisciplinary Research, 2016, 2(5): 13991403［5］Sharma P, Navdeti C. Securing big data Hadoop: A review of security issues, threats and solution［J］. International Journal of Computer Science and Information Technologies, 2014, 5(2): 21262131 ［6］Sadasivam G, Kumari K, Rubika S. A novel authentication service for Hadoop in cloud environment［C］Proc of IEEE Int Conf on Cloud Computing in Emerging Markets (CCEM). Piscataway, NJ: IEEE, 2012: 16［7］Somu N, Gangaa A, Sriram V. Authentication service in Hadoop using one time pad［J］. Indian Journal of Science and Technology, 2014, 7(S4): 5662［8］Condie T, Conway N, Alvaro P, et al. MapReduce online［J］. The National Spatial Data Infrastructure, 2010, 10(4): 313327［9］Hortonworks. Adding security to hadoop［EBOL］. 2013［20160708］. http:hortonworks.comwpcontentuploads201110securitydesign_withCover1.pdf［10］李延改. 面向Hadoop的安全机制设计［D］. 济南: 山东财经大学, 2015［11］Venugopalan S, Noland B. With sentry, cloudera fills Hadoops enterprise security gap［EBOL］. (20130724)［20160708］. http:blog.cloudera.comblog201307withsentryclouderafillshadoopsenterprisesecuritygap［12］Cloudera. Sentry［EBOL］. 2013［20160708］. http:www.cloudera.comcontentclouderaenproductsandservicescdhsentry.html［13］RecordService. RecordService introduction［R］. Burlingame, CA: RecordService,2015［14］Kuff L, Li Nong. RecordService: For finegrained security enforcement across the Hadoop ecosystem［EBOL］. (20150928) ［20160708］. https:blog.cloudera.comblog201509recordserviceforfinegrainedsecurityenforcementacrossthehadoopecosystem［15］Mahsa T. Evaluation of security in Hadoop［D］. Stockholm: Kommunikationsnt, 2015［16］Hortonworks. Hortonworks technical preview for Apache Knox Gateway［R］. Palo Alto, CA: Hortonworks, 2013［17］RezaeiJam M, Khanli L, Akbari M. A survey on security of Hadoop［C］ Proc of the 4th Int Conf on Computer and Knowledge Engineering (ICCKE). Mashhad: ICCKE, 2014: 716721［18］Kang Lishan, Zhang Xuejie. Identitybased authentication in cloud storage sharing［C］Proc of IEEE Int Conf on Multimedia Information Networking and Security. Piscataway, NJ: IEEE, 2010: 851855［19］Shen Zhidong, Tong Qiang. The security of cloud computing system enabled by trusted computing technology［C］. Proc of the 2nd Int Conf on Signal Processing Systems. Piscataway, NJ: IEEE, 2010: V211V215［20］Dong Chuntao, Shen Qingni, Li Wenting, et al. Eavesdropper: A framework for detecting the location of the processed result in Hadoop［G］ Information and Communications Security. Berlin: Springer, 2016: 458466［21］Rong Chunming, Quan Zhou, Chakravorty A. On access control schemes for Hadoop data storage［C］Proc of IEEE Int Conf on Cloud Computing and Big Data. Piscataway, NJ: IEEE, 2013: 641645［22］Cheng Yi, Schaefer C. Policybased preprocessing in Hadoop［C］Proc of ASE BigDataSocialInformaticsPASSATBioMedCom 2014 Conf. Cambridge: ASE, 2014［23］Ko R, Will M. Progger: An efficient, tamperevident kernelspace logger for cloud data provenance tracking［C］Proc of the 7th IEEE Int Conf on Cloud Computing. Piscataway, NJ: IEEE, 2014: 881889［24］Khalil I, Dou Zuochao, Khreishah A. TMPbased authentication mechanism of Apache Hadoop［C］ Proc of Int Conf on Security and Privacy in Communication Networks. Berlin: Springer, 2015, 152: 105122［25］Leicher A, Kuntze N, Schmidt A. Implementation of a trusted ticket system［G］ Emerging Challenges for Security, Privacy and Trust. Berlin: Springer, 2009: 152163［26］Ruan A, Martin A. Towards a trusted mapreduce infrastructure［C］ Proc of the 8th IEEE World Congress on Services (SERVICES). Piscataway, NJ: IEEE, 2012: 141148［27］Santos N, Gummadi K, Rodrigues R. Towards trusted cloud computing［C］Proc of Conf on Hot Topics in Cloud Computing. Berkeley: USENIX, 2009［28］Moghaddam F, Alrashdan M, Karimi O. A hybrid encryption algorithm based on RSA smalle and efficientRSA for cloud computing environments［J］. Journal of Advances in Computer Network, 2013, 1(3): 238241［29］Song Lei, Qin Jun, Liang Shengxi, et al. A hybrid encryption scheme for Hadoop based on symmetric and asymmetric encryption［J］. Applied Mechanics and Materials, 2014, 598: 691694［30］Shehzad D, Khan Z, Dag H, et al. A novel hybrid encryption scheme to ensure Hadoop based cloud data security［J］. International Journal of Computer Science and Information Security, 2016, 14(4): 480484［31］Yang Chao, Lin Weiwei, Liu Mingqi. A novel triple encryption scheme for Hadoopbased cloud data security［C］Proc of the 4th Int Conf on Emerging Intelligent Data and Web Technologies (EIDWT). Piscataway, NJ: IEEE, 2013: 437442［32］Wang Feng, Kohler M, Schaad A. Initial encryption of large searchable data sets using Hadoop［C］ Proc of the 20th ACM Symp on Access Control Models and Technologies. New York: ACM, 2015: 165168

[1]	赵立农曹莉邓秘密. 新形势下云安全建设探讨[J]. 信息安全研究, 2021, 7(1): 53-58.
[2]	王逸鹤黄亦芃. 面向网络安全防御防护的大数据平台架构研究[J]. 信息安全研究, 2021, 7(1): 75-80.
[3]	修佳鹏田超宇杨正球王志龙. SecOC安全机制中国密算法应用方案研究[J]. 信息安全研究, 2020, 6(9): 0-0.
[4]	钟征燕. 基于区块链的企业信息安全保障体系研究[J]. 信息安全研究, 2020, 6(8): 727-732.
[5]	刘蓓禄凯程浩闫桂勋. 基于异构数据融合的政务网络安全监测平台设计与实现[J]. 信息安全研究, 2020, 6(6): 0-0.
[6]	刘思博刘鹏. 态势感知在电子政务信息安全中的应用[J]. 信息安全研究, 2020, 6(6): 0-0.
[7]	胡国华孟承韵代志兵孙彬刘振凯俞海波李斌何维群张智奇. 基于大数据安全保障的云安全体系研究[J]. 信息安全研究, 2020, 6(5): 404-420.
[8]	李宁. 数据霸权对国家与个人的危害及应对策略研究 [J]. 信息安全研究, 2020, 6(5): 448-453.
[9]	王晓牛邓舜怡李梦颖陈任杰. 大数据时代我国个人信息权利化保护制度探析? ——基于政府数据融合背景[J]. 信息安全研究, 2020, 6(12): 1088-1100.
[10]	梅秋丽龚自洪刘尚焱王妮娜. 区块链平台安全机制研究梅秋丽1[J]. 信息安全研究, 2020, 6(1): 25-36.
[11]	郭锡泉陈香锡. 大数据环境下情报驱动的网络安全漏洞管理[J]. 信息安全研究, 2020, 6(1): 85-90.
[12]	孟小峰朱敏杰刘俊旭. 大规模用户隐私风险量化研究[J]. 信息安全研究, 2019, 5(9): 778-788.
[13]	孟小峰朱敏杰刘立新刘俊旭. 数据垄断与其治理模式研究[J]. 信息安全研究, 2019, 5(9): 789-797.
[14]	王广清韩金丽方铁城申彦龙. 北京燃气集团工业互联网安全运营平台建设与实践[J]. 信息安全研究, 2019, 5(8): 734-739.
[15]	吕彬张悦齐标石志鑫. 大数据在信息安全领域的应用分析[J]. 信息安全研究, 2019, 5(7): 599-607.