Next-generation big data federation access control: A reference model

This paper discusses one of the most significant challenges of next-generation big data (BD) federation platforms, namely, Hadoop access control. Privacy and security on a federation scale remain significant concerns among practitioners in both industry and academia. Hadoop’s current primitive acces...

Descripción completa

Detalles Bibliográficos
Autores: Awaysheh, Feras M., Alazab, Mamoun, Gupta, Maanak, Fernández Pena, Anselmo Tomás, Cabaleiro Domínguez, José Carlos
Tipo de recurso: artículo
Fecha de publicación:2020
País:España
Institución:Universidad de Santiago de Compostela (USC)
Repositorio:Minerva. Repositorio Institucional de la Universidad de Santiago de Compostela
Idioma:inglés
OAI Identifier:oai:minerva.usc.gal:10347/42116
Acceso en línea:https://hdl.handle.net/10347/42116
Access Level:acceso abierto
Palabra clave:Big Data
Hadoop 3.x
Identification and access management
HDFS federation
Reference model
Security broker
Access logs analysis
Descripción
Sumario:This paper discusses one of the most significant challenges of next-generation big data (BD) federation platforms, namely, Hadoop access control. Privacy and security on a federation scale remain significant concerns among practitioners in both industry and academia. Hadoop’s current primitive access control presents security concerns and limitations, such as the complexity of deployment and the consumption of resources. However, this major concern has not been a subject of intensive study in the literature. This paper critically reviews and investigates these security limitations and provides a framework called BD federation access broker to address 8 main security limitations. This paper proposes the federated access control reference model (FACRM) to formalize the design of secure BD solutions within the Apache Hadoop stack. Furthermore, this paper discusses the implementation of the access broker and its usefulness for security breach detection and digital forensics investigations. The efficiency of the proposed access broker has not sustainably affected the performance overhead. The experimental results show only 1% of each 100 MB read/write operation in a WebHDFS. Overall, the findings of the paper pave the way for a wide range of revolutionary and state-of-the-art enhancements and future trends within Hadoop stack security and privacy.