摘要
为提高私有云平台的安全性,将云平台应用于航天领域,对现有基于Hadoop的云平台的安全机制做了深入的研究,分析了Hadoop官方团队apache推出的Kerberos身份认证体系,详细介绍了Kerberos安全体系的原理和在Hadoop中的工作流程,指出了Kerberos体系存在的过度依赖KDC,采用对称密钥加密体制,客户端与Hadoop分布式文件存储系统(HDFS)的网络接口通过明文传输数据等缺陷;设计了一种基于公钥基础设施(PKI)体系的安全认证机制,能有效解决Kerberos中存在的上述缺陷,并将这种安全认证机制实际应用到Hadoop集群中。
To improve the security of private cloud platform and apply cloud platform to aerospace area, this paper made deep research on the security mechanism in cloud platform. In this paper, we analysed the Kerberos released by apache, then we introduce the principle of Kerberos and the workflow of Kerberos in Hadoop, we point out that Kerberos have some defects, first, Kerberos is too dependent on KDC, second, Kerberos use symmetric cryptographic communication, third, the communication between client and HDFS uses plaintext. So we designed a new authenticated scheme based on PKI which can solve those problems in Kerberos, and we practical apply it in Hadoop platform.
出处
《计算机测量与控制》
2016年第4期149-151,166,共4页
Computer Measurement &Control
