摘要
针对Hadoop平台缺乏有效访问控制机制的问题,提出一种适用于Hadoop平台的基于属性访问控制模型H-ABAC.该模型将传统ABAC模型扩充为五元组,加入安全等级属性增加了灵活性,选择XACML为策略描述语言并提供标准化、可大规模扩展的访问控制策略.对该模型进行形式化定义,构建模型框架并详述各个模块的功能与实现,对模型的适用性和优势进行了分析.分析得出:该模型可以满足自主、细粒度以及动态授权的需求.仿真实验显示:H-ABAC可以有效控制策略数量并且减少系统的开销,所增加时间开销也在可控范围之内.
An attribute-based access control model for Hadoop(H-ABAC)is proposed to solve the access control problem in Hadoop.The traditional ABAC model is expanded to five elements.The security level is considered as an important element for H-ABAC like subject,object,operation and environment.Standardized and extensible access control policies are evolved by XACML.Modules of H-ABAC are formally defined.The functions and implementation of these modules are detailedly described.The applicabilities and superiorities of H-ABAC are analysed.The conclusion shows that H-ABAC can provide independent,fine-grained and dynamic access control and Reduce the system overhead.The simulation experiment shows that H-ABAC can keep the amount of access control policies slowly increasing and the cost of time is acceptable.All that shows H-ABAC is a practical access control model for Hadoop.
作者
陈垚坤
刘文丽
CHEN Yaokun LIU Wenli(Jiangnan CoMputing Technology Research Institute, Wuxi 214083, China)
出处
《河南师范大学学报(自然科学版)》
CAS
北大核心
2016年第5期146-153,共8页
Journal of Henan Normal University(Natural Science Edition)
基金
国家核高基项目(2013ZX01029002-001)
