TDACS: an ABAC and Trust-based Dynamic Access Control Scheme in Hadoop
share
The era of big data has promoted the vigorous development of many industries, boosting the full potential of holistic data-driven analysis. Hadoop has become the primary choice for mainstream platforms used by stakeholders to process big data. Thereafter, the security of Hadoop platform has arisen tremendous attention worldwide. In this paper, we mainly concentrate on enforcing access control on users to ensure platform security. First, we leverage access proxy integrated with attribute-based access control (ABAC) model to implement front-end authorization, which can fully reflect and cope with the flexible nature of the complex access control process in Hadoop platform, as well as can release back-end resources from complex authorization process through access proxy. Moreover, in order to ensure the fine-granularity of authorization, the access proxy maintains a list composed of trust threshold value provided by each resource according to its importance. The access proxy interacts with the blockchain network to obtain the user's trust evaluation value, which serves as an important basis for dynamic authorization determination. More specifically, blockchain network works together on-chain and off-chain modes. The user's historical behavior data is stored off-chain, and the corresponding hash value is anchored on-chain. Consequently, the user's trust value is evaluated based on his historical behavior stored on the blockchain platform. Meanwhile, the authenticity of user behavior data can be guaranteed, thereby ensuring the reliability of trust assessment results. Our experiment demonstrates that the proposed model can dynamically and flexibly adjust user permissions to ensure the security of the platform, while time and money are consumed within a reasonable range.
READ FULL TEXT
