Object-Tagged RBAC Model for the Hadoop Ecosystem - Archive ouverte HAL Access content directly
Conference Papers Year : 2017

Object-Tagged RBAC Model for the Hadoop Ecosystem

(1) , (1) , (1)
1
Maanak Gupta
  • Function : Author
  • PersonId : 1026614
Farhan Patwa
  • Function : Author
  • PersonId : 1026615
Ravi Sandhu
  • Function : Author
  • PersonId : 978076

Abstract

Hadoop ecosystem provides a highly scalable, fault-tolerant and cost-effective platform for storing and analyzing variety of data formats. Apache Ranger and Apache Sentry are two predominant frameworks used to provide authorization capabilities in Hadoop ecosystem. In this paper we present a formal multi-layer access control model (called $$\mathrm {HeAC}$$) for Hadoop ecosystem, as an academic-style abstraction of Ranger, Sentry and native Apache Hadoop access-control capabilities. We further extend $$\mathrm {HeAC}$$ base model to provide a cohesive object-tagged role-based access control (OT-RBAC) model, consistent with generally accepted academic concepts of RBAC. Besides inheriting advantages of RBAC, OT-RBAC offers a novel method for combining RBAC with attributes (beyond NIST proposed strategies). Additionally, a proposed implementation approach for OT-RBAC in Apache Ranger, is presented. We further outline attribute-based extensions to OT-RBAC.
Fichier principal
Vignette du fichier
453481_1_En_4_Chapter.pdf (607.64 Ko) Télécharger le fichier
Origin : Files produced by the author(s)
Loading...

Dates and versions

hal-01684349 , version 1 (15-01-2018)

Licence

Attribution - CC BY 4.0

Identifiers

Cite

Maanak Gupta, Farhan Patwa, Ravi Sandhu. Object-Tagged RBAC Model for the Hadoop Ecosystem. 31th IFIP Annual Conference on Data and Applications Security and Privacy (DBSEC), Jul 2017, Philadelphia, PA, United States. pp.63-81, ⟨10.1007/978-3-319-61176-1_4⟩. ⟨hal-01684349⟩
114 View
190 Download

Altmetric

Share

Gmail Facebook Twitter LinkedIn More