Skip to Main content Skip to Navigation
Conference papers

Object-Tagged RBAC Model for the Hadoop Ecosystem

Abstract : Hadoop ecosystem provides a highly scalable, fault-tolerant and cost-effective platform for storing and analyzing variety of data formats. Apache Ranger and Apache Sentry are two predominant frameworks used to provide authorization capabilities in Hadoop ecosystem. In this paper we present a formal multi-layer access control model (called $$\mathrm {HeAC}$$) for Hadoop ecosystem, as an academic-style abstraction of Ranger, Sentry and native Apache Hadoop access-control capabilities. We further extend $$\mathrm {HeAC}$$ base model to provide a cohesive object-tagged role-based access control (OT-RBAC) model, consistent with generally accepted academic concepts of RBAC. Besides inheriting advantages of RBAC, OT-RBAC offers a novel method for combining RBAC with attributes (beyond NIST proposed strategies). Additionally, a proposed implementation approach for OT-RBAC in Apache Ranger, is presented. We further outline attribute-based extensions to OT-RBAC.
Document type :
Conference papers
Complete list of metadata

Cited literature [37 references]  Display  Hide  Download
Contributor : Hal Ifip <>
Submitted on : Monday, January 15, 2018 - 2:06:55 PM
Last modification on : Monday, January 15, 2018 - 2:11:15 PM
Long-term archiving on: : Sunday, May 6, 2018 - 10:14:46 PM


Files produced by the author(s)


Distributed under a Creative Commons Attribution 4.0 International License



Maanak Gupta, Farhan Patwa, Ravi Sandhu. Object-Tagged RBAC Model for the Hadoop Ecosystem. 31th IFIP Annual Conference on Data and Applications Security and Privacy (DBSEC), Jul 2017, Philadelphia, PA, United States. pp.63-81, ⟨10.1007/978-3-319-61176-1_4⟩. ⟨hal-01684349⟩



Record views


Files downloads