Hadoop云平台的用户可信访问控制模型研究与实现
发布时间:2018-09-09 20:52
【摘要】:随着通信技术与软硬件技术的飞速发展以及日益提升的大数据存储和处理需求,云计算技术正在逐步地发展和壮大,并且有望成为一种具有广泛替代性的服务模式。国际权威机构IDC(Internet Data Center)经调查预测,“云计算”将在未来15-20年内成为影响整个IT行业的关键技术。Hadoop云平台是当下最流行的云平台之一,它主要采用分布式集群的模式,将大量存储、计算资源整合到一起对外提供服务,具有分布式平台常有的动态性、开放性及资源共享等特性。本文详细地分析了Hadoop平台现有的访问控制模型,针对现有模型中的缺点研究并实现了一种Hadoop云平台的用户可信访问控制模型。论文中主要的研究内容可归纳如下: 1.本论文详细地分析了Hadoop云平台现有的访问控制模型:该模型中采用Kerberos安全认证协议完成对用户的身份验证,结合平台内部基于ACL的访问授权机制,通过与Delegation Token、BlockAccess Token等令牌的配合使用,实现了对集群中用户的访问控制过程。可以看出该模型具有明显的缺点:它以这种“关卡式”的模式执行,,仅仅在授权的时候考虑了用户身份的真实性,没有考虑用户后期行为的可信性,而且权限一经授予就不再监管,这一缺陷可能导致用户在后期对集群资源的访问过程中即使执行非法的行为操作也不会被集群发现。 2.本论文提出一种适用于Hadoop云平台的基于行为监控的用户信任度评估模型——HBTEM。在该模型中,首先是设计了一种部署在Hadoop集群内部的软件传感器,用于实时地监控和收集用户在集群中的操作行为数据,并将监控到的数据写入用户行为数据库;然后再结合行为数据库中记录的用户操作行为数据集,提出了一种用户信任度量化评估的计算方法,用于实现根据用户在集群中的实际操作行为实时地对其信任度进行量化评定;最后,将信任度评定结果写入到用户信任值数据库中便于后期使用。实现了Hadoop云平台中的一种用户信任度实时、动态地进行更新的用户可信监控模式。 3.本论文提出了一种适用于Hadoop云平台的基于信任的访问控制新模型——LT。LT模型基于Hadoop云平台现有的访问控制模型,使用2.中所得到的通过监控每个用户在集群中的行为记录实时地进行更新的用户信任值来动态地控制用户对平台的访问。与Hadoop平台现有的访问控制模型相比,该模型所实现的访问权限授予过程不再是一个“关卡式”的控制模式,而是一个实时动态的控制模式,其中对用户的权限授予控制粒度更加细化,能够促使Hadoop云平台在其访问控制机制方面变得更加安全、更加灵活。 4.本论文通过一个仿真实验来模拟60个Hadoop集群用户各自不同的10000条集群操作行为数据,其中各用户的行为随机地分布于普通行为、风险行为和危险行为三个类别。并且用户的初始信任值被设置为一个0.50-0.95之间保留到小数点后面两位的随机数,再依次设定α,β和γ三个权重并使用HBTEM模型中所提出的用户信任度量化评估计算方法算得用户信任。实验结果证明,该模型能够较好地将用户在集群中的行为反映到其信任值上面,实现了一种具有较高敏感度的用户信任度动态评估方法。 5.本论文通过改进当下稳定版本的Apache Hadoop1.0.4的源代码的实验操作实现了一种简化的LT模型。在该简化的LT模型中实现了在HBTEM中所定义的用户行为收集及信任度量化计算过程,通过将计算所得到的信任值与本实验中为Hadoop集群中服务的操作所设定的信任值阈值作比较来确实是否为用户提供服务,实现一个能够根据用户的实时信任值来动态地控制用户对集群资源进行使用的访问控制过程。并且文中设置了丰富的对比实验情景,充分地证明了本文提出的LT模型在Hadoop云平台的运行效率方面带来的开销控制在可容忍范围内,良好地克服了Hadoop云平台中现行的访问控制机制其安全性不足的缺点。
[Abstract]:With the rapid development of communication technology, software and hardware technology and the increasing demand for large data storage and processing, cloud computing technology is gradually developing and growing, and is expected to become a widely alternative service model. Hadoop cloud platform is one of the most popular cloud platforms nowadays. It integrates a large amount of storage and computing resources to provide services together. It has the characteristics of dynamic, open and resource sharing which are common in distributed platforms. This paper analyzes in detail. Based on the existing access control model of Hadoop platform, a user's trusted access control model of Hadoop cloud platform is studied and implemented to overcome the shortcomings of the existing model.
1. This paper analyzes the existing access control model of Hadoop cloud platform in detail. In this model, Kerberos security authentication protocol is used to authenticate the users. Combined with the access authorization mechanism based on ACL in the platform, the access to the users in the cluster is realized by cooperating with Delegation Token, BlockAccess Token and other tokens. It can be seen that the model has obvious shortcomings: it only considers the authenticity of the user's identity when authorizing, does not consider the authenticity of the user's later behavior, and once the privilege is granted, it will no longer be monitored. This shortcoming may lead to the user's late implementation of cluster resources. In the process of accessing, even illegal operation is not detected by cluster.
2. This paper presents a behavior-based user trust evaluation model for Hadoop cloud platform-HBTEM. In this model, firstly, a software sensor deployed in Hadoop cluster is designed to monitor and collect user behavior data in real-time and write the monitored data into the cluster. Secondly, combined with the user operation behavior data set recorded in the behavior database, a calculation method of user trust measurement evaluation is proposed, which is used to realize real-time quantitative evaluation of user trust according to the actual operation behavior in the cluster. Finally, the trust evaluation results are written to the user. The trust value database is convenient for later use. A real-time and dynamically updated user trust monitoring mode for Hadoop cloud platform is implemented.
3. This paper presents a new trust-based access control model for Hadoop Cloud Platform-LT model, which is based on the existing access control model of Hadoop Cloud Platform. Compared with the existing access control model of Hadoop platform, the access privilege granting process implemented by this model is no longer a "checkpoint" control mode, but a real-time dynamic control mode, in which the control granularity of user privilege granting is more refined, which can promote the Hadoop cloud platform in its access control mechanism. It becomes safer and more flexible.
4. A simulation experiment is conducted to simulate 10 000 different cluster operation behavior data of 60 Hadoop cluster users. The behavior of each user is randomly distributed in three categories: normal behavior, risk behavior and dangerous behavior. The two-digit random number is used to set the weights of alpha, beta and gamma in turn, and the user trust is computed by using the metric evaluation method of user trust proposed in the HBTEM model. The experimental results show that the model can better reflect the user's behavior in the cluster to its trust value, thus realizing a highly sensitive user trust. Dynamic evaluation method.
5. This paper implements a simplified LT model by improving the current stable version of Apache Hadoop 1.0.4 source code. In this simplified LT model, the process of collecting user behavior and calculating trust metrics defined in HBTEM is implemented, and the trust values calculated are compared with those in this experiment. The trust threshold set by the operation of the service is compared to ensure that the service is provided to the user, and an access control process that can dynamically control the user's use of the cluster resources according to the real-time trust value of the user is implemented. The overhead control brought by the Hadoop cloud platform is tolerable, which overcomes the shortcomings of the existing access control mechanism in the Hadoop cloud platform.
【学位授予单位】:四川师范大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.08
本文编号:2233533
[Abstract]:With the rapid development of communication technology, software and hardware technology and the increasing demand for large data storage and processing, cloud computing technology is gradually developing and growing, and is expected to become a widely alternative service model. Hadoop cloud platform is one of the most popular cloud platforms nowadays. It integrates a large amount of storage and computing resources to provide services together. It has the characteristics of dynamic, open and resource sharing which are common in distributed platforms. This paper analyzes in detail. Based on the existing access control model of Hadoop platform, a user's trusted access control model of Hadoop cloud platform is studied and implemented to overcome the shortcomings of the existing model.
1. This paper analyzes the existing access control model of Hadoop cloud platform in detail. In this model, Kerberos security authentication protocol is used to authenticate the users. Combined with the access authorization mechanism based on ACL in the platform, the access to the users in the cluster is realized by cooperating with Delegation Token, BlockAccess Token and other tokens. It can be seen that the model has obvious shortcomings: it only considers the authenticity of the user's identity when authorizing, does not consider the authenticity of the user's later behavior, and once the privilege is granted, it will no longer be monitored. This shortcoming may lead to the user's late implementation of cluster resources. In the process of accessing, even illegal operation is not detected by cluster.
2. This paper presents a behavior-based user trust evaluation model for Hadoop cloud platform-HBTEM. In this model, firstly, a software sensor deployed in Hadoop cluster is designed to monitor and collect user behavior data in real-time and write the monitored data into the cluster. Secondly, combined with the user operation behavior data set recorded in the behavior database, a calculation method of user trust measurement evaluation is proposed, which is used to realize real-time quantitative evaluation of user trust according to the actual operation behavior in the cluster. Finally, the trust evaluation results are written to the user. The trust value database is convenient for later use. A real-time and dynamically updated user trust monitoring mode for Hadoop cloud platform is implemented.
3. This paper presents a new trust-based access control model for Hadoop Cloud Platform-LT model, which is based on the existing access control model of Hadoop Cloud Platform. Compared with the existing access control model of Hadoop platform, the access privilege granting process implemented by this model is no longer a "checkpoint" control mode, but a real-time dynamic control mode, in which the control granularity of user privilege granting is more refined, which can promote the Hadoop cloud platform in its access control mechanism. It becomes safer and more flexible.
4. A simulation experiment is conducted to simulate 10 000 different cluster operation behavior data of 60 Hadoop cluster users. The behavior of each user is randomly distributed in three categories: normal behavior, risk behavior and dangerous behavior. The two-digit random number is used to set the weights of alpha, beta and gamma in turn, and the user trust is computed by using the metric evaluation method of user trust proposed in the HBTEM model. The experimental results show that the model can better reflect the user's behavior in the cluster to its trust value, thus realizing a highly sensitive user trust. Dynamic evaluation method.
5. This paper implements a simplified LT model by improving the current stable version of Apache Hadoop 1.0.4 source code. In this simplified LT model, the process of collecting user behavior and calculating trust metrics defined in HBTEM is implemented, and the trust values calculated are compared with those in this experiment. The trust threshold set by the operation of the service is compared to ensure that the service is provided to the user, and an access control process that can dynamically control the user's use of the cluster resources according to the real-time trust value of the user is implemented. The overhead control brought by the Hadoop cloud platform is tolerable, which overcomes the shortcomings of the existing access control mechanism in the Hadoop cloud platform.
【学位授予单位】:四川师范大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.08
【参考文献】
相关期刊论文 前10条
1 郑虹,徐毓,李芳;栅格划分下的传感器部署[J];传感器技术;2005年03期
2 李小勇;桂小林;毛倩;冷东起;;基于行为监控的自适应动态信任度测模型[J];计算机学报;2009年04期
3 陈全;邓倩妮;;云计算及其关键技术[J];计算机应用;2009年09期
4 江晓庆;杨磊;何斌斌;;未来新型计算模式—云计算[J];计算机与数字工程;2009年10期
5 张建勋;古志民;郑超;;云计算研究进展综述[J];计算机应用研究;2010年02期
6 倪文婷;郎波;;网格计算中一种基于属性的访问控制方法[J];计算机应用研究;2010年02期
7 刘莎;谭良;;Hadoop云平台中基于信任的访问控制模型[J];计算机科学;2014年05期
8 封富君;李俊山;;新型网络环境下的访问控制技术[J];软件学报;2007年04期
9 陈康;郑纬民;;云计算:系统实例与研究现状[J];软件学报;2009年05期
10 冯登国;张敏;张妍;徐震;;云计算安全研究[J];软件学报;2011年01期
本文编号:2233533
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2233533.html
