Hadoop云计算平台核心技术的安全机制缺陷研究

发布时间：2019-06-14 12:25

【摘要】：近年来电子商务和移动互联网的迅速崛起,使得各种网络业务生成了海量的数据信息,如何有效的保存管理运用这些海量的信息,推动了云计算技术的发展。在如今云计算技术当中,开源云计算框架平台Hadoop,因其其开源、可伸缩、强大计算性能和低廉成本上的优势,成为当前全球大型互联网企业所使用的主流云计算平台。随着Hadoop的广泛使用,其安全性不足的缺陷也逐渐暴露,受到人们越来越多的关注。本文分析研究了Kerberos认证体系的认证过程,和Kerberos的安全性设计；介绍了BAN逻辑推理的语法和规则,以及BAN逻辑对Kerberos协议的推理证明过程；还对SAML认证标准相关技术知识和Artifact的概念进行了说明。在此基础之上,本文阐述了Hadoop云计算平台当前的运行机制；介绍了Hadoop平台最初和当前的安全现状；详细说明了包括HDFS、MapReduce、RPC在内的Hadoop云计算平台安全机制；并进一步对Hadoop平台的Token密钥和认证数据流作了总结。针对目前Hadoop云计算平台的安全现状,本文提出了基于SAML的Hadoop云计算安全平台认证授权方法,并根据该方法设计实现了基于SAML的Hadoop认证授权系统。该认证授权系统将Hadoop中的认证用户和授权服务存储在系统服务器数据库中,把颁发给用户的认证票据,和颁发给服务的授权票据简化为数据库中信息的索引,实现了认证授权票据的轻量化。这样就避免了认证授权票据在Hadoop集群内部网络中的直接传输,可以防止认证和授权信息的泄露,并在一定程度上减少了集群网络间传输的数据流量,减轻了系统的网络负载。除此之外,本文通过运用BAN逻辑推理,证明了基于SAML的Hadoop云计算安全平台认证授权方法在设计上安全可靠、无冗余,也为该认证授权方法提供了理论上的依据。
[Abstract]:In recent years, with the rapid rise of electronic commerce and mobile Internet, a variety of network services have generated a large number of data information. How to effectively save and manage these massive information has promoted the development of cloud computing technology. In today's cloud computing technology, open source cloud computing framework platform Hadoop, has become the mainstream cloud computing platform used by large Internet enterprises around the world because of its advantages in open source, scalability, strong computing performance and low cost. With the wide use of Hadoop, the defects of its lack of security are gradually exposed, and more attention has been paid to it. In this paper, the authentication process of Kerberos authentication system and the security design of Kerberos are analyzed and studied, the syntax and rules of BAN logic reasoning and the reasoning proof process of BAN logic to Kerberos protocol are introduced, and the technical knowledge of SAML authentication standard and the concept of Artifact are also explained. On this basis, this paper expounds the current running mechanism of Hadoop cloud computing platform, introduces the initial and current security situation of Hadoop platform, explains in detail the security mechanism of Hadoop cloud computing platform, including HDFS,MapReduce,RPC, and further summarizes the Token key and authentication data stream of Hadoop platform. In view of the current security situation of Hadoop cloud computing platform, this paper proposes an authentication and authorization method of Hadoop cloud computing security platform based on SAML, and designs and implements a Hadoop authentication and authorization system based on SAML according to this method. The authentication authorization system stores the authentication user and authorization service in Hadoop in the system server database, simplifies the authentication bill issued to the user and the authorization bill issued to the service into the index of the information in the database, and realizes the lightweight of the authentication authorization bill. In this way, the direct transmission of authentication authorization bill in Hadoop cluster internal network can be avoided, the leakage of authentication and authorization information can be prevented, and the data flow transmitted between cluster networks can be reduced to a certain extent, and the network load of the system can be reduced. In addition, by using BAN logic reasoning, this paper proves that the authentication authorization method of Hadoop cloud computing security platform based on SAML is safe and reliable in design, and there is no redundancy, which also provides a theoretical basis for the authentication and authorization method.
【学位授予单位】：北京邮电大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【参考文献】