SlideShare a Scribd company logo

Object Tagged RBAC Model for Hadoop Ecosystem

M
Maanak Gupta, Ph.D.

Access Control extensions in Hadoop

Education
1 of 24
Download to read offline
Institute for Cyber Security © Maanak Gupta World-Leading Research with Real-World Impact! 1 Object-Tagged RBAC Model for the Hadoop Ecosystem Maanak Gupta, Farhan Patwa, and Ravi Sandhu Institute for Cyber Security and Department of Computer Science University of Texas at San Antonio 31st Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy (DBSec 2017), Philadelphia, Pennsylvania, July 19-21, 2017
© Maanak Gupta World-Leading Research with Real-World Impact! 2 Outline ➢ Introduction and Motivation ➢ Multi-layer Access Control ➢ Authorization Architecture ➢ Hadoop Ecosystem Access Control Model ➢ OT-RBAC Model ➢ Proposed Implementation ➢ Attribute Based Extensions to OT-RBAC ➢ Conclusion
➢ IDC 2025 : ❖ global “datasphere” – 163 zettabytes ❖ 10x than 2016 ➢ Opportunities: 21st century gold for data miners ➢ Big Data require “Big Systems” Security: ➢ Secure Storage ➢ Privacy Concerns (eg: HIPPA) ➢Fine granular access requirements Big Data and Big Challenges © Maanak Gupta World-Leading Research with Real-World Impact! 3
➢ Hadoop: resilient, cost efficient distributed storage (HDFS) and processing framework (MapReduce) and YARN ➢ Ecosystem = Hadoop core + Open-Source Projects ➢ Hadoop Data Lake ➢ Security Concerns Hadoop Ecosystem © Maanak Gupta World-Leading Research with Real-World Impact! 4
© Maanak Gupta World-Leading Research with Real-World Impact! 5 Multi-Layer Access Control Services Data and Service Objects Cluster Resources and ApplicationsHDFS NameNode, YARN ResourceManager Apache Hive HDFS Files, Hive Tables Kafka Topics YARN Queues, Cluster Nodes
© Maanak Gupta World-Leading Research with Real-World Impact! 6 Hadoop and Data Services Access Hadoop Daemons Access Configuration WebHDFS Access via Apache Knox
© Maanak Gupta World-Leading Research with Real-World Impact! 7 Data Objects Access Hive and HDFS Access Configurations
© Maanak Gupta World-Leading Research with Real-World Impact! 8 Tag Based Objects Access Tag Based Policy Configuration
© Maanak Gupta World-Leading Research with Real-World Impact! 9 Context Enricher and Policy Conditions Geo Location Based Policies
© Maanak Gupta World-Leading Research with Real-World Impact! 10 Cluster Resource and Application Access YARN Queue Access Control Configuration root default newQueue root accessrights
© Maanak Gupta World-Leading Research with Real-World Impact! 11 Hadoop Ecosystem Authorization Architecture Apache Ranger, Apache Sentry Apache Knox Apache Hive, HDFS, Apache Storm, Apache Kafka, YARN
AC Model: Hadoop View © Maanak Gupta World-Leading Research with Real-World Impact! 12 ) : NameNode, YARN ResourceManager : access / communicate : Files and Directories in HDFS ) : read, write, execute
AC Model: Ranger View © Maanak Gupta World-Leading Research with Real-World Impact! 13 ) : Hive, HDFS, Kafka, HBase : Files and Directories in HDFS; Tables, columns in Hive ) : read, write, execute, select, create : PII, top-secret
© Maanak Gupta World-Leading Research with Real-World Impact! 14 AC Model: Sentry View
HeAC Model: Consolidated View © Maanak Gupta World-Leading Research with Real-World Impact! 15 Hadoop Ecosystem Access Control Model
© Maanak Gupta World-Leading Research with Real-World Impact! 16 OT-RBAC Model Object-Tagged RBAC
© Maanak Gupta World-Leading Research with Real-World Impact! 17 Group Based Role Inheritance Roles: {student} Bob G1 G2 G3 Roles: {Grader} Roles: {Staff, Grader, TA} UGA URA Effective Roles Direct & effective membership Roles: {TA} Roles: {student, Staff, Grader, TA} Bob Easy Administration where multiple roles can be assigned to user with single administrative operation. Group Hierarchy
© Maanak Gupta World-Leading Research with Real-World Impact! 18 Implementation Approach
© Maanak Gupta World-Leading Research with Real-World Impact! 19 Adding Attributes to OT-RBAC
© Maanak Gupta World-Leading Research with Real-World Impact! 20 NIST Strategies ➢Dynamic Roles
© Maanak Gupta World-Leading Research with Real-World Impact! 21 NIST Strategies ➢ Attribute Centric
© Maanak Gupta World-Leading Research with Real-World Impact! 22 NIST Strategies ➢ Role Centric
© Maanak Gupta World-Leading Research with Real-World Impact! 23 Defense in Depth Secure Hadoop Ecosystem Hadoop Daemons and Services Data and Service Objects Cluster Resource and Application
© Maanak Gupta World-Leading Research with Real-World Impact! 24 Conclusion and Future Work ➢ Formalized Conceptual HeAC Model ➢ Object-Tagged-RBAC Model ➢ Attributes based extensions Some Future Goals: ➢ Introduce Data ingestion security ➢ Privacy concerns and finer grained approaches in Multi-Tenant Hadoop Lake

Recommended

Multi-layer Authorization Framework for Hadoop Ecosystem
Multi-layer Authorization Framework for Hadoop EcosystemMulti-layer Authorization Framework for Hadoop Ecosystem
Multi-layer Authorization Framework for Hadoop EcosystemMaanak Gupta, Ph.D.
 
Access Control Model in Hadoop
Access Control Model in HadoopAccess Control Model in Hadoop
Access Control Model in HadoopMaanak Gupta, Ph.D.
 
Cloudera Impala - HUG Karlsruhe, July 04, 2013
Cloudera Impala - HUG Karlsruhe, July 04, 2013Cloudera Impala - HUG Karlsruhe, July 04, 2013
Cloudera Impala - HUG Karlsruhe, July 04, 2013Alexander Alten
 
assignment3
assignment3assignment3
assignment3Kirti J
 
Hadoop basics
Hadoop basicsHadoop basics
Hadoop basicsLaxmi Rauth
 
TCP connection management in SDN
TCP connection management in SDNTCP connection management in SDN
TCP connection management in SDNChao Chen
 
Managing Big data with Hadoop
Managing Big data with HadoopManaging Big data with Hadoop
Managing Big data with HadoopNalini Mehta
 
Distributed Framework for Data Mining As a Service on Private Cloud
Distributed Framework for Data Mining As a Service on Private CloudDistributed Framework for Data Mining As a Service on Private Cloud
Distributed Framework for Data Mining As a Service on Private CloudIJERA Editor
 

Recommended

Multi-layer Authorization Framework for Hadoop Ecosystem
Multi-layer Authorization Framework for Hadoop EcosystemMulti-layer Authorization Framework for Hadoop Ecosystem
Multi-layer Authorization Framework for Hadoop EcosystemMaanak Gupta, Ph.D.
 
Access Control Model in Hadoop
Access Control Model in HadoopAccess Control Model in Hadoop
Access Control Model in HadoopMaanak Gupta, Ph.D.
 
Cloudera Impala - HUG Karlsruhe, July 04, 2013
Cloudera Impala - HUG Karlsruhe, July 04, 2013Cloudera Impala - HUG Karlsruhe, July 04, 2013
Cloudera Impala - HUG Karlsruhe, July 04, 2013Alexander Alten
 
assignment3
assignment3assignment3
assignment3Kirti J
 
Hadoop basics
Hadoop basicsHadoop basics
Hadoop basicsLaxmi Rauth
 
TCP connection management in SDN
TCP connection management in SDNTCP connection management in SDN
TCP connection management in SDNChao Chen
 
Managing Big data with Hadoop
Managing Big data with HadoopManaging Big data with Hadoop
Managing Big data with HadoopNalini Mehta
 
Distributed Framework for Data Mining As a Service on Private Cloud
Distributed Framework for Data Mining As a Service on Private CloudDistributed Framework for Data Mining As a Service on Private Cloud
Distributed Framework for Data Mining As a Service on Private CloudIJERA Editor
 
HPC-ABDS High Performance Computing Enhanced Apache Big Data Stack (with a ...
HPC-ABDS High Performance Computing Enhanced Apache Big Data Stack (with a ...HPC-ABDS High Performance Computing Enhanced Apache Big Data Stack (with a ...
HPC-ABDS High Performance Computing Enhanced Apache Big Data Stack (with a ...Geoffrey Fox
 
Science Services and Science Platforms: Using the Cloud to Accelerate and Dem...
Science Services and Science Platforms: Using the Cloud to Accelerate and Dem...Science Services and Science Platforms: Using the Cloud to Accelerate and Dem...
Science Services and Science Platforms: Using the Cloud to Accelerate and Dem...Ian Foster
 
Hasbe a hierarchical attribute based solution for flexible and scalable acces...
Hasbe a hierarchical attribute based solution for flexible and scalable acces...Hasbe a hierarchical attribute based solution for flexible and scalable acces...
Hasbe a hierarchical attribute based solution for flexible and scalable acces...JPINFOTECH JAYAPRAKASH
 
Cloud Services for Big Data Analytics
Cloud Services for Big Data AnalyticsCloud Services for Big Data Analytics
Cloud Services for Big Data AnalyticsGeoffrey Fox
 
paper
paperpaper
paperAnkeeta Battalwar
 
Globus toolkit in grid
Globus toolkit in gridGlobus toolkit in grid
Globus toolkit in gridDeevena Dayaal
 
Foundations for the Future of Science
Foundations for the Future of ScienceFoundations for the Future of Science
Foundations for the Future of ScienceGlobus
 
Big data and hadoop
Big data and hadoopBig data and hadoop
Big data and hadoopKishor Parkhe
 
Computing Outside The Box September 2009
Computing Outside The Box September 2009Computing Outside The Box September 2009
Computing Outside The Box September 2009Ian Foster
 
grid mining
grid mininggrid mining
grid miningARNOLD
 
Accelerating Data-driven Discovery in Energy Science
Accelerating Data-driven Discovery in Energy ScienceAccelerating Data-driven Discovery in Energy Science
Accelerating Data-driven Discovery in Energy ScienceIan Foster
 
A Hybrid Cloud Approach for Secure Authorized De-Duplication
A Hybrid Cloud Approach for Secure Authorized De-DuplicationA Hybrid Cloud Approach for Secure Authorized De-Duplication
A Hybrid Cloud Approach for Secure Authorized De-DuplicationEditor IJMTER
 
Enabling data dynamic and indirect mutual trust for cloud computing storage s...
Enabling data dynamic and indirect mutual trust for cloud computing storage s...Enabling data dynamic and indirect mutual trust for cloud computing storage s...
Enabling data dynamic and indirect mutual trust for cloud computing storage s...IEEEFINALYEARPROJECTS
 
CYVERSE: TRANSFORMING LIFE SCIENCE RESEARCH VIA CYBERINFRASTRUCTURE
CYVERSE: TRANSFORMING LIFE SCIENCE RESEARCH VIA CYBERINFRASTRUCTURECYVERSE: TRANSFORMING LIFE SCIENCE RESEARCH VIA CYBERINFRASTRUCTURE
CYVERSE: TRANSFORMING LIFE SCIENCE RESEARCH VIA CYBERINFRASTRUCTUREMatthew Vaughn
 
Review on Big Data Security in Hadoop
Review on Big Data Security in HadoopReview on Big Data Security in Hadoop
Review on Big Data Security in HadoopIRJET Journal
 
Methodology for Optimizing Storage on Cloud Using Authorized De-Duplication –...
Methodology for Optimizing Storage on Cloud Using Authorized De-Duplication –...Methodology for Optimizing Storage on Cloud Using Authorized De-Duplication –...
Methodology for Optimizing Storage on Cloud Using Authorized De-Duplication –...IRJET Journal
 
A hybrid cloud approach for secure authorized deduplication
A hybrid cloud approach for secure authorized deduplicationA hybrid cloud approach for secure authorized deduplication
A hybrid cloud approach for secure authorized deduplicationAdz91 Digital Ads Pvt Ltd
 
Hadoop
HadoopHadoop
HadoopAnkit Prasad
 
Comparing Big Data and Simulation Applications and Implications for Software ...
Comparing Big Data and Simulation Applications and Implications for Software ...Comparing Big Data and Simulation Applications and Implications for Software ...
Comparing Big Data and Simulation Applications and Implications for Software ...Geoffrey Fox
 
Globus status and publication plans
Globus status and publication plansGlobus status and publication plans
Globus status and publication plansIan Foster
 
Introduction to Hadoop and MapReduce
Introduction to Hadoop and MapReduceIntroduction to Hadoop and MapReduce
Introduction to Hadoop and MapReduceeakasit_dpu
 
Designing Convergent HPC and Big Data Software Stacks: An Overview of the HiB...
Designing Convergent HPC and Big Data Software Stacks: An Overview of the HiB...Designing Convergent HPC and Big Data Software Stacks: An Overview of the HiB...
Designing Convergent HPC and Big Data Software Stacks: An Overview of the HiB...inside-BigData.com
 

More Related Content

What's hot

HPC-ABDS High Performance Computing Enhanced Apache Big Data Stack (with a ...
HPC-ABDS High Performance Computing Enhanced Apache Big Data Stack (with a ...HPC-ABDS High Performance Computing Enhanced Apache Big Data Stack (with a ...
HPC-ABDS High Performance Computing Enhanced Apache Big Data Stack (with a ...Geoffrey Fox
 
Science Services and Science Platforms: Using the Cloud to Accelerate and Dem...
Science Services and Science Platforms: Using the Cloud to Accelerate and Dem...Science Services and Science Platforms: Using the Cloud to Accelerate and Dem...
Science Services and Science Platforms: Using the Cloud to Accelerate and Dem...Ian Foster
 
Hasbe a hierarchical attribute based solution for flexible and scalable acces...
Hasbe a hierarchical attribute based solution for flexible and scalable acces...Hasbe a hierarchical attribute based solution for flexible and scalable acces...
Hasbe a hierarchical attribute based solution for flexible and scalable acces...JPINFOTECH JAYAPRAKASH
 
Cloud Services for Big Data Analytics
Cloud Services for Big Data AnalyticsCloud Services for Big Data Analytics
Cloud Services for Big Data AnalyticsGeoffrey Fox
 
Globus toolkit in grid
Globus toolkit in gridGlobus toolkit in grid
Globus toolkit in gridDeevena Dayaal
 
Foundations for the Future of Science
Foundations for the Future of ScienceFoundations for the Future of Science
Foundations for the Future of ScienceGlobus
 
Computing Outside The Box September 2009
Computing Outside The Box September 2009Computing Outside The Box September 2009
Computing Outside The Box September 2009Ian Foster
 
grid mining
grid mininggrid mining
grid miningARNOLD
 
Accelerating Data-driven Discovery in Energy Science
Accelerating Data-driven Discovery in Energy ScienceAccelerating Data-driven Discovery in Energy Science
Accelerating Data-driven Discovery in Energy ScienceIan Foster
 
A Hybrid Cloud Approach for Secure Authorized De-Duplication
A Hybrid Cloud Approach for Secure Authorized De-DuplicationA Hybrid Cloud Approach for Secure Authorized De-Duplication
A Hybrid Cloud Approach for Secure Authorized De-DuplicationEditor IJMTER
 
Enabling data dynamic and indirect mutual trust for cloud computing storage s...
Enabling data dynamic and indirect mutual trust for cloud computing storage s...Enabling data dynamic and indirect mutual trust for cloud computing storage s...
Enabling data dynamic and indirect mutual trust for cloud computing storage s...IEEEFINALYEARPROJECTS
 
CYVERSE: TRANSFORMING LIFE SCIENCE RESEARCH VIA CYBERINFRASTRUCTURE
CYVERSE: TRANSFORMING LIFE SCIENCE RESEARCH VIA CYBERINFRASTRUCTURECYVERSE: TRANSFORMING LIFE SCIENCE RESEARCH VIA CYBERINFRASTRUCTURE
CYVERSE: TRANSFORMING LIFE SCIENCE RESEARCH VIA CYBERINFRASTRUCTUREMatthew Vaughn
 
Review on Big Data Security in Hadoop
Review on Big Data Security in HadoopReview on Big Data Security in Hadoop
Review on Big Data Security in HadoopIRJET Journal
 
Methodology for Optimizing Storage on Cloud Using Authorized De-Duplication –...
Methodology for Optimizing Storage on Cloud Using Authorized De-Duplication –...Methodology for Optimizing Storage on Cloud Using Authorized De-Duplication –...
Methodology for Optimizing Storage on Cloud Using Authorized De-Duplication –...IRJET Journal
 
A hybrid cloud approach for secure authorized deduplication
A hybrid cloud approach for secure authorized deduplicationA hybrid cloud approach for secure authorized deduplication
A hybrid cloud approach for secure authorized deduplicationAdz91 Digital Ads Pvt Ltd
 
Comparing Big Data and Simulation Applications and Implications for Software ...
Comparing Big Data and Simulation Applications and Implications for Software ...Comparing Big Data and Simulation Applications and Implications for Software ...
Comparing Big Data and Simulation Applications and Implications for Software ...Geoffrey Fox
 
Globus status and publication plans
Globus status and publication plansGlobus status and publication plans
Globus status and publication plansIan Foster
 

What's hot (20)

HPC-ABDS High Performance Computing Enhanced Apache Big Data Stack (with a ...
HPC-ABDS High Performance Computing Enhanced Apache Big Data Stack (with a ...HPC-ABDS High Performance Computing Enhanced Apache Big Data Stack (with a ...
HPC-ABDS High Performance Computing Enhanced Apache Big Data Stack (with a ...
 
Science Services and Science Platforms: Using the Cloud to Accelerate and Dem...
Science Services and Science Platforms: Using the Cloud to Accelerate and Dem...Science Services and Science Platforms: Using the Cloud to Accelerate and Dem...
Science Services and Science Platforms: Using the Cloud to Accelerate and Dem...
 
Hasbe a hierarchical attribute based solution for flexible and scalable acces...
Hasbe a hierarchical attribute based solution for flexible and scalable acces...Hasbe a hierarchical attribute based solution for flexible and scalable acces...
Hasbe a hierarchical attribute based solution for flexible and scalable acces...
 
Cloud Services for Big Data Analytics
Cloud Services for Big Data AnalyticsCloud Services for Big Data Analytics
Cloud Services for Big Data Analytics
 
paper
paperpaper
paper
 
Globus toolkit in grid
Globus toolkit in gridGlobus toolkit in grid
Globus toolkit in grid
 
Foundations for the Future of Science
Foundations for the Future of ScienceFoundations for the Future of Science
Foundations for the Future of Science
 
Big data and hadoop
Big data and hadoopBig data and hadoop
Big data and hadoop
 
Computing Outside The Box September 2009
Computing Outside The Box September 2009Computing Outside The Box September 2009
Computing Outside The Box September 2009
 
grid mining
grid mininggrid mining
grid mining
 
Accelerating Data-driven Discovery in Energy Science
Accelerating Data-driven Discovery in Energy ScienceAccelerating Data-driven Discovery in Energy Science
Accelerating Data-driven Discovery in Energy Science
 
A Hybrid Cloud Approach for Secure Authorized De-Duplication
A Hybrid Cloud Approach for Secure Authorized De-DuplicationA Hybrid Cloud Approach for Secure Authorized De-Duplication
A Hybrid Cloud Approach for Secure Authorized De-Duplication
 
Enabling data dynamic and indirect mutual trust for cloud computing storage s...
Enabling data dynamic and indirect mutual trust for cloud computing storage s...Enabling data dynamic and indirect mutual trust for cloud computing storage s...
Enabling data dynamic and indirect mutual trust for cloud computing storage s...
 
CYVERSE: TRANSFORMING LIFE SCIENCE RESEARCH VIA CYBERINFRASTRUCTURE
CYVERSE: TRANSFORMING LIFE SCIENCE RESEARCH VIA CYBERINFRASTRUCTURECYVERSE: TRANSFORMING LIFE SCIENCE RESEARCH VIA CYBERINFRASTRUCTURE
CYVERSE: TRANSFORMING LIFE SCIENCE RESEARCH VIA CYBERINFRASTRUCTURE
 
Review on Big Data Security in Hadoop
Review on Big Data Security in HadoopReview on Big Data Security in Hadoop
Review on Big Data Security in Hadoop
 
Methodology for Optimizing Storage on Cloud Using Authorized De-Duplication –...
Methodology for Optimizing Storage on Cloud Using Authorized De-Duplication –...Methodology for Optimizing Storage on Cloud Using Authorized De-Duplication –...
Methodology for Optimizing Storage on Cloud Using Authorized De-Duplication –...
 
A hybrid cloud approach for secure authorized deduplication
A hybrid cloud approach for secure authorized deduplicationA hybrid cloud approach for secure authorized deduplication
A hybrid cloud approach for secure authorized deduplication
 
Hadoop
HadoopHadoop
Hadoop
 
Comparing Big Data and Simulation Applications and Implications for Software ...
Comparing Big Data and Simulation Applications and Implications for Software ...Comparing Big Data and Simulation Applications and Implications for Software ...
Comparing Big Data and Simulation Applications and Implications for Software ...
 
Globus status and publication plans
Globus status and publication plansGlobus status and publication plans
Globus status and publication plans
 

Similar to Object Tagged RBAC Model for Hadoop Ecosystem

Introduction to Hadoop and MapReduce
Introduction to Hadoop and MapReduceIntroduction to Hadoop and MapReduce
Introduction to Hadoop and MapReduceeakasit_dpu
 
Designing Convergent HPC and Big Data Software Stacks: An Overview of the HiB...
Designing Convergent HPC and Big Data Software Stacks: An Overview of the HiB...Designing Convergent HPC and Big Data Software Stacks: An Overview of the HiB...
Designing Convergent HPC and Big Data Software Stacks: An Overview of the HiB...inside-BigData.com
 
Big data-hadoop-training-course-content-content
Big data-hadoop-training-course-content-contentBig data-hadoop-training-course-content-content
Big data-hadoop-training-course-content-contentTraining Institute
 
Introduction to Big Data, MapReduce, its Use Cases, and the Ecosystems
Introduction to Big Data, MapReduce, its Use Cases, and the EcosystemsIntroduction to Big Data, MapReduce, its Use Cases, and the Ecosystems
Introduction to Big Data, MapReduce, its Use Cases, and the EcosystemsJongwook Woo
 
Hadoop Administration pdf
Hadoop Administration pdfHadoop Administration pdf
Hadoop Administration pdfEdureka!
 
Hadoop Adminstration with Latest Release (2.0)
Hadoop Adminstration with Latest Release (2.0)Hadoop Adminstration with Latest Release (2.0)
Hadoop Adminstration with Latest Release (2.0)Edureka!
 
Oct 2011 CHADNUG Presentation on Hadoop
Oct 2011 CHADNUG Presentation on HadoopOct 2011 CHADNUG Presentation on Hadoop
Oct 2011 CHADNUG Presentation on HadoopJosh Patterson
 
Career opportunities in open source framework
Career opportunities in open source frameworkCareer opportunities in open source framework
Career opportunities in open source frameworkedunextgen
 
Career opportunities in open source framework
Career opportunities in open source framework Career opportunities in open source framework
Career opportunities in open source framework edunextgen
 
Hadoop @ Sara & BiG Grid
Hadoop @ Sara & BiG GridHadoop @ Sara & BiG Grid
Hadoop @ Sara & BiG GridEvert Lammerts
 
Future of Data Platform in Cloud Native world
Future of Data Platform in Cloud Native worldFuture of Data Platform in Cloud Native world
Future of Data Platform in Cloud Native worldSrivatsan Srinivasan
 
Dallas TDWI Meeting Dec. 2012: Hadoop
Dallas TDWI Meeting Dec. 2012: HadoopDallas TDWI Meeting Dec. 2012: Hadoop
Dallas TDWI Meeting Dec. 2012: Hadooplamont_lockwood
 
HariKrishna4+_cv
HariKrishna4+_cvHariKrishna4+_cv
HariKrishna4+_cvrevuri
 
How to use Hadoop for operational and transactional purposes by RODRIGO MERI...
How to use Hadoop for operational and transactional purposes by RODRIGO MERI... How to use Hadoop for operational and transactional purposes by RODRIGO MERI...
How to use Hadoop for operational and transactional purposes by RODRIGO MERI...Big Data Spain
 
Matching Data Intensive Applications and Hardware/Software Architectures
Matching Data Intensive Applications and Hardware/Software ArchitecturesMatching Data Intensive Applications and Hardware/Software Architectures
Matching Data Intensive Applications and Hardware/Software ArchitecturesGeoffrey Fox
 
Matching Data Intensive Applications and Hardware/Software Architectures
Matching Data Intensive Applications and Hardware/Software ArchitecturesMatching Data Intensive Applications and Hardware/Software Architectures
Matching Data Intensive Applications and Hardware/Software ArchitecturesGeoffrey Fox
 
Introducing the hadoop ecosystem
Introducing the hadoop ecosystemIntroducing the hadoop ecosystem
Introducing the hadoop ecosystemGeert Van Landeghem
 

Similar to Object Tagged RBAC Model for Hadoop Ecosystem (20)

Introduction to Hadoop and MapReduce
Introduction to Hadoop and MapReduceIntroduction to Hadoop and MapReduce
Introduction to Hadoop and MapReduce
 
Designing Convergent HPC and Big Data Software Stacks: An Overview of the HiB...
Designing Convergent HPC and Big Data Software Stacks: An Overview of the HiB...Designing Convergent HPC and Big Data Software Stacks: An Overview of the HiB...
Designing Convergent HPC and Big Data Software Stacks: An Overview of the HiB...
 
Big data-hadoop-training-course-content-content
Big data-hadoop-training-course-content-contentBig data-hadoop-training-course-content-content
Big data-hadoop-training-course-content-content
 
Introduction to Big Data, MapReduce, its Use Cases, and the Ecosystems
Introduction to Big Data, MapReduce, its Use Cases, and the EcosystemsIntroduction to Big Data, MapReduce, its Use Cases, and the Ecosystems
Introduction to Big Data, MapReduce, its Use Cases, and the Ecosystems
 
Hadoop Administration pdf
Hadoop Administration pdfHadoop Administration pdf
Hadoop Administration pdf
 
Hadoop Adminstration with Latest Release (2.0)
Hadoop Adminstration with Latest Release (2.0)Hadoop Adminstration with Latest Release (2.0)
Hadoop Adminstration with Latest Release (2.0)
 
Oct 2011 CHADNUG Presentation on Hadoop
Oct 2011 CHADNUG Presentation on HadoopOct 2011 CHADNUG Presentation on Hadoop
Oct 2011 CHADNUG Presentation on Hadoop
 
Career opportunities in open source framework
Career opportunities in open source frameworkCareer opportunities in open source framework
Career opportunities in open source framework
 
Career opportunities in open source framework
Career opportunities in open source framework Career opportunities in open source framework
Career opportunities in open source framework
 
Hadoop
HadoopHadoop
Hadoop
 
Hadoop @ Sara & BiG Grid
Hadoop @ Sara & BiG GridHadoop @ Sara & BiG Grid
Hadoop @ Sara & BiG Grid
 
Future of Data Platform in Cloud Native world
Future of Data Platform in Cloud Native worldFuture of Data Platform in Cloud Native world
Future of Data Platform in Cloud Native world
 
Dallas TDWI Meeting Dec. 2012: Hadoop
Dallas TDWI Meeting Dec. 2012: HadoopDallas TDWI Meeting Dec. 2012: Hadoop
Dallas TDWI Meeting Dec. 2012: Hadoop
 
HariKrishna4+_cv
HariKrishna4+_cvHariKrishna4+_cv
HariKrishna4+_cv
 
How to use Hadoop for operational and transactional purposes by RODRIGO MERI...
How to use Hadoop for operational and transactional purposes by RODRIGO MERI... How to use Hadoop for operational and transactional purposes by RODRIGO MERI...
How to use Hadoop for operational and transactional purposes by RODRIGO MERI...
 
Matching Data Intensive Applications and Hardware/Software Architectures
Matching Data Intensive Applications and Hardware/Software ArchitecturesMatching Data Intensive Applications and Hardware/Software Architectures
Matching Data Intensive Applications and Hardware/Software Architectures
 
Matching Data Intensive Applications and Hardware/Software Architectures
Matching Data Intensive Applications and Hardware/Software ArchitecturesMatching Data Intensive Applications and Hardware/Software Architectures
Matching Data Intensive Applications and Hardware/Software Architectures
 
Introduction to Hadoop Administration
Introduction to Hadoop AdministrationIntroduction to Hadoop Administration
Introduction to Hadoop Administration
 
Introducing the hadoop ecosystem
Introducing the hadoop ecosystemIntroducing the hadoop ecosystem
Introducing the hadoop ecosystem
 
Introduction to Hadoop Administration
Introduction to Hadoop AdministrationIntroduction to Hadoop Administration
Introduction to Hadoop Administration
 

Recently uploaded

TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...Nguyen Thanh Tu Collection
 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentationcamerronhm
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and ModificationsMJDuyan
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxVishalSingh1417
 
Dyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptxDyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptxcallscotland1987
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsTechSoup
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...ZurliaSoop
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxheathfieldcps1
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxnegromaestrong
 
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseAnaAcapella
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptxMaritesTamaniVerdade
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfSherif Taha
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.MaryamAhmad92
 
Magic bus Group work1and 2 (Team 3).pptx
Magic bus Group work1and 2 (Team 3).pptxMagic bus Group work1and 2 (Team 3).pptx
Magic bus Group work1and 2 (Team 3).pptxdhanalakshmis0310
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...Poonam Aher Patil
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17Celine George
 
ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701bronxfugly43
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibitjbellavia9
 

Recently uploaded (20)

TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentation
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and Modifications
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
 
Dyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptxDyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptx
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
 
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please Practise
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdf
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.
 
Magic bus Group work1and 2 (Team 3).pptx
Magic bus Group work1and 2 (Team 3).pptxMagic bus Group work1and 2 (Team 3).pptx
Magic bus Group work1and 2 (Team 3).pptx
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
Asian American Pacific Islander Month DDSD 2024.pptx
Asian American Pacific Islander Month DDSD 2024.pptxAsian American Pacific Islander Month DDSD 2024.pptx
Asian American Pacific Islander Month DDSD 2024.pptx
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibit
 

Object Tagged RBAC Model for Hadoop Ecosystem

  • 1. Institute for Cyber Security © Maanak Gupta World-Leading Research with Real-World Impact! 1 Object-Tagged RBAC Model for the Hadoop Ecosystem Maanak Gupta, Farhan Patwa, and Ravi Sandhu Institute for Cyber Security and Department of Computer Science University of Texas at San Antonio 31st Annual IFIP WG 11.3 Working Conference on Data and Applications Security and Privacy (DBSec 2017), Philadelphia, Pennsylvania, July 19-21, 2017
  • 2. © Maanak Gupta World-Leading Research with Real-World Impact! 2 Outline ➢ Introduction and Motivation ➢ Multi-layer Access Control ➢ Authorization Architecture ➢ Hadoop Ecosystem Access Control Model ➢ OT-RBAC Model ➢ Proposed Implementation ➢ Attribute Based Extensions to OT-RBAC ➢ Conclusion
  • 3. ➢ IDC 2025 : ❖ global “datasphere” – 163 zettabytes ❖ 10x than 2016 ➢ Opportunities: 21st century gold for data miners ➢ Big Data require “Big Systems” Security: ➢ Secure Storage ➢ Privacy Concerns (eg: HIPPA) ➢Fine granular access requirements Big Data and Big Challenges © Maanak Gupta World-Leading Research with Real-World Impact! 3
  • 4. ➢ Hadoop: resilient, cost efficient distributed storage (HDFS) and processing framework (MapReduce) and YARN ➢ Ecosystem = Hadoop core + Open-Source Projects ➢ Hadoop Data Lake ➢ Security Concerns Hadoop Ecosystem © Maanak Gupta World-Leading Research with Real-World Impact! 4
  • 5. © Maanak Gupta World-Leading Research with Real-World Impact! 5 Multi-Layer Access Control Services Data and Service Objects Cluster Resources and ApplicationsHDFS NameNode, YARN ResourceManager Apache Hive HDFS Files, Hive Tables Kafka Topics YARN Queues, Cluster Nodes
  • 6. © Maanak Gupta World-Leading Research with Real-World Impact! 6 Hadoop and Data Services Access Hadoop Daemons Access Configuration WebHDFS Access via Apache Knox
  • 7. © Maanak Gupta World-Leading Research with Real-World Impact! 7 Data Objects Access Hive and HDFS Access Configurations
  • 8. © Maanak Gupta World-Leading Research with Real-World Impact! 8 Tag Based Objects Access Tag Based Policy Configuration
  • 9. © Maanak Gupta World-Leading Research with Real-World Impact! 9 Context Enricher and Policy Conditions Geo Location Based Policies
  • 10. © Maanak Gupta World-Leading Research with Real-World Impact! 10 Cluster Resource and Application Access YARN Queue Access Control Configuration root default newQueue root accessrights
  • 11. © Maanak Gupta World-Leading Research with Real-World Impact! 11 Hadoop Ecosystem Authorization Architecture Apache Ranger, Apache Sentry Apache Knox Apache Hive, HDFS, Apache Storm, Apache Kafka, YARN
  • 12. AC Model: Hadoop View © Maanak Gupta World-Leading Research with Real-World Impact! 12 ) : NameNode, YARN ResourceManager : access / communicate : Files and Directories in HDFS ) : read, write, execute
  • 13. AC Model: Ranger View © Maanak Gupta World-Leading Research with Real-World Impact! 13 ) : Hive, HDFS, Kafka, HBase : Files and Directories in HDFS; Tables, columns in Hive ) : read, write, execute, select, create : PII, top-secret
  • 14. © Maanak Gupta World-Leading Research with Real-World Impact! 14 AC Model: Sentry View
  • 15. HeAC Model: Consolidated View © Maanak Gupta World-Leading Research with Real-World Impact! 15 Hadoop Ecosystem Access Control Model
  • 16. © Maanak Gupta World-Leading Research with Real-World Impact! 16 OT-RBAC Model Object-Tagged RBAC
  • 17. © Maanak Gupta World-Leading Research with Real-World Impact! 17 Group Based Role Inheritance Roles: {student} Bob G1 G2 G3 Roles: {Grader} Roles: {Staff, Grader, TA} UGA URA Effective Roles Direct & effective membership Roles: {TA} Roles: {student, Staff, Grader, TA} Bob Easy Administration where multiple roles can be assigned to user with single administrative operation. Group Hierarchy
  • 18. © Maanak Gupta World-Leading Research with Real-World Impact! 18 Implementation Approach
  • 19. © Maanak Gupta World-Leading Research with Real-World Impact! 19 Adding Attributes to OT-RBAC
  • 20. © Maanak Gupta World-Leading Research with Real-World Impact! 20 NIST Strategies ➢Dynamic Roles
  • 21. © Maanak Gupta World-Leading Research with Real-World Impact! 21 NIST Strategies ➢ Attribute Centric
  • 22. © Maanak Gupta World-Leading Research with Real-World Impact! 22 NIST Strategies ➢ Role Centric
  • 23. © Maanak Gupta World-Leading Research with Real-World Impact! 23 Defense in Depth Secure Hadoop Ecosystem Hadoop Daemons and Services Data and Service Objects Cluster Resource and Application
  • 24. © Maanak Gupta World-Leading Research with Real-World Impact! 24 Conclusion and Future Work ➢ Formalized Conceptual HeAC Model ➢ Object-Tagged-RBAC Model ➢ Attributes based extensions Some Future Goals: ➢ Introduce Data ingestion security ➢ Privacy concerns and finer grained approaches in Multi-Tenant Hadoop Lake