Research On Access Control Using Role And User Trust Value For HDFS

With the rapid development of cloud storage technology, more and more businesses and users choose to use cloud storage to save or backup data, in order to enhance the removability of data. For the security of cloud storage, researchers mainly focus on privacy disclosure, data disaster tolerance, duplication eliminating, etc. However, few researchers pay attention to access control technology. The core of cloud storage is actually a distributed file system, so the data security problem of cloud storage is the data security problem of distributed file system.Based on the pre-existing access control techniques, this paper mainly concentrates on access control defects of the Hadoop distributed file system. The specific work and research results are as follows:Firstly, due to the simple discretionary access control of the existing HDFS, which cannot reduce the complexity and time overhead of HDFS authorization management, this paper proposes an access control mechanism for HDFS based on role, or R-HDFS for short, which can improve the flexibility of HDFS authorization management. Through the introduction of user role, we can realize the separation between user and operating authority, which simplifies the user's authorization management. The example analysis and experimental results demonstrate that the R-HDFS can assign different roles for user according to system settings, providing conditions for flexible authorization management and efficient security control, further, laying a foundation for the security of HDFS.Secondly, legitimate user's post operation behaviors will not be monitored when it passes the identity authentication of HDFS. The user's post operation behaviors may be endanger to the safety of the cluster system, but, it cannot be detected by the cluster system. In order to solve the credibility problem of legitimate user's post operation behaviors, this paper proposes an access control mechanism for HDFS based on user trust value, or T-HDFS for short, combining the third-party authentication system Kerberos and user trust value. We use the third-party authentication system to realize the safety certification of user status. The model sets up a trust value for each user, and controls user access to HDFS dynamically by comparing the trust value and trust threshold. It realizes a fine-grained, reliable and flexible access control mechanism. Experimental results and analysis show that the T-HDFS access control mechanism can monitor and collect user's behaviors in real time, and can update user trust value according to the records of user's behaviors. By comparing the trust value and trust threshold, this model dynamic controls user access to the cluster, and it does not have a serious influence to the cluster performance.Thirdly, the access control mechanism for HDFS based on role and user trust value is designed and implemented in Hadoop distributed file system. It implements the user role assignment, user authentication security, dynamicly controlling user access behaviors and other functions. In addition, design for the data structure and specific implementation steps are also given.