Research On Security Of NoSQL Databases Based On Hadoop

At present, NoSQL databases such as Bigtable and its open sourceimplementation HBase have become new storage solutions for large data. They haveshown their high scalability and high availability in many large-scale services andapplications. However, most of NoSQL databases uses simple data model based onkey-value pairs instead of relational data model, sacrificing features, for example,the rich query mode characteristic and transactional functionality, for scalability andavailability. As NoSQL databases do not have schema and most of them useeventually consistency in their consistency model, it is hard to guarantee theintegrity and correctness of the data stored in the databases.This paper aims to research in NoSQL security issues and propose propersecurity policies and strategies to improve the safety of NoSQL databases, analyzethe architecture and the mechanisms of secure HBase database built onsecure-enabled Hadoop platform in detail, and make several improvement of HBase.The theories and technologies used in NoSQL databases are firstly analyzed.Combined with the characteristics of NoSQL and the survey on security mechanismsin databases, this paper defines the detail requirements of NoSQL database security.Based on the source code analysis of HBase and secure-enabled Hadoop platform,security mechanisms of Hadoop and HBase are analyzed, including ACL basedaccess control, Kerberos based authentication and authorization, and data integrityand consistency guarantee in HBase. With secure-enabled Hadoop platform, HBasesupports access control mechanisms including permission control, authenticationand authorization based on Kerberos, data integrity and consistency of HBase isguaranteed by HDFS. Through the analysis of the security mechanisms, HBasesecurity evaluation is proposed, which implies that there is room for improvement inthe aspects of access control, data consistency guarantee and data encryption.Based on the evaluation above, two improvements of HBase are proposed:1)Improved permission control based on ACL. It provides more detailed permission control in HBase.2) HBase multi-key transaction support based on serializablesnapshot isolation. HBase only provide single-row transactions through its row lockmechanism, this paper improves the transaction functionality using snapshotisolation model and the detection algorithm for serializable snapshot isolation, thusguarantees the correctness and consistency in the concurrent data access.Finally, the improved permission control method and the approach of multi-keytransaction management in HBase are evaluated by several experiments. The resultsimply that our approaches are practical, the detailed permissions are available withno effect on performance and the approach of multi-key transaction support is in linewith expectations.