Research On Security Mechanism And Vulnerabilities Of Hadoop Cloud Computing Platform

Due to the rapid rise of electronic commerce and mobile Internet, various kinds of net business have generated massive data. It is how to effictivly store this massive data, manage this data, and use this data that drive the development of cloud computing technology. Among the cloud computing technology at present, with its open source, elasticity, powerful computing performance, and lower cost, Hadoop, a open source cloud computing framework platform, has became one of the most poular cloud computing platform used by big global Internet companies. However, with the widely using of Hadoop, the shortage of its security has gradually come to light, which draws more and more attention.The article made analysis and research on the authentication process of Kerberos authentication system and secure design of Kerberos; introduced grammar and rules of BAN logical deduction and demonstrated Kerberos protocol; illustrated SAML authencation standard technology and the concept of Artifact. Base on all these knowledge, the article explaind current operating mechanism of Hadoop; introduced the original and present secure situation of Hadoop; detailed current security mechanism of Hadoop, including HDFS, MapReduce, RPC; and further conclude the token key and authentication flow of Hadoop.Against current secure situation of Hadoop cloud computing platform, the article proposed an authentication and authorization method of Hadoop cloud computing platform based on SAML, and implemented a authentication and authorization system based on SAML for Hadoop by this method. The authentication and authorization system stores Hadoop authenticatd users and authorizated service into a database deployed on system server, and simplifies the authentication ticket issued to user and authorization ticket issued to service to the index in database, which achieves light weight of authentication and authorization tickets, also avoids the direct transmission of authentication and authorization tickets in Hadoop, prevents the leak of authentication and authorization information, and reduces the data traffic trasfered within cluster’s internal network and lightens system’s network load, to some extent. Besides, using BAN local deduction, the article successfully verified the design of authentication and authorization method of Hadoop cloud computing platform based on SAML secure, realiable, and not redundant, which provides theoretical basis for this authentication and authorization method, as well.