Research On Access Control Technology In HDFS-Based Cloud Storage

With the rapid development of information technology, the Internet has gathered massive of data, and the quantity of surges in a blowout trend. As a result users’ demand for cloud storage service has increased obviously. At the same time, for enterprise users, the problems of data storage such as high cost, low safety, and tedious management become prominent. With the development of distributed computing technology and virtual network technology, cloud storage technology has become increasingly mature. Currently, Hadoop is a very popular open source distributed infrastructure, which implements a distributed file system (Hadoop Distributed File System, HDFS). HDFS has the advantages such as high reliability, high extensibility, and high fault tolerance. It can be deployed in cheap hardware in order to achieve storage management of massive data, as well as shift from completing users’task to large Internet computing. This is not only conducive to the integration of various software and hardware resources distributed on the Internet, but also maximize the utilization of unused Internet resources to realize more efficient resource sharing. Therefore, take consideration of improve the management and reduce cost, more and more enterprises use HDFS as basic storage platform to upgrade the existing storage hardware and software equipment. However, the development of Hadoop inevitably bring many challenges in the field of information security. One of the concerns is how to ensure the security of data in system. Hadoop is designed to organize a lot of unstructured data in a trusted environment, security is not a driver for its development. Therefore, it cannot provide secure access control to satisfy the system authentication and users’needs in data privacy.This article focuses on how to achieve security access control of Hadoop. It put forwards a more in-depth analysis and research. The research work includes the following:(1) Compared with other existing access control methods, this article summarizes their advantages and disadvantages of the methods. On the base of RBAC, this article introduces Attribute concept to achieve a new access control method ARBAC (Attribute and Role Based Access Control) and gives out rule definition and authorization mechanism.(2) This article studies Hadoop and applies ARBAC into HDFS. The authentication and authorization module are given to achieve the access control of Hadoop. In this way the data security, user privacy, user relationship mapping, and command line access are solved.(3) This paper presents the realization of access control system based on HDFS of cloud storage. Through the practical calculation performance test and system simulation software CloudSim in the cloud analysis, it shows that the scheme designed in this paper to solve the problems of security access control in Hadoop.The innovations of this paper includes the following three aspects:(1) This paper proposed ARBAC model based on HDFS, to solve the problem of security and privacy protection of Hadoop cloud storage data, realizes the access control system of HDFS based on cloud storage.(2) This paper designs the Hadoop daemon to realize the Hadoop command line terminal access control. It can prevent false users to use the command line to pretend to be real users.(3) This paper designs dynamic authorization management in Hadoop, solves the problem of mapping between Hadoop users and Linux users of the system problems, and realizes unified management of user access.