| HBase is one kind of NoSQL(Not Only SQL)databases and a wide column big data storage based on Hadoop.It has outstanding capabilities for managing large data and is adopted by many enterprises and organizations.However,data access control in HBase is a big challenge for researchers.In order to improve the access control capability of HBase,this thesis proposes a finegrained permission access control mechanism for HBase.The access control mechanism achieves the purpose of fine-grained access control by modifying and optimizing the source code,extending the access control permissions,and rewriting the AccessController of HBase.We generalize the Role-Based Access Control(RBAC)model that used for HBase,and the built-in database roles are used to solve the problem of fine-grained permissions management becomes more difficult after extending permissions.By designing experimental test cases,it is verified that the proposed fine-grained access control mechanism can protect HBase data more comprehensively.The problem of excessive permissions caused by the original access control mechanism is solved.The proposed access control mechanism can reduce the huge security risks,which contains maliciously modifying,deleting,etc.The RBAC in HBase has some limitations.The coarse-grained access permissions produce little effect in many cases,and the elements used for authorization are not comprehensive enough.Attribute-Based Access Control(ABAC)is suitable for the authorization of NoSQL data storages due to its flexibility,but it has not been investigated deeply in HBase.The objective of this paper is to study the data access control in HBase and to develop an ABAC-based mechanism for the security of HBase data.In light of the wide column feature of HBase,an Attribute-Based Fine-Grained Access Control mechanism(AGAC)is proposed,which covers two aspects,HBase' atomic operations and five fine granularity level objects.When a user needs to access data in HBase storage,the AGAC will give the permission or deny by verifying user's atomic operations and analyzing user's attributes according to the access control policies related to the data granularity level.This access control mechanism is verified on publically available email dataset and is proven to be effective to improve the access control capability of HBase.Finally,a historical email data management system based on B/S architecture is designed and developed on HBase cluster.This system integrates the fine-grained access control mechanism proposed in this thesis.The user's access requests can be controlled by setting a reasonable access control policies in system,it is proved that the data in the software system based on HBase can be more comprehensively protected. |
PDF Full Text Request