| Summary: | 碩士 === 國立中山大學 === 資訊工程學系研究所 === 99 === The goal in this research is to design and implement a secure Hadoop cluster. The
cloud computing is a type of network computing, where most data is transmitted through
network. To develop a secure cloud architecture, we need to validate users first, and
guarantee transmitting data against stealing and falsification. In case of someone steals the
data, he is still hard to know content. Therefore, we focus on the following points:
I. Authorization: First, we investigate the user authorization problem in Hadoop
system, and then, propose two solutions: SOCKS Authorization and Service Level
Authorization. SOCKS Authorization is a external authorization in Hadoop System,
and uses username/password to identify users. Service Level Authorization is a new
authorization mechanism in Hadoop 0.20. This mechanism to ensure clients connecting
to a particular Hadoop service have the necessary, pre-configured, permissions and are
authorized to access the given service.
II. Transmission Encryption: To keep important data, such as Block ID, Job ID,
username, etc, away from exposedness in non-trusted networks, we examine Hadoop
transmissions in practice, and point out possible security problems. Subsequently, we
use IPSec to implement transmission encryption and packet verification for Hadoop.
III. Architecture Design: Based on the implementation framework of Hadoop mentioned
above, we propose a secure architecture of Hadoop cluster to solve the security
problems. In addition, we also evaluate the performances of HDFS and MapRduce in
this architecture.
|
|---|
