Design and implementation of a Hadoop-basedsecure cloud computing architecture

• Main Authors: Sheng-Lun Cheng, 鄭聖倫
• Other Authors: CHUN-HUNG RICHARD LIN
• Format: Others
• Language: zh-TW
• Published: 2011
• Online Access: http://ndltd.ncl.edu.tw/handle/07012261269563399440

碩士 === 國立中山大學 === 資訊工程學系研究所 === 99 === The goal in this research is to design and implement a secure Hadoop cluster. The cloud computing is a type of network computing, where most data is transmitted through network. To develop a secure cloud architecture, we need to validate users first, and guarantee transmitting data against stealing and falsification. In case of someone steals the data, he is still hard to know content. Therefore, we focus on the following points: I. Authorization： First, we investigate the user authorization problem in Hadoop system, and then, propose two solutions: SOCKS Authorization and Service Level Authorization. SOCKS Authorization is a external authorization in Hadoop System, and uses username/password to identify users. Service Level Authorization is a new authorization mechanism in Hadoop 0.20. This mechanism to ensure clients connecting to a particular Hadoop service have the necessary, pre-configured, permissions and are authorized to access the given service. II. Transmission Encryption： To keep important data, such as Block ID, Job ID, username, etc, away from exposedness in non-trusted networks, we examine Hadoop transmissions in practice, and point out possible security problems. Subsequently, we use IPSec to implement transmission encryption and packet verification for Hadoop. III. Architecture Design： Based on the implementation framework of Hadoop mentioned above, we propose a secure architecture of Hadoop cluster to solve the security problems. In addition, we also evaluate the performances of HDFS and MapRduce in this architecture.