检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
作 者:陈垚坤 刘文丽[1] CHEN Yaokun LIU Wenli(Jiangnan CoMputing Technology Research Institute, Wuxi 214083, China)
出 处:《河南师范大学学报(自然科学版)》2016年第5期146-153,共8页Journal of Henan Normal University(Natural Science Edition)
基 金:国家核高基项目(2013ZX01029002-001)
摘 要:针对Hadoop平台缺乏有效访问控制机制的问题,提出一种适用于Hadoop平台的基于属性访问控制模型H-ABAC.该模型将传统ABAC模型扩充为五元组,加入安全等级属性增加了灵活性,选择XACML为策略描述语言并提供标准化、可大规模扩展的访问控制策略.对该模型进行形式化定义,构建模型框架并详述各个模块的功能与实现,对模型的适用性和优势进行了分析.分析得出:该模型可以满足自主、细粒度以及动态授权的需求.仿真实验显示:H-ABAC可以有效控制策略数量并且减少系统的开销,所增加时间开销也在可控范围之内.An attribute-based access control model for Hadoop(H-ABAC)is proposed to solve the access control problem in Hadoop.The traditional ABAC model is expanded to five elements.The security level is considered as an important element for H-ABAC like subject,object,operation and environment.Standardized and extensible access control policies are evolved by XACML.Modules of H-ABAC are formally defined.The functions and implementation of these modules are detailedly described.The applicabilities and superiorities of H-ABAC are analysed.The conclusion shows that H-ABAC can provide independent,fine-grained and dynamic access control and Reduce the system overhead.The simulation experiment shows that H-ABAC can keep the amount of access control policies slowly increasing and the cost of time is acceptable.All that shows H-ABAC is a practical access control model for Hadoop.
关 键 词:HADOOP 访问控制 基于属性 XACML 细粒度
分 类 号:TP393[自动化与计算机技术—计算机应用技术]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.145
