Overview of SEHadoop
To improve Hadoop compromise resilience, we design a
new SEHadoop model through two major principles: enhancing
isolation level among Hadoop components and giving
least access privilege for Hadoop processes. When compromise
starts in Hadoop, strong isolation level can help Hadoop limit
the extent of compromise. It will enforce hackers to attack
one component at a time and slow down the pace of attacks.
Enforcing least access privilege for Hadoop components can
ensure that compromised Hadoop processes can only access
limited data. Comparing with original Hadoop, attackers need
to attack more components in SEHadoop to steal the same
amount of data. Since some Hadoop components may be
running on a large number of VMs, such as Data Node, Node
Manager and Container, they have larger possibility being
attacked than other Hadoop components have, e.g a malicious
VM of an attacker has better chance to co-reside with VMs
running Data Node to launch internal cloud attacks comparing
with VM running Name Node. We carefully examined these
components to ensure that the security mechanisms they are
using satisfy the two principles. The SEHadoop model consists
of SEHadoop runtime model, SEHadoop Block Token and
SEHadoop Delegation Token.
Overview of SEHadoopTo improve Hadoop compromise resilience, we design anew SEHadoop model through two major principles: enhancingisolation level among Hadoop components and givingleast access privilege for Hadoop processes. When compromisestarts in Hadoop, strong isolation level can help Hadoop limitthe extent of compromise. It will enforce hackers to attackone component at a time and slow down the pace of attacks.Enforcing least access privilege for Hadoop components canensure that compromised Hadoop processes can only accesslimited data. Comparing with original Hadoop, attackers needto attack more components in SEHadoop to steal the sameamount of data. Since some Hadoop components may berunning on a large number of VMs, such as Data Node, NodeManager and Container, they have larger possibility beingattacked than other Hadoop components have, e.g a maliciousVM of an attacker has better chance to co-reside with VMsrunning Data Node to launch internal cloud attacks comparingwith VM running Name Node. We carefully examined thesecomponents to ensure that the security mechanisms they areusing satisfy the two principles. The SEHadoop model consistsof SEHadoop runtime model, SEHadoop Block Token andSEHadoop Delegation Token.
การแปล กรุณารอสักครู่..