This project leverages Apache Hadoop and Apache Hive to provide fine-grained access control. Our framework provides secure access to the Hadoop FileSystem (HDFS) files stored as tables in Hive. Our security assumption is that the underlying HDFS cannot be accessed directly. The framework provides a secure login feature for users, based on a salted hash technique. Once a user has logged on, based on his/her credentials and permissions they are provided with various options.
The various functions provided by the framework based on a users permissions are:
- Uploading data to HDFS as tables in Hive.
- Defining or uploading XACML policies for newly created tables.
- Defining views on existing tables in Hive.
- Defining or uploading XACML policies on views.
- Querying tables and views.
- Registration of new users.
- Assigning new users to groups. This is done by a designated user "admin".
Our future plans with this framework include the implementation of a query rewriting mechanism based on the existing tables/views in the HDFS and the XACML policies defined on them. We also plan to release the framework as an open source web application.
Professors: Dr. Murat Kantarcioglu, Dr. Latifur Khan and Dr. Bhavani Thuraisingham
Students: Anuj Gupta, Mehul Vyas, Nikhil Mishra and Vaibhav Khadilkar
Documents and Publications
- Overview of Project
- B. Thuraisingham, V. Khadilkar, A. Gupta, M. Kantarcioglu, and L. Khan Secure Data Storage and Retrieval in the Cloud, In Proceedings of CollaborateCom 2010, 6th International Conference on Collaborative Computing, October 2010, Chicago, USA. Paper, Presentation