English | 中文

【打印本页】      【下载PDF全文】   查看/发表评论  下载PDF阅读器  关闭
←前一篇|后一篇→ 过刊浏览    高级检索
本文已被:浏览 903次   下载 1131 本文二维码信息
分享到: 微信 更多
(中国科学院信息工程研究所, 北京 中国 100093;中国科学院大学网络空间安全学院, 北京 中国 100049)
关键词:  Spark SQL  访问控制  安全优化  大数据
GuardSpark:Access Control Enforcement in Spark
NING Fangxiao,WEN Yu,SHI Gang
Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China;School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China
As one of the most popular big data analysis tools, the security of Spark has not raised sufficient concern. Access control is an important means of safe data sharing, which was not deployed on Spark. In order to safely access privacy or sensitive data, this paper attempts to propose an access control solution for Spark. Due to the unification of Spark framework, it is very challenging to design and implement a scalable and fine-grained access control schemes which support variety of data sources. We proposed GuardSpark, a unified, centralized access control method based on declarative programming and Catalyst extensible optimizer. GuardSpark supports complex access control policies and fine-grained access control enforcement. The experimental part of this paper implemented the proposed prototype on Spark to verify the correctness of the function of AC enforcement. We also evaluated the system overhead introduced by AC enforcement. The experimental results show that GuardSpark can achieve fine-grained access control and support complex AC policies. At the same time, the performance overhead of this approach is negligible with good scalability.
Key words:  Spark SQL  access control  security optimization  big data