【打印本页】      【下载PDF全文】   查看/发表评论  下载PDF阅读器  关闭
←前一篇|后一篇→ 过刊浏览    高级检索
本文已被:浏览 7215次   下载 7452 本文二维码信息
码上扫一扫!
GuardSpark:Spark访问控制增强机制
宁方潇,文雨,史岗
分享到: 微信 更多
(中国科学院信息工程研究所, 北京 中国 100093;中国科学院大学网络空间安全学院, 北京 中国 100049)
摘要:
作为最流行的大数据分析工具之一,Spark的安全性却未得到足够重视。访问控制作为实现数据安全共享的重要手段,尚未在Spark上得以部署。为实现隐私或敏感数据的安全访问,本文尝试提出一种面向Spark的访问控制解决方案。由于Spark架构具有混合分析的特点,设计和实现一个可扩展支持不同数据源的细粒度访问控制机制具有挑战性。本文提出了一种基于声明式编程和Catalyst可扩展优化器的统一、集中式访问控制方法GuardSpark。GuardSpark可支持复杂的访问控制策略和细粒度访问控制实施。文章实验部分对所提访问控制方法在Spark上进行了原型实现,并对其有效性和性能开销进行了实验验证和评价。实验结果表明,GuardSpark可实现细粒度、支持复杂策略的访问控制机制。同时,该方法带来的性能开销可忽略,并且系统具有可扩展性。
关键词:  Spark SQL  访问控制  安全优化  大数据
DOI:10.19363/j.cnki.cn10-1380/tn.2017.10.006
投稿时间:2017-03-20修订日期:2017-06-02
基金项目:
GuardSpark:Access Control Enforcement in Spark
NING Fangxiao,WEN Yu,SHI Gang
Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China;School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China
Abstract:
As one of the most popular big data analysis tools, the security of Spark has not raised sufficient concern. Access control is an important means of safe data sharing, which was not deployed on Spark. In order to safely access privacy or sensitive data, this paper attempts to propose an access control solution for Spark. Due to the unification of Spark framework, it is very challenging to design and implement a scalable and fine-grained access control schemes which support variety of data sources. We proposed GuardSpark, a unified, centralized access control method based on declarative programming and Catalyst extensible optimizer. GuardSpark supports complex access control policies and fine-grained access control enforcement. The experimental part of this paper implemented the proposed prototype on Spark to verify the correctness of the function of AC enforcement. We also evaluated the system overhead introduced by AC enforcement. The experimental results show that GuardSpark can achieve fine-grained access control and support complex AC policies. At the same time, the performance overhead of this approach is negligible with good scalability.
Key words:  Spark SQL  access control  security optimization  big data