TDACS: an ABAC and Trust-based Dynamic Access Control Scheme in Hadoop

TL;DR

This paper proposes TDACS, a dynamic access control scheme for Hadoop that integrates ABAC and trust evaluation via blockchain to enhance security and flexibility in user permissions.

Contribution

It introduces a novel access proxy with trust-based dynamic authorization using blockchain, addressing the complexity and security challenges in Hadoop's access control.

Findings

The scheme effectively adjusts user permissions dynamically.

It maintains security while keeping resource consumption reasonable.

Blockchain-based trust evaluation improves data authenticity and reliability.

Abstract

The era of big data has promoted the vigorous development of many industries, boosting the full potential of holistic data-driven analysis. Hadoop has become the primary choice for mainstream platforms used by stakeholders to process big data. Thereafter, the security of Hadoop platform has arisen tremendous attention worldwide. In this paper, we mainly concentrate on enforcing access control on users to ensure platform security. First, we leverage access proxy integrated with attribute-based access control (ABAC) model to implement front-end authorization, which can fully reflect and cope with the flexible nature of the complex access control process in Hadoop platform, as well as can release back-end resources from complex authorization process through access proxy. Moreover, in order to ensure the fine-granularity of authorization, the access proxy maintains a list composed of trust threshold value provided by each resource according to its importance. The access proxy interacts with the blockchain network to obtain the user's trust evaluation value, which serves as an important basis for dynamic authorization determination. More specifically, blockchain network works together on-chain and off-chain modes. The user's historical behavior data is stored off-chain, and the corresponding hash value is anchored on-chain. Consequently, the user's trust value is evaluated based on his historical behavior stored on the blockchain platform. Meanwhile, the authenticity of user behavior data can be guaranteed, thereby ensuring the reliability of trust assessment results. Our experiment demonstrates that the proposed model can dynamically and flexibly adjust user permissions to ensure the security of the platform, while time and money are consumed within a reasonable range.