Paper Info
Title
GuardMR: Fine-grained Security Policy Enforcement for MapReduce Systems
Abstract
Executing data analytics tasks in MapReduce systems introduces new security and privacy concerns as the processed unstructured datasets may contain sensitive information (e.g., social security numbers, business sensitive information) at the level of individual records, and the existing file-level access control mechanisms provide all or nothing access to the entire dataset. To address these concerns, we propose GUARDMR which is a novel, modular framework that can enforce fine-grained security policies at the key-value level in MapReduce systems. The presented security policies can dynamically create authorized views of data resources based on the organizational roles of the MapReduce users. GUARDMR further simplifies the specification of authorized views via automatically generating the bytecode of the functions necessary for creating the views, from the high level specification language (i.e., OCL). It facilitates enforcement of a broad, flexible set of policies that can handle the complexity demanded by high volume, high variety, unstructured datasets and general MapReduce computation without any modification to the underlying MapReduce system and operating system. Our evaluation results indicate that GUARDMR provides fine-grained access control for Apache Hadoop system with easy maintainability and very low overhead
Year
DOI
Venue
2015
10.1145/2714576.2714624
ASIACCS
Keywords
Field
DocType
big data,mapreduce sytems,security, integrity, and protection,distributed databases,fine-grained access control
Computer security,Computer science,Enforcement,Access control,Modular design,Security policy,Information sensitivity,Bytecode,Big data,Maintainability,Database
Conference
Citations 
PageRank 
References 
14
0.70
20
Authors
5
Name
Order
Citations
PageRank
Huseyin Ulusoy1635.43
Pietro Colombo214215.85
Elena Ferrari3201.56
Murat Kantarcioglu42470168.03
Erman Pattuk5615.01