%0 Conference Proceedings
%T Object-Tagged RBAC Model for the Hadoop Ecosystem
%+ The University of Texas at San Antonio (UTSA)
%A Gupta, Maanak
%A Patwa, Farhan
%A Sandhu, Ravi
%Z Part 1: Access Control
%< avec comité de lecture
%( Lecture Notes in Computer Science
%B 31th IFIP Annual Conference on Data and Applications Security and Privacy (DBSEC)
%C Philadelphia, PA, United States
%Y Giovanni Livraga
%Y Sencun Zhu
%I Springer International Publishing
%3 Data and Applications Security and Privacy XXXI
%V LNCS-10359
%P 63-81
%8 2017-07-19
%D 2017
%R 10.1007/978-3-319-61176-1_4
%K Access control
%K Hadoop ecosystem
%K Big Data
%K Data lake
%K Role based
%K Attributes
%K Groups hierarchy
%K Object Tags
%Z Computer Science [cs]Conference papers
%X Hadoop ecosystem provides a highly scalable, fault-tolerant and cost-effective platform for storing and analyzing variety of data formats. Apache Ranger and Apache Sentry are two predominant frameworks used to provide authorization capabilities in Hadoop ecosystem. In this paper we present a formal multi-layer access control model (called $$\mathrm {HeAC}$$) for Hadoop ecosystem, as an academic-style abstraction of Ranger, Sentry and native Apache Hadoop access-control capabilities. We further extend $$\mathrm {HeAC}$$ base model to provide a cohesive object-tagged role-based access control (OT-RBAC) model, consistent with generally accepted academic concepts of RBAC. Besides inheriting advantages of RBAC, OT-RBAC offers a novel method for combining RBAC with attributes (beyond NIST proposed strategies). Additionally, a proposed implementation approach for OT-RBAC in Apache Ranger, is presented. We further outline attribute-based extensions to OT-RBAC.
%G English
%Z TC 11
%Z WG 11.3
%2 https://inria.hal.science/hal-01684349/document
%2 https://inria.hal.science/hal-01684349/file/453481_1_En_4_Chapter.pdf
%L hal-01684349
%U https://inria.hal.science/hal-01684349
%~ IFIP-LNCS
%~ IFIP
%~ IFIP-TC
%~ IFIP-WG
%~ IFIP-TC11
%~ IFIP-WG11-3
%~ IFIP-DBSEC
%~ IFIP-LNCS-10359