SecHadoop: A Privacy Preserving Hadoop

Proceedings of the 12th IEEE/ACM International Conference on Utility and Cloud Computing Pub Date : 2019-12-02 DOI:10.1145/3344341.3368819

R. Shyamasundar, Swatish Satheesan, Deepali Mittal, Aakash Chaudhary

{"title":"SecHadoop: A Privacy Preserving Hadoop","authors":"R. Shyamasundar, Swatish Satheesan, Deepali Mittal, Aakash Chaudhary","doi":"10.1145/3344341.3368819","DOIUrl":null,"url":null,"abstract":"With the generation of vast amounts of data, there has been a tremendous need for processing the same in an economical way. MapReduce paradigm provides an economical processing of huge datasets in an effective way. Hadoop is a framework for managing huge amounts of data, and facilitates parallel computations on data using commodity hardware, through an integration of MapReduce paradigm with the HDFS file system. Due to intrinsic data divisions during parallel processing, there is a possibility of data leaks. Thus, in the context of Hadoop, if processing has to keep the privacy invariant over the computation, it is necessary to guarantee privacy not only of the MapReduce process but also assure that the HDFS file system does leak any information. The focus of our work is on data security and privacy in such cloud environments. Our main thrust is to preserve data confidentiality and privacy as per specifications notwithstanding data divisions or scheduling for fault tolerance. We realise privacy invariance on Hadoop by monitoring the information flow from subjects to objects created in Hadoop using the readers writers flow model (RWFM). In this paper, we describe the design, implementation and performance of a security enhanced Hadoop, called SecHadoop. We illustrate our approach with various case studies corresponding to infection of map/reduce tasks, failure of nodes etc., and demonstrate how end-to-end security of programs is realised. It is further shown that the overall overhead is less than 5% on single/multi-node setup.","PeriodicalId":261870,"journal":{"name":"Proceedings of the 12th IEEE/ACM International Conference on Utility and Cloud Computing","volume":"6 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-12-02","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 12th IEEE/ACM International Conference on Utility and Cloud Computing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3344341.3368819","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 1

Abstract

With the generation of vast amounts of data, there has been a tremendous need for processing the same in an economical way. MapReduce paradigm provides an economical processing of huge datasets in an effective way. Hadoop is a framework for managing huge amounts of data, and facilitates parallel computations on data using commodity hardware, through an integration of MapReduce paradigm with the HDFS file system. Due to intrinsic data divisions during parallel processing, there is a possibility of data leaks. Thus, in the context of Hadoop, if processing has to keep the privacy invariant over the computation, it is necessary to guarantee privacy not only of the MapReduce process but also assure that the HDFS file system does leak any information. The focus of our work is on data security and privacy in such cloud environments. Our main thrust is to preserve data confidentiality and privacy as per specifications notwithstanding data divisions or scheduling for fault tolerance. We realise privacy invariance on Hadoop by monitoring the information flow from subjects to objects created in Hadoop using the readers writers flow model (RWFM). In this paper, we describe the design, implementation and performance of a security enhanced Hadoop, called SecHadoop. We illustrate our approach with various case studies corresponding to infection of map/reduce tasks, failure of nodes etc., and demonstrate how end-to-end security of programs is realised. It is further shown that the overall overhead is less than 5% on single/multi-node setup.

查看原文本刊更多论文

SecHadoop:一个保护隐私的Hadoop

随着大量数据的产生，以经济的方式处理这些数据的需求非常大。MapReduce范式以一种有效的方式提供了对海量数据集的经济处理。Hadoop是一个用于管理海量数据的框架，通过MapReduce范式与HDFS文件系统的集成，它促进了使用商用硬件对数据进行并行计算。由于并行处理过程中固有的数据分割，存在数据泄露的可能性。因此，在Hadoop环境下，如果处理必须在计算过程中保持隐私不变，那么不仅需要保证MapReduce进程的隐私，还需要确保HDFS文件系统不会泄露任何信息。我们的工作重点是在这样的云环境中的数据安全和隐私。我们的主要目标是按照规范保护数据的机密性和隐私，尽管有数据划分或容错调度。我们使用读写流模型(reader - writer flow model, RWFM)来监控Hadoop中创建的主体到对象的信息流，从而实现Hadoop上的隐私不变性。在本文中，我们描述了一个安全增强的Hadoop，称为SecHadoop的设计，实现和性能。我们通过各种案例研究来说明我们的方法，这些案例研究对应于map/reduce任务的感染，节点故障等，并演示了如何实现程序的端到端安全性。进一步表明，在单/多节点设置中，总体开销小于5%。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the 12th IEEE/ACM International Conference on Utility and Cloud Computing

自引率

0.00%

发文量