Robust Insider Attacks Countermeasure for Hadoop: Design and Implementation

Zuochao Dou, Issa Khalil, Abdallah Khreishah, Ala Al-Fuqaha

Research output: Contribution to journalArticle

6 Citations (Scopus)

Abstract

Hadoop is an open source software framework for storage and processing of large-scale datasets. The proliferation of cloud services and its corresponding increasing number of users lead to a larger attack surface, especially for internal threats. Therefore, in corporate data centers, it is essential to ensure the security, authenticity, and integrity of all the entities of Hadoop. The current secure implementations of Hadoop mainly utilize Kerberos, which is known to suffer from many security and performance issues, including the concentration of authentication credentials, single point of failure, and online availability. Most importantly, these Kerberos-based implementations do not guard against insider threats. In this paper, we propose an authentication framework for Hadoop that utilizes trusted platform module technology. The proposed approach provides significant security guarantees against insider threats, which manipulate the execution environment without the consent of legitimate clients. We have conducted extensive experiments to validate the performance and the security properties of our approach. The results demonstrate that the proposed approach alleviates many of the shortcomings of Kerberos-based state-of-the-art protocols and provides unique security guarantees with acceptable overhead. Moreover, we have formally proved the correctness and the security guarantees of our protocol via Burrows–Abadi–Needham logic.

Original languageEnglish
JournalIEEE Systems Journal
DOIs
Publication statusAccepted/In press - 13 Mar 2017

Fingerprint

Authentication
Network protocols
Availability
Processing
Experiments
Open source software
Hardware security

ASJC Scopus subject areas

  • Control and Systems Engineering
  • Electrical and Electronic Engineering

Cite this

Robust Insider Attacks Countermeasure for Hadoop : Design and Implementation. / Dou, Zuochao; Khalil, Issa; Khreishah, Abdallah; Al-Fuqaha, Ala.

In: IEEE Systems Journal, 13.03.2017.

Research output: Contribution to journalArticle

@article{f0764e81bb114aceb7237695eafe38af,
title = "Robust Insider Attacks Countermeasure for Hadoop: Design and Implementation",
abstract = "Hadoop is an open source software framework for storage and processing of large-scale datasets. The proliferation of cloud services and its corresponding increasing number of users lead to a larger attack surface, especially for internal threats. Therefore, in corporate data centers, it is essential to ensure the security, authenticity, and integrity of all the entities of Hadoop. The current secure implementations of Hadoop mainly utilize Kerberos, which is known to suffer from many security and performance issues, including the concentration of authentication credentials, single point of failure, and online availability. Most importantly, these Kerberos-based implementations do not guard against insider threats. In this paper, we propose an authentication framework for Hadoop that utilizes trusted platform module technology. The proposed approach provides significant security guarantees against insider threats, which manipulate the execution environment without the consent of legitimate clients. We have conducted extensive experiments to validate the performance and the security properties of our approach. The results demonstrate that the proposed approach alleviates many of the shortcomings of Kerberos-based state-of-the-art protocols and provides unique security guarantees with acceptable overhead. Moreover, we have formally proved the correctness and the security guarantees of our protocol via Burrows–Abadi–Needham logic.",
author = "Zuochao Dou and Issa Khalil and Abdallah Khreishah and Ala Al-Fuqaha",
year = "2017",
month = "3",
day = "13",
doi = "10.1109/JSYST.2017.2669908",
language = "English",
journal = "IEEE Systems Journal",
issn = "1932-8184",
publisher = "Institute of Electrical and Electronics Engineers Inc.",

}

TY - JOUR

T1 - Robust Insider Attacks Countermeasure for Hadoop

T2 - Design and Implementation

AU - Dou, Zuochao

AU - Khalil, Issa

AU - Khreishah, Abdallah

AU - Al-Fuqaha, Ala

PY - 2017/3/13

Y1 - 2017/3/13

N2 - Hadoop is an open source software framework for storage and processing of large-scale datasets. The proliferation of cloud services and its corresponding increasing number of users lead to a larger attack surface, especially for internal threats. Therefore, in corporate data centers, it is essential to ensure the security, authenticity, and integrity of all the entities of Hadoop. The current secure implementations of Hadoop mainly utilize Kerberos, which is known to suffer from many security and performance issues, including the concentration of authentication credentials, single point of failure, and online availability. Most importantly, these Kerberos-based implementations do not guard against insider threats. In this paper, we propose an authentication framework for Hadoop that utilizes trusted platform module technology. The proposed approach provides significant security guarantees against insider threats, which manipulate the execution environment without the consent of legitimate clients. We have conducted extensive experiments to validate the performance and the security properties of our approach. The results demonstrate that the proposed approach alleviates many of the shortcomings of Kerberos-based state-of-the-art protocols and provides unique security guarantees with acceptable overhead. Moreover, we have formally proved the correctness and the security guarantees of our protocol via Burrows–Abadi–Needham logic.

AB - Hadoop is an open source software framework for storage and processing of large-scale datasets. The proliferation of cloud services and its corresponding increasing number of users lead to a larger attack surface, especially for internal threats. Therefore, in corporate data centers, it is essential to ensure the security, authenticity, and integrity of all the entities of Hadoop. The current secure implementations of Hadoop mainly utilize Kerberos, which is known to suffer from many security and performance issues, including the concentration of authentication credentials, single point of failure, and online availability. Most importantly, these Kerberos-based implementations do not guard against insider threats. In this paper, we propose an authentication framework for Hadoop that utilizes trusted platform module technology. The proposed approach provides significant security guarantees against insider threats, which manipulate the execution environment without the consent of legitimate clients. We have conducted extensive experiments to validate the performance and the security properties of our approach. The results demonstrate that the proposed approach alleviates many of the shortcomings of Kerberos-based state-of-the-art protocols and provides unique security guarantees with acceptable overhead. Moreover, we have formally proved the correctness and the security guarantees of our protocol via Burrows–Abadi–Needham logic.

UR - http://www.scopus.com/inward/record.url?scp=85015673218&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85015673218&partnerID=8YFLogxK

U2 - 10.1109/JSYST.2017.2669908

DO - 10.1109/JSYST.2017.2669908

M3 - Article

AN - SCOPUS:85015673218

JO - IEEE Systems Journal

JF - IEEE Systems Journal

SN - 1932-8184

ER -