【摘要】：隨著通信技術(shù)與軟硬件技術(shù)的飛速發(fā)展以及日益提升的大數(shù)據(jù)存儲(chǔ)和處理需求，云計(jì)算技術(shù)正在逐步地發(fā)展和壯大，并且有望成為一種具有廣泛替代性的服務(wù)模式。國際權(quán)威機(jī)構(gòu)IDC（Internet Data Center）經(jīng)調(diào)查預(yù)測(cè)，“云計(jì)算”將在未來15-20年內(nèi)成為影響整個(gè)IT行業(yè)的關(guān)鍵技術(shù)。Hadoop云平臺(tái)是當(dāng)下最流行的云平臺(tái)之一，它主要采用分布式集群的模式，將大量存儲(chǔ)、計(jì)算資源整合到一起對(duì)外提供服務(wù)，具有分布式平臺(tái)常有的動(dòng)態(tài)性、開放性及資源共享等特性。本文詳細(xì)地分析了Hadoop平臺(tái)現(xiàn)有的訪問控制模型，針對(duì)現(xiàn)有模型中的缺點(diǎn)研究并實(shí)現(xiàn)了一種Hadoop云平臺(tái)的用戶可信訪問控制模型。論文中主要的研究?jī)?nèi)容可歸納如下： 1.本論文詳細(xì)地分析了Hadoop云平臺(tái)現(xiàn)有的訪問控制模型：該模型中采用Kerberos安全認(rèn)證協(xié)議完成對(duì)用戶的身份驗(yàn)證，結(jié)合平臺(tái)內(nèi)部基于ACL的訪問授權(quán)機(jī)制，通過與Delegation Token、BlockAccess Token等令牌的配合使用，實(shí)現(xiàn)了對(duì)集群中用戶的訪問控制過程�？梢钥闯鲈撃Ｐ途哂忻黠@的缺點(diǎn)：它以這種“關(guān)卡式”的模式執(zhí)行，，僅僅在授權(quán)的時(shí)候考慮了用戶身份的真實(shí)性，沒有考慮用戶后期行為的可信性，而且權(quán)限一經(jīng)授予就不再監(jiān)管，這一缺陷可能導(dǎo)致用戶在后期對(duì)集群資源的訪問過程中即使執(zhí)行非法的行為操作也不會(huì)被集群發(fā)現(xiàn)。 2.本論文提出一種適用于Hadoop云平臺(tái)的基于行為監(jiān)控的用戶信任度評(píng)估模型——HBTEM。在該模型中，首先是設(shè)計(jì)了一種部署在Hadoop集群內(nèi)部的軟件傳感器，用于實(shí)時(shí)地監(jiān)控和收集用戶在集群中的操作行為數(shù)據(jù)，并將監(jiān)控到的數(shù)據(jù)寫入用戶行為數(shù)據(jù)庫；然后再結(jié)合行為數(shù)據(jù)庫中記錄的用戶操作行為數(shù)據(jù)集，提出了一種用戶信任度量化評(píng)估的計(jì)算方法，用于實(shí)現(xiàn)根據(jù)用戶在集群中的實(shí)際操作行為實(shí)時(shí)地對(duì)其信任度進(jìn)行量化評(píng)定；最后，將信任度評(píng)定結(jié)果寫入到用戶信任值數(shù)據(jù)庫中便于后期使用。實(shí)現(xiàn)了Hadoop云平臺(tái)中的一種用戶信任度實(shí)時(shí)、動(dòng)態(tài)地進(jìn)行更新的用戶可信監(jiān)控模式。 3.本論文提出了一種適用于Hadoop云平臺(tái)的基于信任的訪問控制新模型——LT。LT模型基于Hadoop云平臺(tái)現(xiàn)有的訪問控制模型，使用2.中所得到的通過監(jiān)控每個(gè)用戶在集群中的行為記錄實(shí)時(shí)地進(jìn)行更新的用戶信任值來動(dòng)態(tài)地控制用戶對(duì)平臺(tái)的訪問。與Hadoop平臺(tái)現(xiàn)有的訪問控制模型相比，該模型所實(shí)現(xiàn)的訪問權(quán)限授予過程不再是一個(gè)“關(guān)卡式”的控制模式，而是一個(gè)實(shí)時(shí)動(dòng)態(tài)的控制模式，其中對(duì)用戶的權(quán)限授予控制粒度更加細(xì)化，能夠促使Hadoop云平臺(tái)在其訪問控制機(jī)制方面變得更加安全、更加靈活。 4.本論文通過一個(gè)仿真實(shí)驗(yàn)來模擬60個(gè)Hadoop集群用戶各自不同的10000條集群操作行為數(shù)據(jù)，其中各用戶的行為隨機(jī)地分布于普通行為、風(fēng)險(xiǎn)行為和危險(xiǎn)行為三個(gè)類別。并且用戶的初始信任值被設(shè)置為一個(gè)0.50-0.95之間保留到小數(shù)點(diǎn)后面兩位的隨機(jī)數(shù)，再依次設(shè)定α，β和γ三個(gè)權(quán)重并使用HBTEM模型中所提出的用戶信任度量化評(píng)估計(jì)算方法算得用戶信任。實(shí)驗(yàn)結(jié)果證明，該模型能夠較好地將用戶在集群中的行為反映到其信任值上面，實(shí)現(xiàn)了一種具有較高敏感度的用戶信任度動(dòng)態(tài)評(píng)估方法。 5.本論文通過改進(jìn)當(dāng)下穩(wěn)定版本的Apache Hadoop1.0.4的源代碼的實(shí)驗(yàn)操作實(shí)現(xiàn)了一種簡(jiǎn)化的LT模型。在該簡(jiǎn)化的LT模型中實(shí)現(xiàn)了在HBTEM中所定義的用戶行為收集及信任度量化計(jì)算過程，通過將計(jì)算所得到的信任值與本實(shí)驗(yàn)中為Hadoop集群中服務(wù)的操作所設(shè)定的信任值閾值作比較來確實(shí)是否為用戶提供服務(wù)，實(shí)現(xiàn)一個(gè)能夠根據(jù)用戶的實(shí)時(shí)信任值來動(dòng)態(tài)地控制用戶對(duì)集群資源進(jìn)行使用的訪問控制過程。并且文中設(shè)置了豐富的對(duì)比實(shí)驗(yàn)情景，充分地證明了本文提出的LT模型在Hadoop云平臺(tái)的運(yùn)行效率方面帶來的開銷控制在可容忍范圍內(nèi)，良好地克服了Hadoop云平臺(tái)中現(xiàn)行的訪問控制機(jī)制其安全性不足的缺點(diǎn)。
[Abstract]:With the rapid development of communication technology, software and hardware technology and the increasing demand for large data storage and processing, cloud computing technology is gradually developing and growing, and is expected to become a widely alternative service model. Hadoop cloud platform is one of the most popular cloud platforms nowadays. It integrates a large amount of storage and computing resources to provide services together. It has the characteristics of dynamic, open and resource sharing which are common in distributed platforms. This paper analyzes in detail. Based on the existing access control model of Hadoop platform, a user's trusted access control model of Hadoop cloud platform is studied and implemented to overcome the shortcomings of the existing model.
1. This paper analyzes the existing access control model of Hadoop cloud platform in detail. In this model, Kerberos security authentication protocol is used to authenticate the users. Combined with the access authorization mechanism based on ACL in the platform, the access to the users in the cluster is realized by cooperating with Delegation Token, BlockAccess Token and other tokens. It can be seen that the model has obvious shortcomings: it only considers the authenticity of the user's identity when authorizing, does not consider the authenticity of the user's later behavior, and once the privilege is granted, it will no longer be monitored. This shortcoming may lead to the user's late implementation of cluster resources. In the process of accessing, even illegal operation is not detected by cluster.
2. This paper presents a behavior-based user trust evaluation model for Hadoop cloud platform-HBTEM. In this model, firstly, a software sensor deployed in Hadoop cluster is designed to monitor and collect user behavior data in real-time and write the monitored data into the cluster. Secondly, combined with the user operation behavior data set recorded in the behavior database, a calculation method of user trust measurement evaluation is proposed, which is used to realize real-time quantitative evaluation of user trust according to the actual operation behavior in the cluster. Finally, the trust evaluation results are written to the user. The trust value database is convenient for later use. A real-time and dynamically updated user trust monitoring mode for Hadoop cloud platform is implemented.
3. This paper presents a new trust-based access control model for Hadoop Cloud Platform-LT model, which is based on the existing access control model of Hadoop Cloud Platform. Compared with the existing access control model of Hadoop platform, the access privilege granting process implemented by this model is no longer a "checkpoint" control mode, but a real-time dynamic control mode, in which the control granularity of user privilege granting is more refined, which can promote the Hadoop cloud platform in its access control mechanism. It becomes safer and more flexible.
4. A simulation experiment is conducted to simulate 10 000 different cluster operation behavior data of 60 Hadoop cluster users. The behavior of each user is randomly distributed in three categories: normal behavior, risk behavior and dangerous behavior. The two-digit random number is used to set the weights of alpha, beta and gamma in turn, and the user trust is computed by using the metric evaluation method of user trust proposed in the HBTEM model. The experimental results show that the model can better reflect the user's behavior in the cluster to its trust value, thus realizing a highly sensitive user trust. Dynamic evaluation method.
5. This paper implements a simplified LT model by improving the current stable version of Apache Hadoop 1.0.4 source code. In this simplified LT model, the process of collecting user behavior and calculating trust metrics defined in HBTEM is implemented, and the trust values calculated are compared with those in this experiment. The trust threshold set by the operation of the service is compared to ensure that the service is provided to the user, and an access control process that can dynamically control the user's use of the cluster resources according to the real-time trust value of the user is implemented. The overhead control brought by the Hadoop cloud platform is tolerable, which overcomes the shortcomings of the existing access control mechanism in the Hadoop cloud platform.
【學(xué)位授予單位】：四川師范大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2014
【分類號(hào)】：TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前10條

1 鄭虹,徐毓,李芳;柵格劃分下的傳感器部署[J];傳感器技術(shù);2005年03期

2 李小勇;桂小林;毛倩;冷東起;;基于行為監(jiān)控的自適應(yīng)動(dòng)態(tài)信任度測(cè)模型[J];計(jì)算機(jī)學(xué)報(bào);2009年04期

3 陳全;鄧倩妮;;云計(jì)算及其關(guān)鍵技術(shù)[J];計(jì)算機(jī)應(yīng)用;2009年09期

4 江曉慶;楊磊;何斌斌;;未來新型計(jì)算模式—云計(jì)算[J];計(jì)算機(jī)與數(shù)字工程;2009年10期

5 張建勛;古志民;鄭超;;云計(jì)算研究進(jìn)展綜述[J];計(jì)算機(jī)應(yīng)用研究;2010年02期

6 倪文婷;郎波;;網(wǎng)格計(jì)算中一種基于屬性的訪問控制方法[J];計(jì)算機(jī)應(yīng)用研究;2010年02期

7 劉莎;譚良;;Hadoop云平臺(tái)中基于信任的訪問控制模型[J];計(jì)算機(jī)科學(xué);2014年05期

8 封富君;李俊山;;新型網(wǎng)絡(luò)環(huán)境下的訪問控制技術(shù)[J];軟件學(xué)報(bào);2007年04期

9 陳康;鄭緯民;;云計(jì)算:系統(tǒng)實(shí)例與研究現(xiàn)狀[J];軟件學(xué)報(bào);2009年05期

10 馮登國;張敏;張妍;徐震;;云計(jì)算安全研究[J];軟件學(xué)報(bào);2011年01期

本文編號(hào)：2233533