Skip to main content
Springer Nature Link
Log in

Towards a More Secure Apache Hadoop HDFS Infrastructure

Anatomy of a Targeted Advanced Persistent Threat against HDFS and Analysis of Trusted Computing Based Countermeasures

  • Conference paper
Network and System Security (NSS 2013)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7873))

Included in the following conference series:

  • 3922 Accesses

Abstract

Apache Hadoop and the Hadoop Distributed File System (HDFS) have become important tools for organizations dealing with “Big Data” storage and analytics. Hadoop has the potential to offer powerful and cost effective solutions to Big Data analytics; however, sensitive data stored within an HDFS infrastructure has equal potential to be an attractive target for exfiltration, corruption, unauthorized access, and modification. As a follow-up to the authors’ previous work in the area of improving security of HDFS via the use of Trusted Computing technology, this paper will describe the threat against Hadoop in a sensitive environment, describe how and why an Advanced Persistent Threat (APT) could target Hadoop, and how standards-based trusted computing could be an effective approach to a layered threat mitigation.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Trusted Computing Group. TCG Specification Architecture Overview V. 1.4. Trusted Computing Group (August 2, 2007), http://www.trustedcomputinggroup.org/files/resource_files/AC652DE1-1D09-3519-ADA026A0C05CFAC2/TCG_1_4_Architecture_Overview.pdf (cited: June 15, 2012)

  2. Cloudera. Cloudera CDH4 Security Guide, https://ccp.cloudera.com/download/attachments/21438266/CDH4_Security_Guide_4.1.pdf?version=3&modificationDate=1349900837000 (cited: November 23, 2012)

  3. O’Malley, O.: Motivations for Hadoop Security (August 2011), http://hortonworks.com/blog/motivations-for-apache-hadoop-security/ (cited: December 04, 2012)

  4. Mandiant corporporation. Mandiant M-Trends (2010), http://www.princeton.edu/~yctwo/files/readings/M-Trends.pdf (cited: November 1, 2012)

  5. Becherer, A.: Hadoop Security Design: Just add Kerberos? Really? iSEC Partners, Inc., s.l. (2010)

    Google Scholar 

  6. Cohen, J.C., Subatra, A.: Incorporating hardware trust mechanisms in Apache Hadoop. IEEE, s.l. (2012), 978-1-4673-4942-0

    Google Scholar 

  7. Linx IMA Wiki. Sourceforge IMA Project (May 18, 2012), http://sourceforge.net/apps/mediawiki/linux-ima/index.php?title=Main_Page (cited: June 15, 2012)

Download references

Author information

Authors and Affiliations

  1. Computer and Information Sciences, Towson University/Hewlett Packard, Towson, MD, USA

    Jason Cohen

  2. Department of Computer and Information Sciences, Towson University, Towson, MD, USA

    Subatra Acharya

Authors
  1. Jason Cohen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Subatra Acharya
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Computer Science Department, ETSI Informatica, University of Malaga, Campus de Teatinos, 29071, Malaga, Spain

    Javier Lopez

  2. School of Mathematics and Computer Science, Fujian Normal University, No. 32 Shangsan Road, 350007, Fuzhou, China

    Xinyi Huang

  3. Institute for Cyber Security,, University of Texas at San Antonio, One UTSA Circle, 78249, San Antonio, TX, USA

    Ravi Sandhu

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Cohen, J., Acharya, S. (2013). Towards a More Secure Apache Hadoop HDFS Infrastructure. In: Lopez, J., Huang, X., Sandhu, R. (eds) Network and System Security. NSS 2013. Lecture Notes in Computer Science, vol 7873. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38631-2_64

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-38631-2_64

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-38630-5

  • Online ISBN: 978-3-642-38631-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics