Home | About | Sematext search-lucene.com search-hadoop.com
 Search Hadoop and all its subprojects:

Switch to Plain View
HBase, mail # dev - HBase security research


+
erwin x 2012-06-17, 12:29
Copy link to this message
-
Re: HBase security research
Joey Echeverria 2012-06-17, 13:26
Hey Erwinx,

You're research sounds very interesting, and the features you describe
are definitely useful for some use cases. The easiest way to implement
these features would to use co-processors, which let you extend HBase
without the modifying the core. My recommendation would be to build
the features in a standalone project and propose JIRAs for any changes
to the core required to support the project.

This would give more time for the community to evaluate the changes
and isolate the changes to core to smaller JIRAs that are easier to
integrate. Eventually you could propose merging the project into HBase
after there's proven demand in the community.

Either way, please keep the dev list up-to-date on your progress.

Good on you!

-Joey

On Sun, Jun 17, 2012 at 8:29 AM, erwin x <[EMAIL PROTECTED]> wrote:
> Hi all,
>
> I am investigating how HBase can be used to store sensitive/confidential
> information.
> This research is part of my master thesis for computing science at a
> university.
>
> The research involves mostly confidentiality, for example:
>  - Describing the location of the data within the distributed system
>  - Role based access control
>  - Fine grained access control (at column/row level)
>  - Build-in encryption based on the role
>  - The impact on performance and validation of the above security.
>
> My questions are:
>
> 1) are the above features interesting for HBase?
> 2) should I propose my changes and results in the Jira of HBase?
>
> This research assumes that the data is so sensitive that even
> administrators, developers or other malicious accessors may not see
> the data unless they have an authorized role.
>
>  If I observed correctly (correct me if I am wrong), security in HBase
> now focuses primarily on authentication and discretionary access
> control and assumes that no malicious user has access to the
> underlying system, for example HDFS, hard drive or shell access because
> data can still be read in that way. My research focuses on extending
> HBase security with more authorization and confidentiality features.
>
> Thanks in advance!
>
> Kind regards,
> erwinx

--
Joey Echeverria
Principal Solutions Architect
Cloudera, Inc.
+
Jonathan Hsieh 2012-06-17, 15:40
+
Andrew Purtell 2012-06-17, 17:28
+
Andrew Purtell 2012-06-17, 17:30
+
erwin x 2012-06-18, 08:25
+
Enis Söztutar 2012-06-18, 18:04