Abstract
In the current age of big data, the access control mechanism of HBase, a kind of NoSQL big data management system, needs to be improved, because there are some limitations of Role-Based Access Control (RBAC) in HBase. The coarse-grained access permissions produce little effect in many cases, and the elements used for authorization are not comprehensive enough. Attribute-Based Access Control (ABAC) is suitable for the authorization of NoSQL data storages due to its flexibility. However, it has not been investigated in HBase deeply. The objective of this paper is to study the data access control in HBase and to develop an ABAC-based mechanism for the security of HBase data. In light of the wide column feature of HBase, an Attribute-Based Fine-Grained Access Control mechanism (AGAC) is proposed, which covers two aspects, users’ atomic operations and five granularity levels. When a user needs to access data in HBase storage, the AGAC will give the permission or deny by verifying user’s atomic operations and by analyzing user’s attributes according to the access control policies related to the data granularity level. This access control mechanism is verified on publically available email dataset and is proven to be effective to improve the access control capability of HBase.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Apache HBase™ Reference Guide. http://hbase.apache.org/book.html. Accessed 20 Feb 2019
Hu, V.C., Kuhn, D.R., Ferraiolo, D.F.: Attribute-based access control. Computer 48(2), 85–88 (2015)
Colombo, P., Ferrari, E.: Towards a unifying attribute based access control approach for NoSQL datastores. In: Proceedings of the IEEE 33rd International Conference on Data Engineering, pp. 709–720. IEEE Computer Society, San Diego (2017)
Colombo, P., Ferrari, E.: Access control technologies for Big Data management systems: literature review and future trends. Cybersecurity 2(1), 3 (2019)
Colombo, P., Ferrari, E.: Access control in the era of big data: state of the art and research directions. In: Proceedings of the 23rd ACM Symposium on Access Control Models and Technologies, pp. 185–192. ACM, Indianapolis (2018)
Ong, K.W., Papakonstantinou, Y., Vernoux, R.: The SQL++ unifying semi-structured query language, and an expressiveness benchmark of SQL-on-Hadoop, NoSQL and NewSQL databases. Comput. Sci. CoRR, abs/1405.3631 (2014)
Kulkarni, D.: A fine-grained access control model for key-value systems. In: Proceedings of the 3rd ACM Conference on Data and Application Security and Privacy, pp. 161–163. ACM, San Antonio (2013)
Longstaff, J., Noble, J.: Attribute based access control for big data applications by query modification. In: Proceedings of the IEEE Second International Conference on Big Data Computing Service and Applications, pp. 58–65, IEEE, Oxford (2016)
Lai, Y.Y., Qian, Q.: HBase fine grained access control with extended permissions and inheritable roles. In: Proceedings of the 2015 IEEE/ACIS 16th International Conference on Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing, pp. 181–185, IEEE, Takamatsu (2015)
Colombo, P., Ferrari, E.: Towards virtual private NoSQL datastores. In: Proceedings of the 32nd IEEE International Conference on Data Engineering, pp. 193–204, IEEE, Helsinki (2016)
Colombo, P., Ferrari, E.: Enhancing MongoDB with purpose based access control. IEEE Trans. Dependable Secure Comput. 14(6), 591–604 (2017)
Colombo, P., Ferrari, E.: Fine-grained access control within NoSQL document-oriented datastores. Data Sci. Eng. 1(3), 127–138 (2016)
Huang, L.Q., Zhu, Y., Tao, X.: Research on fine-grained access control method based on HBase. Appl. Res. Comput. (2019). https://doi.org/10.19734/j.issn.1001-3695.2018.08.0648. (In Chinese)
Flexible XML framework for Java. https://dom4j.github.io/. Accessed 20 Feb 2019
Klimt, B., Yang, Y.: The enron corpus: a new dataset for email classification research. In: Boulicaut, J.-F., Esposito, F., Giannotti, F., Pedreschi, D. (eds.) ECML 2004. LNCS (LNAI), vol. 3201, pp. 217–226. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-30115-8_22
DB-Engines Ranking. https://db-engines.com/en/ranking. Accessed 20 Feb 2019
Acknowledgement
This work is supported by the Sichuan Science and Technology Program (No 2019YFSY0032).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Huang, L., Zhu, Y., Wang, X., Khurshid, F. (2019). An Attribute-Based Fine-Grained Access Control Mechanism for HBase. In: Hartmann, S., Küng, J., Chakravarthy, S., Anderst-Kotsis, G., Tjoa, A., Khalil, I. (eds) Database and Expert Systems Applications. DEXA 2019. Lecture Notes in Computer Science(), vol 11706. Springer, Cham. https://doi.org/10.1007/978-3-030-27615-7_4
Download citation
DOI: https://doi.org/10.1007/978-3-030-27615-7_4
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-27614-0
Online ISBN: 978-3-030-27615-7
eBook Packages: Computer ScienceComputer Science (R0)