Please use this identifier to cite or link to this item: http://hdl.handle.net/11455/6054
標題: 以Hadoop分散式檔案儲存及安全管理為基礎之研究並實現於NAS
An Implementation of A Secure Authentication Scheme on NAS using HDFS
作者: 邱傑義
Chiu, Chieh-Yi
關鍵字: cloud computing;雲端運算;Clustering Algorithm via Waiting Timer;Hadoop;Hadoop Distribution File System;security;Kerberos;雲端安全機制;動態自我組態;適應性調節;分散式拓樸控制;時序投票機制;Kerberos;Hadoop
出版社: 電機工程學系所
引用: [1] Apache Hadoop Project, Available :http://hadoop.apache.org/ [2] Sanjay Ghemawat, Howard Gobioff, and Shun-Tak Leung, ”The Google File System,” SOSP'03, October 19-22, 2003, Bolton Landing, New York, USA.Copyright 2003 ACM 1-58113-757-5/03/0010 [3] J. Dean, S. Ghemawat, “MapReduce: simplified data processing on large clusters,” Proceedings of the 6th conference on Operating Systems Design & Implementation, San Francisco, CA, December 2004, pp. 10-10. [4] F. Chang, J. Dean, S. Ghemawat, W. C. Hsieh, D. A. Wallach, M. Burrows, T. Chandra, A. Fikes, and R. E. Gruer, “Bigtable: A Distributed Storage System for Structured Data,” ACM Transactions on Computer Systems, vol. 26, no. 2,pp. 1-26, Jun. 2008. [5] E. Jaliya, P. Shrideep, and F. Geoffrey, ”MapReduce for Data Intensive Scientific Analyses,” Proceedings of the IEEE Fourth International Conference on eScience, pp. 277-284, December 2008. [6] Tom White, 2009, Hadoop The Definitive Guide , p.4, OReilly. [7] Aaron Kimball, 2009, The Project Split, projsplit2.pdf, Cloudera. [8] Yao-Tsung Wang, 2009, The Trend of Cloud Computing , CloudIntro.pdf, NCHC Cloud Computing Research Group. [9] Welcome to Hadoop Common!, 2010, Welcome to Hadoop Common!, The Apache Software Foundation, Available at : http://hadoop/apache.org/common/. [10] C. Ranger, R. Raghuraman, A. Penmetsa, G. R. Bradski, and C. Kozyrakis, “Evaluating MapReduce for Multi-core and Multi-processor Systems,” Proceedings of the IEEE 13th International Symposium on High Performance Computer Architecture (HPCA), Phoenix, Arizona, Feb. 2007, pp. 13-24. [11] MapReduce Tutorial, 2010, MapReduce Tutorial, The Apache Software Foundation, Available at: http://hadoop.apache.org/mapreduce/docs/r0.21.0/mapred_tutorial.html. [12] Owen O'Malley, Kan Zhang, Sanjay Radia, Ram Marti, and Christopher Harrell, 2009, Hadoop Security Design, security-design.pdf, Yahoo! [13] Chun-Hung Lin, Sheng-Lun Cheng , “Design and implementation of a Hadoop-based secure cloud computing architecture,” Department of Information Management , National Sun Yat-sen University, Tainan, Taiwan. Copyright 2011. [14] POSIX, Portable Operation System Interface for Unix, IEEE Standards Association, Available at : http://standards.ieee.org/develop/wg/POSIX.html. [15] Dai Yuefa, Wu Bo, Gu Yaqiang, Zhang Quan, Tang Chaojing, “Data Security Model for Cloud Computing,” Proceedings of the 2009 International Workshop on Information Security and Application (IWISA 2009), ISBN 978-952-5726-06-0 [16] Kavin Hamlen, Murat Kantarcioglu, Latifur Khan, Bhavani Thuraisingham, “Security Issues for Cloud Computing,” International Journal of Information Security and Privacy, 4(2), 39-51, April-June 2010. [17] Aaron Kimball, 2008, Securing a Hadoop Cluster Through a Gateway, Cloudera, Available at: http://www.cloudera.com/blog/2008/12/securing-a-hadoop-cluser-through-a-gateway/. [18] The Apache Software Foundation, 2009, HDFS Proxy Guide, hdfsproxy.pdf, The Apache Software Foundation. [19] Behrouz A. Forouzan, Introduction to Cryptography and Network Security 4/e, chap18. [20] Garhan Attebury, Andrew Baranovski, Ken Bloom, Brian Bockelman, Dorian Kcira, James Letts, Tanya Levshina, Carl Lundestedt, Terrence Martin, Will Maier, Haifeng Pi, Abhishek Rana, Igor Sfiligoi, Alexander Sim, Michael Thomas, Frank Wuerthwein, “Hadoop Distributed File System for the Grid,” 2009 IEEE Nuclear Science Symposium Conference Record. [21] File System in Userspace. Available: http://fuse.sourceforge.net. [22] C.-Y. Wen and W.A. Sethares, “Automatic decentralized clustering for wireless sensor networks ”.
摘要: 
隨著雲端運算的發展,使用者可以不受時間與空間的限制,隨時隨地享用雲端運算的各項服務,例如Gmail、PPStream、Facebook、Office Live、Adobe Connect、Amazon Web Server...等,當此類雲端運算服務,進入使用者的生活層面的同時,確保個人資料隱私與安全的管理機制,更加顯得重要,而此一管理機制也勢必相對加入更多安全管理技術。

現有的各種安全管理技術,例如Kerberos、SSL/TTL、VPN、資料加密...等,需要藉助雲端服務的安全機制基礎建設,以提供使用者隱私與資料安全的功能,但同時增加安全機制主機的重要性與風險,當安全機制主機發生功能異常、失聯、或甚至功能失效當機時,導致系統失效或可用性下降,使用者將無法使用及存取各項雲端運算服務;因此集中式安全管理機制,將形成雲端運算的明顯『弱環』。

透過探討各種安全管理機制理論與研究,並在NAS系統上完成Hadoop雲端平台的建置,同時加入Kerberos安全認證機制,傳輸過程以VPN形式完成。並研究及探討當有效管理個體失效或失能時,系統自動進入時序投票機制(Clustering Algorithm via Waiting Timer, CAWT),重新建立雲端平台伺服器機制研究。

在NAS雲端平台上,配合Hadoop系統建立動態具強健性容錯能力安全主機管理機制,使其同時具備集中式管理的效率性與分散式管理的調節及適應性,以降低單一主機的風險,確保雲端基礎建設的穩定運作與提高其整體服務的可用性及可靠度。

NAS (Network Attached Storage) plays an important role in cloud computing that can be a bridge cache for the local cloud storage and the remote public cloud for mass data storage. Because of the network bandwidth limitation, instant of keeping all the information on the remote storage, NAS can store a copy of information on local site efficiently. The use of NAS provides another option that can also be considered as a secure private cloud for those companies that don't need to build a large data center or they don't like to put their data on the public cloud. The main target for this project is to implement a security mechanism for the HDFS (Hadoop Distribution File System) on NAS.

We implement HDFS onto NAS and use Kerberos as the authentication system to strengthen the security level. The Apache Hadoop project develops open-source software for our initial need. We also adopted an open source software on the NAS servers which were provided by the Promise Technology Crop. Centralized control security server may be damage therefore a backup server selection mechanism is necessary. A dynamic cluster head selection algorithm were deveopmented for this purpose.
URI: http://hdl.handle.net/11455/6054
其他識別: U0005-0108201111214800
Appears in Collections:電機工程學系所

Show full item record
 

Google ScholarTM

Check


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.