Visible to the public Biblio

Filters: Author is Mladen A. Vouk  [Clear All Filters]
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 
Y
Yu Xianqing, Peng Ning, Mladen A. Vouk.  2015.  Enhancing security of Hadoop in a public cloud. 6th International Conference Information and Communication Systems (ICICS). :pp.38–43.

Hadoop has become increasingly popular as it rapidly processes data in parallel. Cloud computing gives reli- ability, flexibility, scalability, elasticity and cost saving to cloud users. Deploying Hadoop in cloud can benefit Hadoop users. Our evaluation exhibits that various internal cloud attacks can bypass current Hadoop security mechanisms, and compromised Hadoop components can be used to threaten overall Hadoop. It is urgent to improve compromise resilience, Hadoop can maintain a relative high security level when parts of Hadoop are compromised. Hadoop has two vulnerabilities that can dramatically impact its resilience. The vulnerabilities are the overloaded authentication key, and the lack of fine-grained access control at the data access level. We developed a security enhancement for a public cloud-based Hadoop, named SEHadoop, to improve the compromise resilience through enhancing isolation among Hadoop components and enforcing least access privilege for Hadoop processes. We have implemented the SEHadoop model, and demonstrated that SEHadoop fixes the above vulnerabilities with minimal or no run-time overhead, and effectively resists related attacks.

X
Xianqing Yu, Peng Ning, Mladen A. Vouk.  2014.  Securing Hadoop in cloud. HotSoS 2014 Symposium and Bootcamp on the Science of Security. :ArticleNo.26.

Hadoop is a map-reduce implementation that rapidly processes data in parallel. Cloud provides reliability, flexibility, scalability, elasticity and cost saving to customers. Moving Hadoop into Cloud can be beneficial to Hadoop users. However, Hadoop has two vulnerabilities that can dramatically impact its security in a Cloud. The vulnerabilities are its overloaded authentication key, and the lack of fine-grained access control at the data access level. We propose and develop a security enhancement for Cloud-based Hadoop.

R
Roopak Venkatakrishnan, Mladen A. Vouk.  2014.  Diversity-based Detection of Security Anomalies. Diversity-based Detection of Security Anomalies. :pp160-161.

Detecting and preventing attacks before they compromise a system can be done using acceptance testing, redundancy based mechanisms, and using external consistency checking such external monitoring and watchdog processes. Diversity-based adjudication, is a step towards an oracle that uses knowable behavior of a healthy system. That approach, under best circumstances, is able to detect even zero-day attacks. In this approach we use functionally equivalent but in some way diverse components and we compare their output vectors and reactions for a given input vector. This paper discusses practical relevance of this approach in the context