This paper discusses one of the most significant challenges of next-generation big data (BD) federation platforms, namely, Hadoop access control. Privacy and security on a federation scale remain significant concerns among practitioners in both industry and academia. Hadoop’s current primitive access control presents security concerns and limitations, such as the complexity of deployment and the consumption of resources. However, this major concern has not been a subject of intensive study in the literature. This paper critically reviews and investigates these security limitations and provides a framework called BD federation access broker to address 8 main security limitations. This paper proposes the federated access control reference model (FACRM) to formalize the design of secure BD solutions within the Apache Hadoop stack. Furthermore, this paper discusses the implementation of the access broker and its usefulness for security breach detection and digital forensics investigations. The efficiency of the proposed access broker has not sustainably affected the performance overhead. The experimental results show only 1% of each 100 MB read/write operation in a WebHDFS. Overall, the findings of the paper pave the way for a wide range of revolutionary and state-of-the-art enhancements and future trends within Hadoop stack security and privacy.

本文讨论了下一代大数据（BD）联合平台最重大的挑战之一，即Hadoop访问控制。联盟规模的隐私和安全仍然是工业界和学术界从业者的重大关切。Hadoop当前的原始访问控制带来了安全问题和限制，例如部署的复杂性和资源的消耗。但是，这一主要问题尚未在文献中进行深入研究。本文严格审查和研究了这些安全限制，并提供了一个称为BD联邦访问代理的框架来解决8个主要的安全限制。本文提出了联邦访问控制参考模型（FACRM），以规范Apache Hadoop堆栈中安全BD解决方案的设计。此外，本文讨论了访问代理的实现及其对安全漏洞检测和数字取证调查的有用性。提议的访问代理的效率并未持续影响性能开销。实验结果表明，WebHDFS中每100 MB的读/写操作仅占1％。总体而言，本文的发现为Hadoop堆栈安全性和隐私性方面的一系列革命性和最新增强功能以​​及未来趋势铺平了道路。