Eureka AIR delivers breakthrough ideas for toughest innovation challenges, trusted by R&D personnel around the world.

Big data platform protection device deployed at gateway and protection method thereof

A big data platform and protection device technology, applied in the field of big data security, can solve the problems of poor scalability and single function, and achieve the effects of strong scalability, wide application scenarios, and wide application range

Inactive Publication Date: 2019-01-04
SICHUAN UNIV
View PDF3 Cites 10 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] The purpose of the present invention is: in order to solve the problem that the existing protection device for the big data platform can only protect a specific component, has single function and poor scalability, the present invention provides a big data platform deployed at the gateway The data platform protection device and its protection method can protect the platform externally without changing the original code of the platform components. It has a wide range of application scenarios, and internally uses plug-ins to realize proxy access to specific components. According to different platforms Using different plug-ins, strong scalability

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Big data platform protection device deployed at gateway and protection method thereof
  • Big data platform protection device deployed at gateway and protection method thereof
  • Big data platform protection device deployed at gateway and protection method thereof

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0049] Such as figure 1 As shown, this embodiment provides a big data platform protection device deployed at the gateway, including an authentication module, an authorization module, a security audit module, a service agent module, a data protection module, an authentication module, an account management module, and a metadata storage module. module, security management module and basic service module,

[0050] Authentication module: through the authority control model, the access request is authenticated at the gateway. The authentication module includes an external authentication module and an internal authentication module. The external authentication module is responsible for the identity authentication between the user and the protection device, and the internal authentication module is responsible for the protection device. Identity authentication with the protected big data platform;

[0051] The external authentication module adopts the ApacheShiro authentication fram...

Embodiment 2

[0077] In this embodiment, on the basis of Embodiment 1, taking the protection of the Hadoop platform as an example, it is described in detail, specifically:

[0078] Such as figure 2As shown, the experimental environment contains a total of 3 servers, where the protection device is deployed on server 1, and the big data platform is deployed on server 2 and server 3, where server 2 is the management node of the Hadoop platform, and server 3 is the working node. The server 1 where the protection device is located includes two IP addresses, an external network IP address and an internal network IP address. The external network IP address is visible to the user, and the user accesses the big data security monitoring platform through the external network IP address. The big data security monitoring platform is a platform on which the protection device in Embodiment 1 is deployed, and the intranet IP address is the communication IP between the big data security monitoring platform...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a big data platform protection device arranged at a gateway and a protection method thereof, wherein the device and the method relate to the technical field of big data security. The device comprises an authentication module which performs identity authentication on an access request at the gateway; an authorization module which performs a corresponding authorization operation on an illegal user in the protection device; a service proxy module which forwards the user's access request at the gateway; a data protection module which desensitizes the data returned to the user at the gateway; and a security auditing module which records all user access requests to the protected big data platform. The big data platform protection device and the protection method can protect the big data platform externally on the basis of not changing the original code of the big data platform component, has wide application scene, realizes the proxy access to the particular componentin a mode of arranging an inner plug-in, adopts different plug-ins according to different big data platforms, and has strong expansibility.

Description

technical field [0001] The present invention relates to the technical field of big data security, and more specifically relates to a big data platform protection device deployed at a gateway and a protection method thereof. Background technique [0002] In 2012, the Hadoop platform was exposed to the encryption problem vulnerability CVE-2012-1574 and the information disclosure vulnerability CVE-2012-3376. Attackers can use this vulnerability to impersonate other users of the platform or obtain sensitive information on the platform. In 2013, the Hadoop platform was exposed to have a security bypass vulnerability CVE-2013-2192. By exploiting this vulnerability, attackers can implement man-in-the-middle attacks to gain access to sensitive information. In 2014, security researchers discovered that there is a postlink vulnerability CVE-2014-3627 in Hadoop. Remote attackers can implement symbolic link attacks on tar archives. By exploiting this vulnerability, they can change the ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06H04L29/08H04L12/26
CPCH04L43/50H04L63/0281H04L63/0428H04L63/08H04L63/10H04L63/101H04L67/34H04L63/1425H04L63/168H04L63/0815H04L67/56
Inventor 牛伟纳张小松全威龙
Owner SICHUAN UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com