Towards a more secure Apache Hadoop HDFS infrastructure: Anatomy of a targeted advanced persistent threat against HDFS and analysis of trusted computing based countermeasures

Abstract

Apache Hadoop and the Hadoop Distributed File System (HDFS) have become important tools for organizations dealing with "Big Data" storage and analytics. Hadoop has the potential to offer powerful and cost effective solutions to Big Data analytics; however, sensitive data stored within an HDFS infrastructure has equal potential to be an attractive target for exfiltration, corruption, unauthorized access, and modification. As a follow-up to the authors' previous work in the area of improving security of HDFS via the use of Trusted Computing technology, this paper will describe the threat against Hadoop in a sensitive environment, describe how and why an Advanced Persistent Threat (APT) could target Hadoop, and how standards-based trusted computing could be an effective approach to a layered threat mitigation. © 2013 Springer-Verlag.