Abordagem confiança zero aplicada a ambientes computacionais big data: um estudo de caso

Júnia Maísa Oliveira; Vinícius Rodrigues Oliveira; Daniel Fernandes Macedo; Dorgival Guedes; José Marcos Nogueira

doi:10.5753/wgrs.2022.223549

Júnia Maísa Oliveira UFMG
Vinícius Rodrigues Oliveira UFMG
Daniel Fernandes Macedo UFMG
Dorgival Guedes UFMG
José Marcos Nogueira UFMG

DOI: https://doi.org/10.5753/wgrs.2022.223549

Abstract

The subject of this article is the study and application of the principles of the zero trust approach to cybersecurity in a big data environment. From the definition of a big data computing environment based on a real production environment, a zero trust security architecture is defined and instantiated for the environment in question. For the instantiation of the architecture, several software tools are used, several of them already available in the environment of reference. The proposed solutions are illustrated by use cases, approaching in some cases authentication and authorization. The conclusion is that this task is complex, but feasible, and that it can be implemented with good use of the usual tools of big data environments.

References

Apache Hadoop (2006-2021). The Apache™ Hadoop® project develops open-source software. Disponível em: https://hadoop.apache.org. (Acesso: 23.02.2022).

Balaji Ganesan and Alok Lal (2015). Dynamic Policy Hooks in Ranger Configure and Use. Disponível em: [link]. (Acesso: 20.02.2022).

Bethlehem, D. (2020). The key components and functions in a zero trust architecture. [link]. (Acesso: 19.04.2022).

Connect, O. (2017). Openid connect 1.0. Disponível em: https://openid.net/connect/. (Acesso: 20.02.2022).

FreeIPA (2021). What is freeipa? Disponível em: https://www.freeipa.org/page/AboutWhat is FreeIPA.3F. (Acesso: 21.02.2022).

Haber, M. J. (2020). Zero trust. In Privileged Attack Vectors, pages 295-304. Springer.

Hanna, K. T. (2021). Xacml (extensible access control markup language). Disponível em: https://www.techtarget.com/searchcio/definition/XACML. (Acesso: 15.02.2022).

Karunarathna, I. and Karunaratne, I. (2017). O que é o wso2 identity server? https://wso2.com/library/articles/2017/08/o-que-e-o-wso2-identity-server. (Acesso: 19.02.2022).

Linksys (2022). Ativando o recurso de dmz em sua conta na nuvem da linksys. https://www.linksys.com/br/support-article?articleNum=142514. (Acesso: 19.04.2022).

Ranger, A. (2021). Ranger. Disponível em: https:https://ranger.apache.org/. (Acesso: 20.02.2022).

RedHat. Checking integrity with aide. Disponível em: [link]. (Acesso: 20.02.2022).

S. Rose et al. (2020). MDraft (2nd ) NIST Special Publication 800-207 Zero Trust Architecture. https://doi.org/10.6028/NIST.SP.800-207-draft2.

SCAP, O. (2022). Scan your system. https://www.open-scap.org. ( acesso: 19.04.2022).

Tao, Yang and Lei, Zhu and Ruxiang, Peng (2018). Fine-grained big data security method based on zero trust model. In 2018 IEEE 24th International Conference on Parallel and Distributed Systems (ICPADS), pages 1040-1045.

Teerakanok, S., Uehara, T., and Inomata, A. (2021). Migrating to zero trust architecture: Reviews and challenges. Security and Communication Networks, 1.

VMWare (2021). What is micro-segmentation? Disponível em: https://www.vmware.com/br/topics/glossary/content/microsegmentation.html/. (Acesso: 15.02.2022).

Wirkuttis, N. and Klein, H. (2017). Artificial intelligence in cybersecurity. Cyber, Intelligence, and Security, 1(1):103-119.

Yao, Q., Wang, Q., Zhang, X., and Fei, J. (2020). Dynamic access control and authorization system based on zero-trust architecture. In 2020 International Conference on Control, Robotics and Intelligent System, pages 123-127.