Abordagem confiança zero aplicada a ambientes computacionais big data: um estudo de caso
Resumo
O tema deste artigo é o estudo e a aplicação dos princípios da abordagem de confiança zero (zero trust) para segurança cibernética a um ambiente de big data. A partir da definição de um ambiente computacional big data baseado em um ambiente real de produção, definimos uma arquitetura de segurança baseada na confiança zero e a instanciamos para o ambiente em questão, abordando alguns casos de autenticação e autorização. Para a instanciação da arquitetura, várias ferramentas de software são utilizadas, diversas delas já disponíveis no ambiente real. As soluções propostas são ilustradas por casos de uso. A conclusão é que essa a tarefa é complexa, porém factível, e que pode ser implementada com as ferramentas usuais de ambientes big data.
Referências
Apache Hadoop (2006-2021). The Apache™ Hadoop® project develops open-source software. Disponível em: https://hadoop.apache.org. (Acesso: 23.02.2022).
Balaji Ganesan and Alok Lal (2015). Dynamic Policy Hooks in Ranger Configure and Use. Disponível em: [link]. (Acesso: 20.02.2022).
Bethlehem, D. (2020). The key components and functions in a zero trust architecture. [link]. (Acesso: 19.04.2022).
Connect, O. (2017). Openid connect 1.0. Disponível em: https://openid.net/connect/. (Acesso: 20.02.2022).
FreeIPA (2021). What is freeipa? Disponível em: https://www.freeipa.org/page/AboutWhat is FreeIPA.3F. (Acesso: 21.02.2022).
Haber, M. J. (2020). Zero trust. In Privileged Attack Vectors, pages 295-304. Springer.
Hanna, K. T. (2021). Xacml (extensible access control markup language). Disponível em: https://www.techtarget.com/searchcio/definition/XACML. (Acesso: 15.02.2022).
Karunarathna, I. and Karunaratne, I. (2017). O que é o wso2 identity server? https://wso2.com/library/articles/2017/08/o-que-e-o-wso2-identity-server. (Acesso: 19.02.2022).
Linksys (2022). Ativando o recurso de dmz em sua conta na nuvem da linksys. https://www.linksys.com/br/support-article?articleNum=142514. (Acesso: 19.04.2022).
Ranger, A. (2021). Ranger. Disponível em: https:https://ranger.apache.org/. (Acesso: 20.02.2022).
RedHat. Checking integrity with aide. Disponível em: [link]. (Acesso: 20.02.2022).
S. Rose et al. (2020). MDraft (2nd ) NIST Special Publication 800-207 Zero Trust Architecture. https://doi.org/10.6028/NIST.SP.800-207-draft2.
SCAP, O. (2022). Scan your system. https://www.open-scap.org. ( acesso: 19.04.2022).
Tao, Yang and Lei, Zhu and Ruxiang, Peng (2018). Fine-grained big data security method based on zero trust model. In 2018 IEEE 24th International Conference on Parallel and Distributed Systems (ICPADS), pages 1040-1045.
Teerakanok, S., Uehara, T., and Inomata, A. (2021). Migrating to zero trust architecture: Reviews and challenges. Security and Communication Networks, 1.
VMWare (2021). What is micro-segmentation? Disponível em: https://www.vmware.com/br/topics/glossary/content/microsegmentation.html/. (Acesso: 15.02.2022).
Wirkuttis, N. and Klein, H. (2017). Artificial intelligence in cybersecurity. Cyber, Intelligence, and Security, 1(1):103-119.
Yao, Q., Wang, Q., Zhang, X., and Fei, J. (2020). Dynamic access control and authorization system based on zero-trust architecture. In 2020 International Conference on Control, Robotics and Intelligent System, pages 123-127.
Balaji Ganesan and Alok Lal (2015). Dynamic Policy Hooks in Ranger Configure and Use. Disponível em: [link]. (Acesso: 20.02.2022).
Bethlehem, D. (2020). The key components and functions in a zero trust architecture. [link]. (Acesso: 19.04.2022).
Connect, O. (2017). Openid connect 1.0. Disponível em: https://openid.net/connect/. (Acesso: 20.02.2022).
FreeIPA (2021). What is freeipa? Disponível em: https://www.freeipa.org/page/AboutWhat is FreeIPA.3F. (Acesso: 21.02.2022).
Haber, M. J. (2020). Zero trust. In Privileged Attack Vectors, pages 295-304. Springer.
Hanna, K. T. (2021). Xacml (extensible access control markup language). Disponível em: https://www.techtarget.com/searchcio/definition/XACML. (Acesso: 15.02.2022).
Karunarathna, I. and Karunaratne, I. (2017). O que é o wso2 identity server? https://wso2.com/library/articles/2017/08/o-que-e-o-wso2-identity-server. (Acesso: 19.02.2022).
Linksys (2022). Ativando o recurso de dmz em sua conta na nuvem da linksys. https://www.linksys.com/br/support-article?articleNum=142514. (Acesso: 19.04.2022).
Ranger, A. (2021). Ranger. Disponível em: https:https://ranger.apache.org/. (Acesso: 20.02.2022).
RedHat. Checking integrity with aide. Disponível em: [link]. (Acesso: 20.02.2022).
S. Rose et al. (2020). MDraft (2nd ) NIST Special Publication 800-207 Zero Trust Architecture. https://doi.org/10.6028/NIST.SP.800-207-draft2.
SCAP, O. (2022). Scan your system. https://www.open-scap.org. ( acesso: 19.04.2022).
Tao, Yang and Lei, Zhu and Ruxiang, Peng (2018). Fine-grained big data security method based on zero trust model. In 2018 IEEE 24th International Conference on Parallel and Distributed Systems (ICPADS), pages 1040-1045.
Teerakanok, S., Uehara, T., and Inomata, A. (2021). Migrating to zero trust architecture: Reviews and challenges. Security and Communication Networks, 1.
VMWare (2021). What is micro-segmentation? Disponível em: https://www.vmware.com/br/topics/glossary/content/microsegmentation.html/. (Acesso: 15.02.2022).
Wirkuttis, N. and Klein, H. (2017). Artificial intelligence in cybersecurity. Cyber, Intelligence, and Security, 1(1):103-119.
Yao, Q., Wang, Q., Zhang, X., and Fei, J. (2020). Dynamic access control and authorization system based on zero-trust architecture. In 2020 International Conference on Control, Robotics and Intelligent System, pages 123-127.
Publicado
23/05/2022
Como Citar
OLIVEIRA, Júnia Maísa; OLIVEIRA, Vinícius Rodrigues; MACEDO, Daniel Fernandes; GUEDES, Dorgival; NOGUEIRA, José Marcos.
Abordagem confiança zero aplicada a ambientes computacionais big data: um estudo de caso. In: WORKSHOP DE GERÊNCIA E OPERAÇÃO DE REDES E SERVIÇOS (WGRS), 27. , 2022, Fortaleza.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2022
.
p. 127-140.
ISSN 2595-2722.
DOI: https://doi.org/10.5753/wgrs.2022.223549.
