• Type: New Feature New Feature
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 3.0.0
    • Fix Version/s: 2.6.0
    • Component/s: security
    • Labels:


      There is an increasing need for securing data when Hadoop customers use various upper layer applications, such as Map-Reduce, Hive, Pig, HBase and so on.

      HADOOP CFS (HADOOP Cryptographic File System) is used to secure data, based on HADOOP “FilterFileSystem” decorating DFS or other file systems, and transparent to upper layer applications. It’s configurable, scalable and fast.

      High level requirements:
      1. Transparent to and no modification required for upper layer applications.
      2. “Seek”, “PositionedReadable” are supported for input stream of CFS if the wrapped file system supports them.
      3. Very high performance for encryption and decryption, they will not become bottleneck.
      4. Can decorate HDFS and all other file systems in Hadoop, and will not modify existing structure of file system, such as namenode and datanode structure if the wrapped file system is HDFS.
      5. Admin can configure encryption policies, such as which directory will be encrypted.
      6. A robust key management framework.
      7. Support Pread and append operations if the wrapped file system supports them.

      1. HDFSDataatRestEncryptionAttackVectors.pdf
        131 kB
        Alejandro Abdelnur
      2. HDFSDataatRestEncryptionProposal.pdf
        219 kB
        Alejandro Abdelnur
      3. HDFSDataAtRestEncryptionAlternatives.pdf
        321 kB
        Alejandro Abdelnur
      4. cfs.patch
        104 kB
        Yi Liu
      5. extended information based on INode feature.patch
        128 kB
        Yi Liu
      6. HADOOP cryptographic file system-V2.docx
        103 kB
        Yi Liu
      7. CryptographicFileSystem.patch
        287 kB
        Yi Liu
      8. HADOOP cryptographic file system.pdf
        561 kB
        Yi Liu

        Issue Links

        There are no Sub-Tasks for this issue.


          No work has yet been logged on this issue.


            • Assignee:
              Yi Liu
              Yi Liu
            • Votes:
              0 Vote for this issue
              60 Start watching this issue


              • Created: