论文信息 - Non-Authentication Based Checkpoint Fault-tolerant Vulnerability in Spark Streaming

Non-Authentication Based Checkpoint Fault-tolerant Vulnerability in Spark Streaming

Apache Spark uses Resilient Distributed Datasets (RDDs) as primitives for data sharing. The in-memory feature of RDD makes Spark faster but it also brings a volatile problem where a failure or a missing RDD causes Spark to recompute all the missing RDD in the lineage. A checkpoint cuts off the lineage by saving the data which is required in the coming computing, thus becoming an essential fault-tolerance mechanism. In this paper, we find that as for Spark Streaming jobs with checkpoint, user authentication is not performed while doing checkpoint during job execution. We present two typical attack scenarios where attackers exploit this vulnerability to interfere with normal users job, causing data loss or even incorrect results. And we put forward a solution which focuses on the administration of checkpoint directory permissions. The experimental results show that our scheme can effectively monitor and resist this attack.

[1] Scott Shenker,et al. Discretized streams: fault-tolerant streaming computation at scale , 2013, SOSP.

[2] Michael J. Franklin,et al. Resilient Distributed Datasets: A Fault-Tolerant Abstraction for In-Memory Cluster Computing , 2012, NSDI.

[3] Hiroaki Kobayashi,et al. Energy-Performance Modeling of Speculative Checkpointing for Exascale Systems , 2017, IEICE Trans. Inf. Syst..

[4] Hairong Kuang,et al. The Hadoop Distributed File System , 2010, 2010 IEEE 26th Symposium on Mass Storage Systems and Technologies (MSST).

[5] Ansuman Banerjee,et al. On Composition of Checkpoint and Recovery Protocols for Distributed Systems , 2015, ICSOC Workshops.

[6] Haopeng Chen,et al. ASC: Improving spark driver performance with SPARK automatic checkpoint , 2016 .

[7] Patrick Wendell,et al. Learning Spark: Lightning-Fast Big Data Analytics , 2015 .

[8] Peng Wang,et al. TRCID: Optimized Task Recovery in MapReduce Based on Checkpointing Intermediate Data , 2017, 2017 IEEE International Conference on Edge Computing (EDGE).