SECapacity: A Secure Capacity Scheduler in YARN

In this paper, aiming to the requirement that isolation of user's job and data security, we deeply analyze the mainstream computing framework Hadoop YARN, and start with the core module of YARN - resource scheduler. Using the existing label-based scheduling policy, we design and implement a SECapacity scheduler. Our main work including: First, according to the principle of least privilege, we propose a user-classification based scheduling policy, which divided users to several levels based on their attributes, then restrict which nodes could be used by this user according to the user level. Second, we design and implement a SECapacity scheduler to implement user-classification based scheduling. Third, we verify and analyze the effectiveness and efficiency of SECapacity scheduler, the results shows that SECapacity scheduler can ensure 100% isolation of users at different levels, and the performance overhead is about 6.95%.