new feature in order to enhance the security of apache hadoop version

["Chen, Wei D" <we...@intel.com>]

Hi developers,

I am quite new to Hadoop, we are considering to integrate one new feature TCP (trust computing pools) into apache Hadoop in order to
enhance the security of compute node or data node in Hadoop cluster.
Trusted compute pools (TCP) include tboot, remote attestation and some hardware and firewall components from Intel TXT(R) which are
designed to provide a trusted computing environment, all the compute nodes in the trusted pool have been measured and protected
based on software and hardware, so we believe this idea will provide a more secure ecosystem to make sure the storage nodes and
compute nodes in hadoop is trusted and security

There are already some successful story, such as TCP integrates with openstack
(http://docs.openstack.org/grizzly/openstack-compute/admin/content/trusted-compute-pools.html) and TCP integrates with oVirt
(http://wiki.ovirt.org/Trusted_compute_pools)


Our current effort are trying to embed some code in the module of node manager and resource manager, node manager call the API
provided by TCP to determine the trustworthiness of the compute node and send the information to resource manager. so scheduler
would dispatch the tasks only on the trusted node in the cluster, if there are no trusted node in the cluster, the task will blocked
until there are some trusted container available which belong to a trusted node. We assume the tasks running on the trust node will
return trusted data. Does this idea feasible?

One critical technical issue is we are not sure where to implement our logic in the module of node manager and resource manager, is
it possible from anyone of you co-worker with us or give us some hint? which java class match well with our logic and where is
class? as you know, the question is elementary as we are indeed not quite familiar with apache Hadoop verison.

thanks in the advance for any of your input!


Best Regards,
Dave Chen