基于HDFS的云存储访问控制安全策略的研究

发布时间：2018-01-07 05:30

本文关键词：基于HDFS的云存储访问控制安全策略的研究　出处：《哈尔滨工业大学》2013年硕士论文　论文类型：学位论文

【摘要】：众所周知，随着云计算的兴起，各种基于云的服务也伴随而来。在如今的互联网时代，人们不再局限于使用计算机上网。如今的移动设备发展的越来越快，越来越来好，它使人们几乎可以随时随地的连接到互联网中。越来越多的组织或个人可以方便的使用互联网络进行信息通讯和共享，，但伴随而来的问题就是如此巨大的信息该如何存储。云存储是为了满足随时随地的存储需求和大规模数据存储而出现的。然而，现实的研究表明，云存储虽有广阔的应用前景，但要人们完全的相信和接受它，并放心的把个人的隐私、企业和政府的敏感数据放心的交给云服务商，仍然需要跨过一个障碍，那就是如何保障用户数据的保密性和完整性。因此，云存储的安全问题也就日渐为人们所热切关注。本文的研究内容为基于HDFS（Hadoop Distributed File System）的云存储安全策略的研究，目的是针对基于HDFS的云存储平台设计和实施提出有效的安全策略，实现安全的访问控制。在研究HDFS的架构之后，针对其在访问控制方面的弱点进行安全策略的设计。该策略结合强制访问控制和基于角色的访问控制，分别设计了主体和客体的安全标签，定义了安全访问控制规则，同时引入角色概念，增加了访问控制的安全性和灵活性，使得云中存储的不同组织的数据可以安全隔离，同时可以安全访问云中数据。具体工作如下：首先，在实验室的云计算平台搭建了基于HDFS的云存储服务，通过具体的配置和操作以及阅读相关文献来研究HDFS的架构，分析其安全机制。接着，针对HDFS访问控制的弱项进行了深入研究。通过研究传统访问控制的原理和模型，设计了针对HDFS的安全策略。最终选定了基于主客体标签的强制访问控制与基于角色的访问控制的结合来实现云中数据隔离和安全访问。最后，在实现安全策略编码后，又实现基于HDFS的PC端文件管理服务，方便组织和个人对云中数据的安全操作；同时，实现了基于Android手机端的移动云存储简单应用。本课题将传统访问控制重新结合设计适合云存储安全的安全策略，对于实际应用具有一定的理论意义。
[Abstract]:As everyone knows, with the rise of cloud computing, cloud based service attendant. In today's Internet era, people are no longer limited to the use of computer to the Internet. Today's mobile device development more and more quickly, more and more good, it makes people can connect to the Internet whenever and wherever possible. More and more organizations or individuals you can use the Internet to facilitate the communication and information sharing, but the problem is so huge. How to store the information of the cloud storage is to satisfy the storage requirements whenever and wherever possible and large-scale data storage and appear. However, the reality of the research shows that although the cloud storage has broad application prospects, but to the people completely believe and accept it, and be assured of the personal data privacy, sensitive business and government assured to the cloud service provider, still need to cross an obstacle to it How to guarantee the confidentiality and integrity of user data, so the security of cloud storage is becoming more and more concerned.
This paper is based on HDFS (Hadoop Distributed File System) of the cloud storage security strategy, the aim is to put forward effective security policy design and implementation of cloud storage platform based on HDFS, implementation of security access control. After the research of the architecture of HDFS, according to the design of the security policy for the weakness of the visit control. This strategy combines mandatory access control and role-based access control, designed the security label of the subject and the object, the definition of security access control rules, and introduces the concept of the role, increase the access control security and flexibility, so that the cloud storage data in different organizations can safe isolation, and can secure access to the cloud the data as follows:
First of all, cloud storage service based on HDFS is built in the cloud computing platform of the laboratory. Through the specific configuration and operation, and reading related literature, we study the architecture of HDFS and analyze its security mechanism.
Then, according to the HDFS access control weaknesses are studied. Through the research on the principle and model of traditional access control, designed for the HDFS security policy. Finally selected label the subject and the object of the mandatory access control and role-based access control to achieve cloud data isolation and security access based on.
Finally, after implementing the coding of security policy, the PC file management service based on HDFS is implemented to facilitate the safe operation of organizations and individuals in cloud data. At the same time, a simple application of mobile cloud storage based on Android mobile terminal is implemented.
This topic recombines the traditional access control to design the security strategy suitable for the cloud storage security, which has a certain theoretical significance for the practical application.

【学位授予单位】：哈尔滨工业大学
【学位级别】：硕士
【学位授予年份】：2013
【分类号】：TP393.08;TP333

【参考文献】