基于MFS的校园安全同步网盘设计与实现

发布时间：2018-01-22 17:40

  本文关键词： 同步网盘 云存储 密文访问控制 校园环境 MFS　出处：《国防科学技术大学》2013年硕士论文　论文类型：学位论文

【摘要】：互联网的发展和智能设备的普及使得越来越多的用户同时拥有多台计算终端,由此带来的多终端间文件同步需求催生了同步网盘这一产品。同步网盘是云存储的一种应用形式,用户根据需求向服务提供商购买或免费申请一定的存储空间,将自身数据托管给服务提供商,享受数据在线备份、共享、多终端间数据同步等一系列服务。对学校而言,一方面现有商业同步网盘产品大多基于公有云存储构建,无法运用于校园中某些相对封闭的网络环境;另一方面,私有云存储之上的同步网盘产品或价格昂贵或功能薄弱,均无法很好的满足校园环境的要求。本文在研究分析当前同步网盘产品功能特征的基础上,以校园网为应用环境提出了自主的安全同步网盘解决方案QXDrive,并着重解决同步网盘中的数据同步和访问控制两个关键性技术问题。本文进行的主要工作包括:1.构建了一种同步网盘总体框架。本文通过分析同步网盘的功能特点和校园环境下用户对同步网盘的需求设计了QXDr ive中存储端、服务端、客户端三层结构、各层次组成模块的功能及模块间关系。2.提出了一种数据同步算法BDsync。本文对同步网盘中各位置副本的同步状态进行了定义;将同步网盘中的数据同步问题分解为版本控制和差异传输两个子问题。同步算法BDsync采用时间戳进行集中化的版本比较,采用版本链进行冲突处理,采用优化了的Rsync算法进行数据传输。实验证明,本文所提出的BDsyn c算法能够实现同步网盘中的版本比较和冲突处理,其数据传输过程与传统的Rsyn c算法相比有更快的传输速度和更低的计算资源开销。3.设计了一种同步网盘中的密文访问控制方案。以校园同步网盘中云存储服务提供商(CSP)与用户之间的利益共同体关系为基础,对学校作为CSP的可信程度提出了“诚实但无辜”的假设。本文所设计的方案中,CSP通过基于角色的访问控制(RBAC)控制数据密文的获取权限,用户通过基于CP-ABE的密文访问控制架构(CCAC)控制对数据密文的解密权限,形成了一套CSP与用户双重可控的密文访问控制方案。通过对本文所提出的访问控制方案的实现和分析,证明该方案能够有效阻止未授权用户对数据的获取,对校园同步网盘中的数据安全有良好的保护效果。
[Abstract]:With the development of Internet and the popularity of intelligent devices, more and more users have multiple computing terminals at the same time. The need for file synchronization between multiple terminals gives birth to the product of synchronous network disk, which is an application form of cloud storage. Users purchase or apply for certain storage space free of charge from service providers according to their needs. Hosting their own data to service providers, enjoy data online backup, sharing, multi-terminal data synchronization and other services. For schools. On the one hand, most of the existing commercial synchronous network disk products are based on public cloud storage, which can not be used in some relatively closed network environment on campus; On the other hand, the synchronous disk products on the private cloud storage or expensive or weak function, can not meet the requirements of the campus environment. Taking the campus network as the application environment, this paper puts forward the independent security synchronous network disk solution QXDrive. Two key technical problems of data synchronization and access control in synchronous network disk are emphatically solved. The main work of this paper includes:. 1. A general frame of synchronous network disk is constructed. The storage terminal in QXDr ive is designed by analyzing the function characteristics of synchronous network disk and the requirements of users on the campus environment. Server, client three-tier structure. This paper presents a data synchronization algorithm BDsync. this paper defines the synchronization state of each replica in the synchronous network disk. The data synchronization problem in the synchronous network disk is decomposed into two sub-problems: version control and differential transmission. The synchronization algorithm BDsync uses time stamp for centralized version comparison and uses version chain for conflict handling. The optimized Rsync algorithm is used for data transmission. Experimental results show that the proposed BDsyn c algorithm can achieve version comparison and conflict handling in synchronous disk. Its data transfer process and traditional Rsyn. C algorithm has faster transmission speed and lower computing resource overhead. 3. A ciphertext access control scheme in synchronous network disk is designed. CSP) is based on a community of interest relationship with users. This paper puts forward the hypothesis of "honesty but innocence" for the trustworthiness of school as CSP. In the scheme designed in this paper, the authority of obtaining data ciphertext is controlled by role-based access control (RBAC). The user controls the decryption permission of the data ciphertext through the ciphertext access control architecture based on CP-ABE. A set of ciphertext access control scheme, which is controlled by CSP and user, is formed. Through the implementation and analysis of the access control scheme proposed in this paper, it is proved that the scheme can effectively prevent unauthorized users from obtaining data. It has good protection effect to the data security in the campus synchronous net disk.
【学位授予单位】：国防科学技术大学
【学位级别】：硕士
【学位授予年份】：2013
【分类号】：TP333
，

本文编号：1455320