支持隐私保护的云存储系统的设计与研究

发布时间：2018-05-18 08:12

本文选题：云存储 + 云安全　；参考：《西北大学》2013年硕士论文

【摘要】：2007年至今,云计算一直是国内外研究的热点。云存储是由云计算发展而来的,通过云计算技术、集群应用、网络技术以及分布式文件系统等功能,将各种不同类型的存储设备集合在一起给用户提供存储服务。云存储是一种新型的网络存储形式,为用户提供了低成本、高可靠性、按需分配的网络存储服务。因此很快被用户所接受并且受到了小企业、科研单位的青昧。然而,企业在享受云存储服务所带来好处的同时,也不得不考虑这种新存储方式下所带来的威胁。在云存储服务中文件数据大都以文件明文形式存在,即使云存储服务供应商提供了相应的加密功能也都是在云端实现的,对于用户来说具有不可控制性。这使得云存储服务商有获得、篡改用户存储数据的能力,从而使得一些企业用户不敢将自己的企业客户资料、通讯记录、财务报表、销售计划等敏感数据存放在云端,仍然选择存放在企业内部的存储设备中,这也严重制约了云存储的进一步发展。据国内专业调研机构CBIResearch相关数据表明：目前,大约有80%的企业出于对数据安全性的考虑不愿意将企业内部资料放在公有云上,企业非常关心他们信息的安全性。因此,如何在用户端实现对数据的隐私保护,并且在云端实现不同用户之间的数据的共享成为了解决的重点。本文深入分析了Linux文件系统的相关理论和VFS的基础技术,介绍了亚马逊S3的相关概念,并且对Linux中实现文件系统的3种方式进行了讨论。从服务器端不可信的场景下进行考虑,将数据的控制权完全置于数据的所有者端,构建了一个能够保证用户数据安全性的云存储系统。在Linux VFS层下设计了新的文件系统XFS,该系统是基于S3的云存储文件系统。当用户在与系统进行数据交互时,由于Linux文件系统的VFS层屏蔽了下层具体文件系统的差异,保证了用户数据操作的透明性。本系统使用了细粒度的文件加密方式并且将文件密钥以文件扩展属性的方式存放在存储设备中,使得用户在S3中的文件可以实现共享,并且即使用户的一个文件密钥丢失也不会影响到其它文件数据的隐私性。XFS使用了Linux的缓存机制将文件加密操作后置和将解密操作前移从而实现了动态加密/解密操作,将系统的性能损失降到了最低。
[Abstract]:So far in 2007, cloud computing has been a hot topic at home and abroad. Cloud storage is developed by cloud computing, through cloud computing technology, cluster applications, network technology and distributed file systems and other functions, a variety of different types of storage devices together to provide users with storage services. Cloud storage is a new type of network storage, which provides users with low cost, high reliability and on-demand distribution of network storage services. As a result, quickly accepted by users and by small enterprises, scientific research units of the green ignorance. However, enterprises not only enjoy the benefits of cloud storage services, but also have to consider the threat of this new storage mode. In the cloud storage service, the file data mostly exists in the form of file plaintext. Even if the cloud storage service provider provides the corresponding encryption function, it is also implemented in the cloud, which is not controllable to the user. This makes cloud storage service providers have the ability to obtain and tamper with the data stored by users, so that some enterprise users are afraid to store their own sensitive data such as customer information, communication records, financial statements, sales plans, etc., in the cloud. Still choose to store in the enterprise internal storage device, this also seriously restricted the further development of cloud storage. According to the relevant data of CBIResearch, a professional research organization in China, at present, about 80% of enterprises are unwilling to put their internal information on the public cloud for the consideration of data security, and enterprises are very concerned about the security of their information. Therefore, how to protect the privacy of the data in the client and share the data among different users in the cloud has become the focus of the solution. This paper analyzes the related theory of Linux file system and the basic technology of VFS, introduces the related concepts of Amazon S3, and discusses three ways to implement file system in Linux. Considering the scenario where the server side is not trusted, the control right of the data is completely placed on the owner side of the data, and a cloud storage system which can guarantee the security of the user data is constructed. A new file system, XFS, is designed under the Linux VFS layer, which is a cloud storage file system based on S3. When the user interacts with the system, the VFS layer of the Linux file system shields the differences of the underlying file system, which ensures the transparency of the user data operation. The system uses the fine-grained file encryption method and stores the file key in the storage device in the form of file extension attributes, so that the user files in S3 can be shared. And even if a user's file key is lost, it will not affect the privacy of other file data. XFS uses the cache mechanism of Linux to post the file encryption operation and to move the decryption operation forward, thus realizing the dynamic encryption / decryption operation. The performance loss of the system is minimized.
【学位授予单位】：西北大学
【学位级别】：硕士
【学位授予年份】：2013
【分类号】：TP333;TP309

【参考文献】