分布式安全存储系统密钥管理研究与实现

发布时间：2018-06-09 00:44

本文选题：安全存储系统 + 机密性　；参考：《华中科技大学》2012年硕士论文

【摘要】：随着网络技术和存储技术的飞速发展，越来越多的数据在网络上存储和共享，但与此同时数据面临的安全威胁也日益增多，存储安全的重要性日益凸显。通过分析现有的分布式存储系统的安全机制以及实施方案，发现目前的安全策略实施时有所侧重，，基本上保证机密性、完整性、可用性这些传统安全机制指标。然而在分布式环境下，复杂多变的网络结构，异构的存储机群，以及高并发量的用户，存在着密钥管理复杂、系统性能影响较大、安全管理脆弱等缺点，因此灵活高效的密钥管理策略和可靠完善的安全管理机制是提高存储安全系统效率的重要因素。针对现有分布式安全存储系统的安全管理机制不完善，密钥管理策略不能同时满足安全性、灵活性和高效性的需求。本文提出了一种分布式环境下存储安全解决方案，引入可信的安全管理器和密钥服务器。通过权限证书和文件分组，实施灵活的访问控制策略和安全的数据共享机制；通过单独的密钥服务器，实现安全高效的密钥管理策略；通过统一的的安全管理接口，方便用户和管理员进行日常的安全管理操作；通过审计日志，完成整个储存系统的实时监测和用户行为的统计追踪。论文研究的目标是实现高效的分布式安全存储系统，保证数据安全、高效的存储和访问。实验显示，在分布式存储系统上实施上述安全方案，随机读写性能下降的分别为24%和29%，对系统整体效率影响不大。
[Abstract]:With the rapid development of network technology and storage technology, more and more data are stored and shared on the network. The importance of storage security is becoming more and more important. By analyzing the security mechanism and implementation scheme of the existing distributed storage system, we find that the current security policy has some emphasis on the implementation, which basically ensures confidentiality and integrity. Availability these traditional security mechanism metrics. However, in the distributed environment, the complex and changeable network structure, heterogeneous storage cluster, and high concurrent users have some shortcomings, such as complex key management, great impact on system performance, fragile security management, and so on. Therefore, flexible and efficient key management strategy and reliable and perfect security management mechanism are important factors to improve the efficiency of storage security system. Key management policies cannot meet the requirements of security, flexibility and efficiency. This paper presents a storage security solution in distributed environment, which introduces trusted security manager and key server. Through privilege certificate and file grouping, flexible access control policy and secure data sharing mechanism are implemented; through a separate key server, a secure and efficient key management strategy is realized; and a unified security management interface is adopted. It is convenient for users and administrators to carry out daily security management operations. Through audit log, real-time monitoring of the entire storage system and statistical tracking of user behavior are completed. The goal of this paper is to realize an efficient distributed secure storage system. Ensure data security, efficient storage and access. The experimental results show that the random read and write performance drops by 24% and 29% respectively in the distributed storage system, which has little effect on the overall efficiency of the system.
【学位授予单位】：华中科技大学
【学位级别】：硕士
【学位授予年份】：2012
【分类号】：TN918.4;TP333

【参考文献】