基于属性的分布式存储安全访问控制技术

发布时间：2018-06-28 03:00

本文选题：分布式存储系统 + 基于属性的访问控制　；参考：《华中科技大学》2012年硕士论文

【摘要】：计算机和网络技术高速发展带来了大规模分布式存储系统的出现，面对开放的网络环境、数量庞大的用户群以及应用需求的不断变化，信息数据具有分布性、自治性和保密性等等特性，那么就要求存储系统必须灵活、简单、高效、可扩展和高安全。特别地，如今的存储设备直接依附于复杂的用户网络上，如何让用户放心把私有数据存放在不可信任的存储端，同时如何以最小的性能消耗代价来提高整个系统的安全，就成为了大规模存储系统安全访问的设计目的。访问控制是在分布式存储系统对用户提供最大限度系统资源共享的基础上，通过管理用户的操作权限来防止合法用户的越权访问。现有的访问控制机制是基于用户身份的唯一标识，当存储系统规模增大和文件共享方式复杂时，导致文件的访问效率低下，从而给大规模存储系统造成了明显的性能瓶颈。基于属性的访问控制机制，，在基于属性的密码学基础上，使用属性明确定义和管理用户、文件以及访问权限，解决了分布式开放环境下细粒度灵活的访问授权和大规模用户扩展问题，也减少了存储系统的访问控制开销。在开放网络环境下认证端和存储端都需要检验用户对文件的访问权限，基于属性的分布式认证方法使得存储端不再需要为用户维护访问权限信息，对用户访问请求验证通过简单计算可以完成，减少了整个存储系统用于认证的开销。它不仅为具有权限用户提供安全可靠高效的文件访问，也有效阻止无权、越权用户或者外部攻击者的访问和攻击。基于属性的分布式存储系统安全访问方法是基于属性的访问控制机制和认证方法相结合。在原型系统上的实验结果表明，该安全访问方法不仅一定程度上保持了系统的高性能，而且提供了一套灵活、高效和可靠的访问机制，为复杂网络环境下的大规模分布式存储系统提供了理想的安全访问方案。
[Abstract]:The rapid development of computer and network technology has brought about the emergence of large-scale distributed storage system. In the face of open network environment, large number of users and continuous changes in application requirements, information data is distributed. Such features as autonomy and confidentiality require storage systems to be flexible, simple, efficient, extensible and secure. In particular, today's storage devices are directly attached to complex user networks. How to make users feel secure about storing private data in untrusted storage, and how to improve the security of the whole system with minimal performance cost. It has become the design purpose of the security access of the large-scale storage system. Access control is based on the distributed storage system to provide users with maximum system resource sharing, through the management of user's operating rights to prevent legitimate users' unauthorized access. The existing access control mechanism is the unique identification based on the user identity. When the storage system size increases and the file sharing mode is complex, the file access efficiency is low, thus causing a significant performance bottleneck to the large-scale storage system. On the basis of attribute-based cryptography, attribute is used to define and manage users, files and access rights. The problem of fine-grained and flexible access authorization and large-scale user extension in distributed open environment is solved, and the access control overhead of storage system is also reduced. In the open network environment, both the authentication end and the storage end need to check the access rights of the user to the file, and the distributed authentication method based on attributes makes the storage side no longer need to maintain access right information for the user. The verification of user access request can be accomplished by simple calculation, which reduces the cost of authentication in the whole storage system. It not only provides secure, reliable and efficient file access for authorized users, but also effectively prevents unauthorized, ultra vires users or external attackers from accessing and attacking. The secure access method of distributed storage system based on attribute is a combination of attribute based access control mechanism and authentication method. The experimental results on the prototype system show that the secure access method not only maintains the high performance of the system to some extent, but also provides a set of flexible, efficient and reliable access mechanism. It provides an ideal secure access scheme for large-scale distributed storage systems in complex network environments.
【学位授予单位】：华中科技大学
【学位级别】：硕士
【学位授予年份】：2012
【分类号】：TP333;TP393.08

【参考文献】