安全对象分布式文件系统的设计与实现
发布时间:2018-07-31 10:47
【摘要】:随着分布式存储技术的发展,对象分布式文件系统也成为当前的研究热点。在不断满足高性能、高容量、高可靠性及高可扩展性的同时,其安全性也越来越受到重视,在追求高安全性的同时必然带来性能的消耗,,如何在保证安全性的同时,减少其带来的性能开销,是研究分布式文件系统安全的热点之一。 面向所开发的对象分布式文件系统设计了一个基于身份的分布式安全方案,在提供文件系统安全性的同时,降低由安全措施带来的性能开销。针对分布式文件系统用户量大、IO访问频繁的特点,结合IBE身份认证方案,采用一种用户登录阶段与文件IO阶段相分离的两阶段身份认证,保证了用户登录阶段身份认证的安全性及IO阶段身份认证的高效性。针对中心式访问控制会造成的元数据服务器性能瓶颈问题,设计了一种基于角色的分布式访问架构,在元数据服务器和对象存储服务器间恰当分配安全功能,实现存储节点对用户请求的分布式访问控制。采用基于锁盒子密钥的密钥管理方法,设计了一种多安全级别的加密存储方案,在增强系统安全性的同时降低了密钥管理的成本开销。 实验表明,所设计的基于身份的分布式安全架构不仅为文件系统提供了有效的安全保证,同时保证了身份认证、访问控制的高效性。
[Abstract]:With the development of distributed storage technology, object distributed file system has become a hot research topic. Reducing the performance overhead is one of the hotspots in the research of distributed file system security. An identity-based distributed security scheme is designed for the developed object distributed file system, which not only provides the security of the file system, but also reduces the performance overhead brought by the security measures. In view of the frequent access of users in distributed file systems, combined with the IBE authentication scheme, a two-stage authentication is adopted, which separates the user login stage from the file IO stage. The security of identity authentication in login stage and the high efficiency of identity authentication in IO stage are guaranteed. Aiming at the bottleneck of metadata server performance caused by central access control, a role-based distributed access architecture is designed to distribute security functions between metadata server and object storage server. The distributed access control of the storage node to the user request is realized. Based on the key management method of lock box key, a multi-level encryption storage scheme is designed, which not only enhances the security of the system but also reduces the cost of key management. Experimental results show that the proposed ID-based distributed security architecture not only provides an effective security guarantee for file systems, but also ensures the high efficiency of identity authentication and access control.
【学位授予单位】:华中科技大学
【学位级别】:硕士
【学位授予年份】:2013
【分类号】:TP309;TP333
本文编号:2155352
[Abstract]:With the development of distributed storage technology, object distributed file system has become a hot research topic. Reducing the performance overhead is one of the hotspots in the research of distributed file system security. An identity-based distributed security scheme is designed for the developed object distributed file system, which not only provides the security of the file system, but also reduces the performance overhead brought by the security measures. In view of the frequent access of users in distributed file systems, combined with the IBE authentication scheme, a two-stage authentication is adopted, which separates the user login stage from the file IO stage. The security of identity authentication in login stage and the high efficiency of identity authentication in IO stage are guaranteed. Aiming at the bottleneck of metadata server performance caused by central access control, a role-based distributed access architecture is designed to distribute security functions between metadata server and object storage server. The distributed access control of the storage node to the user request is realized. Based on the key management method of lock box key, a multi-level encryption storage scheme is designed, which not only enhances the security of the system but also reduces the cost of key management. Experimental results show that the proposed ID-based distributed security architecture not only provides an effective security guarantee for file systems, but also ensures the high efficiency of identity authentication and access control.
【学位授予单位】:华中科技大学
【学位级别】:硕士
【学位授予年份】:2013
【分类号】:TP309;TP333
【参考文献】
相关期刊论文 前2条
1 陈涛;肖侬;刘芳;;对象存储系统中自适应的元数据负载均衡机制[J];软件学报;2013年02期
2 郑芳芳;侯整风;朱晓林;;无可信中心数字签名方案[J];微计算机信息;2012年02期
本文编号:2155352
本文链接:https://www.wllwen.com/kejilunwen/jisuanjikexuelunwen/2155352.html
