基于Lustre的集群存储系统的安全性研究
发布时间:2018-08-30 18:03
【摘要】:近年来,数据量爆炸式增长及用户需求跨越式提升使高性能计算技术得到广泛应用,这些应用不仅需要高性能的计算能力,还需要提供良好的存储性能,传统的存储技术逐渐显露不足,融合了基于对象存储技术的集群存储系统能够满足高带宽、并发访问、高可扩展性、易管理等各项需求,成为解决传统存储技术问题的有效途径。但是,开放式的网络环境给集群存储系统造成了极大的安全威胁,所以集群系统的安全性研究成为当前一项重要课题。 本文应用Lustre文件系统搭建了一个基于对象存储技术的集群存储系统,通过分析Lustre文件系统和集群存储的特点,结合实现系统安全的关键技术,如数据加密技术、认证技术、访问控制技术和密钥管理技术等,提出了一种基于该存储系统的安全架构。 本文提出的安全架构主要实现身份认证,数据加密,密钥管理和访问控制等功能。其中身份认证是计算机网络系统确认操作者身份的过程,是安全系统的首个关卡,数据加密是保护数据的重要方式之一,密钥管理是保证系统安全的核心问题,访问控制可以实现对用户权限的有效规范。系统在原有组密钥管理器基础上,增加访问控制器,使密钥计算和访问控制分离,提高系统的安全性和部署灵活性,同时降低对组密钥管理器的存储需求,提高密钥计算的效率;认证部分采用基于公钥基础设施的认证机制,与传统的基于对称密钥的Kerberos机制相比,节省了管理时间和资源,提高了系统的可扩展性。 最后在实验室集群系统环境的基础上实现了该安全架构,并进行了相关性能测试。通过分析,该安全架构能有效防止一些常见的攻击,能够有效保护基于Lustre的集群存储系统的数据安全,相关的性能测试结果证明了Lustre在集群存储系统中的良好性能,,同时给出了安全架构对当前系统的性能影响,为课题进一步优化提供了依据。
[Abstract]:In recent years, the explosive growth of data volume and the leapfrog upgrade of user demand have made high performance computing technology widely used. These applications require not only high performance computing power, but also good storage performance. The traditional storage technology is becoming more and more inadequate. The cluster storage system based on object storage technology can meet the requirements of high bandwidth, concurrent access, high scalability, easy management and so on. It has become an effective way to solve the problem of traditional storage technology. However, the open network environment poses a great security threat to the cluster storage system, so the research on the security of the cluster system has become an important subject. This paper uses Lustre file system to build a cluster storage system based on object storage technology. By analyzing the characteristics of Lustre file system and cluster storage, this paper combines the key technologies to realize system security, such as data encryption technology, authentication technology, etc. A security architecture based on access control and key management is proposed. The proposed security architecture mainly implements the functions of identity authentication, data encryption, key management and access control. Identity authentication is the process of confirming the identity of the operator in the computer network system, and it is the first level of the security system. Data encryption is one of the important ways to protect data. Key management is the core problem to ensure the security of the system. Access control can achieve the effective specification of user rights. Based on the original group key manager, the system adds an access controller to separate the key calculation from access control, improves the security and flexibility of the system, and reduces the storage requirements of the group key manager. In the authentication part, the authentication mechanism based on public key infrastructure is adopted, which saves the management time and resources and improves the scalability of the system compared with the traditional Kerberos mechanism based on symmetric key. Finally, the security architecture is implemented on the basis of the laboratory cluster system environment, and the related performance tests are carried out. Through analysis, the security architecture can effectively prevent some common attacks, and can effectively protect the data security of cluster storage system based on Lustre. The related performance test results prove the good performance of Lustre in cluster storage system. At the same time, the influence of the security architecture on the performance of the current system is given, which provides the basis for further optimization.
【学位授予单位】:中国石油大学(华东)
【学位级别】:硕士
【学位授予年份】:2013
【分类号】:TP333;TP309
本文编号:2213864
[Abstract]:In recent years, the explosive growth of data volume and the leapfrog upgrade of user demand have made high performance computing technology widely used. These applications require not only high performance computing power, but also good storage performance. The traditional storage technology is becoming more and more inadequate. The cluster storage system based on object storage technology can meet the requirements of high bandwidth, concurrent access, high scalability, easy management and so on. It has become an effective way to solve the problem of traditional storage technology. However, the open network environment poses a great security threat to the cluster storage system, so the research on the security of the cluster system has become an important subject. This paper uses Lustre file system to build a cluster storage system based on object storage technology. By analyzing the characteristics of Lustre file system and cluster storage, this paper combines the key technologies to realize system security, such as data encryption technology, authentication technology, etc. A security architecture based on access control and key management is proposed. The proposed security architecture mainly implements the functions of identity authentication, data encryption, key management and access control. Identity authentication is the process of confirming the identity of the operator in the computer network system, and it is the first level of the security system. Data encryption is one of the important ways to protect data. Key management is the core problem to ensure the security of the system. Access control can achieve the effective specification of user rights. Based on the original group key manager, the system adds an access controller to separate the key calculation from access control, improves the security and flexibility of the system, and reduces the storage requirements of the group key manager. In the authentication part, the authentication mechanism based on public key infrastructure is adopted, which saves the management time and resources and improves the scalability of the system compared with the traditional Kerberos mechanism based on symmetric key. Finally, the security architecture is implemented on the basis of the laboratory cluster system environment, and the related performance tests are carried out. Through analysis, the security architecture can effectively prevent some common attacks, and can effectively protect the data security of cluster storage system based on Lustre. The related performance test results prove the good performance of Lustre in cluster storage system. At the same time, the influence of the security architecture on the performance of the current system is given, which provides the basis for further optimization.
【学位授予单位】:中国石油大学(华东)
【学位级别】:硕士
【学位授予年份】:2013
【分类号】:TP333;TP309
【参考文献】
相关期刊论文 前7条
1 张松敏;陶荣;于国华;;安全散列算法SHA-1的研究[J];计算机安全;2010年10期
2 陈凯,白英彩;网络存储技术及发展趋势[J];电子学报;2002年S1期
3 邓晓军;;PKI技术及其应用的分析[J];计算机技术与发展;2008年06期
4 徐嘉;李建华;;结合PKI与Kerberos的分布式认证与访问控制[J];微计算机信息;2006年21期
5 向华萍;万仲保;;基于ECC的身份认证系统的设计与实现[J];微计算机信息;2007年03期
6 李焕芝;冯震宇;何波;;集群存储技术及其在石油勘探行业的应用[J];中国西部科技;2012年01期
7 熊艳,覃俊;SSL协议及其几个安全性问题[J];中南民族大学学报(自然科学版);2005年03期
本文编号:2213864
本文链接:https://www.wllwen.com/kejilunwen/jisuanjikexuelunwen/2213864.html
