数字校园环境下云存储安全机制研究
发布时间:2018-10-17 14:07
【摘要】:随着数字校园现代化建设的不断发展,文件的数量和访问量不断上涨,传统的文件存储系统正逐渐被分布式云存储系统所取代。分布式云存储系统可以有效地解决数字校园环境下大容量、大目录和大量的小文件存储需求,但是数据中心网络化的存储模式在迎合海量数据处理的需求同时,却也引发了许多亟待解决的安全问题。数据存储的可靠性、机密性、完整性等安全性问题成为数字校园环境下分布式云存储系统面临的新的挑战。针对数字校园文件存储现状和新的挑战,通过研究已有分布式云存储系统的技术和实现,本文设计了元数据和数据分离的Me Se安全存储体系结构,解决了文件的存储安全问题,针对大量小文件的存储设计实现了能够保证数据存储可靠性、机密性和完整性的安全机制。本文所做的主要工作包括以下几个方面:1.为数字校园环境设计并实现了元数据和数据分离的安全存储体系结构—Me Se安全存储体系结构。在Me Se中将元数据服务器单独置于海量存储系统前端有利于元数据的安全独立受控,提高了Me Se安全存储体系结构的安全性。同时,基于威胁建模方法学的研究针对分布式云存储系统提出了形式化的威胁建模方法。在此基础上,在Me Se设计初期使用此方法对其进行了详细的威胁建模分析。2.为Me Se安全存储体系结构设计并实现了基于密级的敏感数据分片编码机制,将数据编码分片后分布存储到后端存储系统中,保障了数据的机密性、可靠性和安全性。在此基础上,课题设计了一种基于敏感数据编码的低网络传输开销的文件增量更新策略,在文件的随机更新过程中只传输修改过的片段,从而降低网络传输开销。3.为了在数字校园环境下应用系统间实现数据的安全共享,在Me Se元数据和数据分离的存储体系结构的基础上,数据的共享必须基于元数据的共享,所以课题设计实现了基于认证授权的元数据安全共享机制。通过安全授权技术实现元数据共享,保证数据在应用系统间共享不会发生信息泄露、用户认证证书泄露等威胁。
[Abstract]:With the development of digital campus modernization, the number of files and the number of visits are increasing. The traditional file storage system is gradually replaced by the distributed cloud storage system. Distributed cloud storage system can effectively solve the large capacity, large directory and a large number of small file storage requirements in the digital campus environment, but the data center network storage mode meets the demand of massive data processing at the same time. But also caused many urgent security problems. The security problems of data storage, such as reliability, confidentiality and integrity, have become a new challenge for distributed cloud storage system in digital campus environment. In view of the present situation and new challenges of file storage in digital campus, this paper designs a Me Se secure storage architecture which separates metadata from data by studying the technology and implementation of distributed cloud storage system, which solves the problem of file storage security. A security mechanism which can guarantee the reliability, confidentiality and integrity of data storage is designed and implemented for the storage of a large number of small files. The main work of this paper includes the following aspects: 1. A secure storage architecture, Me Se secure storage architecture, which separates metadata from data, is designed and implemented for the digital campus environment. Putting the metadata server in the front end of the mass storage system alone in Me Se is beneficial to the security and control of the metadata and improves the security of the Me Se secure storage architecture. At the same time, based on threat modeling methodology, a formal threat modeling method is proposed for distributed cloud storage systems. On this basis, this method is used in the initial stage of Me Se design to analyze the threat modeling in detail. 2. 2. The security storage architecture of Me Se is designed and implemented, and the sensitive data slicing mechanism based on the secret level is designed and implemented. The data encoding is distributed and stored in the back-end storage system, which ensures the confidentiality, reliability and security of the data. On this basis, a file incremental updating strategy based on sensitive data encoding with low network transmission overhead is designed. Only modified fragments are transmitted during the random file updating process, thus reducing the network transmission overhead. In order to realize the secure sharing of data among application systems in the digital campus environment, the data sharing must be based on the metadata sharing on the basis of the storage architecture of Me Se metadata and data separation. So the thesis designs and implements the metadata security sharing mechanism based on authentication authorization. Metadata sharing is realized through security authorization technology, which ensures that data sharing between application systems will not result in information leakage, user authentication certificate leakage and other threats.
【学位授予单位】:国防科学技术大学
【学位级别】:硕士
【学位授予年份】:2013
【分类号】:TP333;TP309
,
本文编号:2276914
[Abstract]:With the development of digital campus modernization, the number of files and the number of visits are increasing. The traditional file storage system is gradually replaced by the distributed cloud storage system. Distributed cloud storage system can effectively solve the large capacity, large directory and a large number of small file storage requirements in the digital campus environment, but the data center network storage mode meets the demand of massive data processing at the same time. But also caused many urgent security problems. The security problems of data storage, such as reliability, confidentiality and integrity, have become a new challenge for distributed cloud storage system in digital campus environment. In view of the present situation and new challenges of file storage in digital campus, this paper designs a Me Se secure storage architecture which separates metadata from data by studying the technology and implementation of distributed cloud storage system, which solves the problem of file storage security. A security mechanism which can guarantee the reliability, confidentiality and integrity of data storage is designed and implemented for the storage of a large number of small files. The main work of this paper includes the following aspects: 1. A secure storage architecture, Me Se secure storage architecture, which separates metadata from data, is designed and implemented for the digital campus environment. Putting the metadata server in the front end of the mass storage system alone in Me Se is beneficial to the security and control of the metadata and improves the security of the Me Se secure storage architecture. At the same time, based on threat modeling methodology, a formal threat modeling method is proposed for distributed cloud storage systems. On this basis, this method is used in the initial stage of Me Se design to analyze the threat modeling in detail. 2. 2. The security storage architecture of Me Se is designed and implemented, and the sensitive data slicing mechanism based on the secret level is designed and implemented. The data encoding is distributed and stored in the back-end storage system, which ensures the confidentiality, reliability and security of the data. On this basis, a file incremental updating strategy based on sensitive data encoding with low network transmission overhead is designed. Only modified fragments are transmitted during the random file updating process, thus reducing the network transmission overhead. In order to realize the secure sharing of data among application systems in the digital campus environment, the data sharing must be based on the metadata sharing on the basis of the storage architecture of Me Se metadata and data separation. So the thesis designs and implements the metadata security sharing mechanism based on authentication authorization. Metadata sharing is realized through security authorization technology, which ensures that data sharing between application systems will not result in information leakage, user authentication certificate leakage and other threats.
【学位授予单位】:国防科学技术大学
【学位级别】:硕士
【学位授予年份】:2013
【分类号】:TP333;TP309
,
本文编号:2276914
本文链接:https://www.wllwen.com/kejilunwen/jisuanjikexuelunwen/2276914.html
