企业云盘的数据安全解决方案及系统设计

发布时间：2018-06-13 03:33

本文选题：数据安全 + 数据去重　；参考：《天津大学》2016年硕士论文

【摘要】：随着互联网和海量数据的快速发展,云计算和云存储的需求越来越强烈,同时越来越多的用户开始把数据放到云端进行保存。云盘这种在线云存储服务使得用户可以简单的按需付费,快速实现了数据的动态扩展、永久性保存、随时随地的在线访问以及高效的共享协作功能,可以说云存储服务具有极大的市场规模和应用前景。然而,尽管这种在线云存储方式虽然具有明显的服务优势,但是仍然有相当多的政府和企业云盘抱着观望的态度,许多个人用户也只是把一些不重要的文件和数据保存到云端,这种态度主要还是源于对安全问题的担心。使用这种云服务的模式,意味着用户把自己的数据放到云端,这样脱离了自己的掌控而变为云服务上来控制数据。因此,当把数据存放到云端时,如何实现用户数据的保密性和完整性,已经成为阻碍云存储服务发展的重要因素。本文详细分析了企业云盘产品的数据安全范畴和主要问题。明确数据安全的实现目标,给出了为实现方案目标的相关具体要点。然后通过建立用于常规文件加解密的密钥管理体系和用于密文去重的共享密钥系统,实现了一种支持密文去重的数据保护方法。此外还设计了一种数据完整性校验方法,能够在确保不知道正确明文摘要的前提下,支持明文和密文的摘要判定,防止了数据伪造性攻击。最终通过完整的方案流程实现了云端环境下用户数据的保密性和完整性。本文还依据数据安全方案设计了企业云盘产品中的数据安全子系统。给出了数据安全子系统与上下层服务的交互流程,并完成了安全API的结构设计。通过在生产实践中进行本解决方案的部署,获得了实际应用成果的验证。
[Abstract]:With the rapid development of the Internet and massive data, the demand for cloud computing and cloud storage is increasing, and more users begin to store the data in the cloud. Cloud disk, an online cloud storage service, enables users to simply pay on demand, rapidly implementing dynamic data expansion, permanent storage, online access at any time, anywhere, and efficient sharing and collaboration. It can be said that cloud storage service has a great market scale and application prospects. However, despite the obvious service advantages of this online cloud storage, a considerable number of governments and enterprises still have a wait-and-see attitude, and many individual users simply save unimportant documents and data to the cloud. This attitude stems mainly from concerns about security. Using this cloud service pattern means that the user puts his data in the cloud, thus leaving his control to control the data on the cloud service. Therefore, when data is stored in the cloud, how to realize the confidentiality and integrity of user data has become an important factor that hinders the development of cloud storage services. This paper analyzes the data security category and main problems of enterprise cloud disk products in detail. The realization goal of data security is defined, and the relevant key points for realizing the program goal are given. Then, a data protection method is implemented by establishing a key management system for encryption and decryption of conventional files and a shared key system for reduplication of ciphertext. In addition, a data integrity verification method is designed, which can support the summary judgment of plaintext and ciphertext without knowing the correct summary of plaintext, and prevent the attack of data forgery. Finally, the confidentiality and integrity of user data in cloud environment are realized through complete solution flow. This paper also designs the data security subsystem in enterprise cloud disk products according to the data security scheme. The interaction flow between the data security subsystem and the upper and lower services is given, and the structure of the security API is designed. Through the deployment of this solution in production practice, the practical application results are verified.
【学位授予单位】：天津大学
【学位级别】：硕士
【学位授予年份】：2016
【分类号】：TP333;TP309

【相似文献】