本文關(guān)鍵詞：基于HDFS的云存儲(chǔ)訪問(wèn)控制安全策略的研究　出處：《哈爾濱工業(yè)大學(xué)》2013年碩士論文　論文類型：學(xué)位論文

  更多相關(guān)文章： 云存儲(chǔ) 訪問(wèn)控制 安全標(biāo)簽 安全策略 HDFS

【摘要】：眾所周知，隨著云計(jì)算的興起，各種基于云的服務(wù)也伴隨而來(lái)。在如今的互聯(lián)網(wǎng)時(shí)代，人們不再局限于使用計(jì)算機(jī)上網(wǎng)。如今的移動(dòng)設(shè)備發(fā)展的越來(lái)越快，越來(lái)越來(lái)好，它使人們幾乎可以隨時(shí)隨地的連接到互聯(lián)網(wǎng)中。越來(lái)越多的組織或個(gè)人可以方便的使用互聯(lián)網(wǎng)絡(luò)進(jìn)行信息通訊和共享，，但伴隨而來(lái)的問(wèn)題就是如此巨大的信息該如何存儲(chǔ)。云存儲(chǔ)是為了滿足隨時(shí)隨地的存儲(chǔ)需求和大規(guī)模數(shù)據(jù)存儲(chǔ)而出現(xiàn)的。然而，現(xiàn)實(shí)的研究表明，云存儲(chǔ)雖有廣闊的應(yīng)用前景，但要人們完全的相信和接受它，并放心的把個(gè)人的隱私、企業(yè)和政府的敏感數(shù)據(jù)放心的交給云服務(wù)商，仍然需要跨過(guò)一個(gè)障礙，那就是如何保障用戶數(shù)據(jù)的保密性和完整性。因此，云存儲(chǔ)的安全問(wèn)題也就日漸為人們所熱切關(guān)注。 本文的研究?jī)?nèi)容為基于HDFS（Hadoop Distributed File System）的云存儲(chǔ)安全策略的研究，目的是針對(duì)基于HDFS的云存儲(chǔ)平臺(tái)設(shè)計(jì)和實(shí)施提出有效的安全策略，實(shí)現(xiàn)安全的訪問(wèn)控制。在研究HDFS的架構(gòu)之后，針對(duì)其在訪問(wèn)控制方面的弱點(diǎn)進(jìn)行安全策略的設(shè)計(jì)。該策略結(jié)合強(qiáng)制訪問(wèn)控制和基于角色的訪問(wèn)控制，分別設(shè)計(jì)了主體和客體的安全標(biāo)簽，定義了安全訪問(wèn)控制規(guī)則，同時(shí)引入角色概念，增加了訪問(wèn)控制的安全性和靈活性，使得云中存儲(chǔ)的不同組織的數(shù)據(jù)可以安全隔離，同時(shí)可以安全訪問(wèn)云中數(shù)據(jù)。具體工作如下： 首先，在實(shí)驗(yàn)室的云計(jì)算平臺(tái)搭建了基于HDFS的云存儲(chǔ)服務(wù)，通過(guò)具體的配置和操作以及閱讀相關(guān)文獻(xiàn)來(lái)研究HDFS的架構(gòu)，分析其安全機(jī)制。 接著，針對(duì)HDFS訪問(wèn)控制的弱項(xiàng)進(jìn)行了深入研究。通過(guò)研究傳統(tǒng)訪問(wèn)控制的原理和模型，設(shè)計(jì)了針對(duì)HDFS的安全策略。最終選定了基于主客體標(biāo)簽的強(qiáng)制訪問(wèn)控制與基于角色的訪問(wèn)控制的結(jié)合來(lái)實(shí)現(xiàn)云中數(shù)據(jù)隔離和安全訪問(wèn)。 最后，在實(shí)現(xiàn)安全策略編碼后，又實(shí)現(xiàn)基于HDFS的PC端文件管理服務(wù)，方便組織和個(gè)人對(duì)云中數(shù)據(jù)的安全操作；同時(shí)，實(shí)現(xiàn)了基于Android手機(jī)端的移動(dòng)云存儲(chǔ)簡(jiǎn)單應(yīng)用。 本課題將傳統(tǒng)訪問(wèn)控制重新結(jié)合設(shè)計(jì)適合云存儲(chǔ)安全的安全策略，對(duì)于實(shí)際應(yīng)用具有一定的理論意義。
[Abstract]:As everyone knows, with the rise of cloud computing, cloud based service attendant. In today's Internet era, people are no longer limited to the use of computer to the Internet. Today's mobile device development more and more quickly, more and more good, it makes people can connect to the Internet whenever and wherever possible. More and more organizations or individuals you can use the Internet to facilitate the communication and information sharing, but the problem is so huge. How to store the information of the cloud storage is to satisfy the storage requirements whenever and wherever possible and large-scale data storage and appear. However, the reality of the research shows that although the cloud storage has broad application prospects, but to the people completely believe and accept it, and be assured of the personal data privacy, sensitive business and government assured to the cloud service provider, still need to cross an obstacle to it How to guarantee the confidentiality and integrity of user data, so the security of cloud storage is becoming more and more concerned.
This paper is based on HDFS (Hadoop Distributed File System) of the cloud storage security strategy, the aim is to put forward effective security policy design and implementation of cloud storage platform based on HDFS, implementation of security access control. After the research of the architecture of HDFS, according to the design of the security policy for the weakness of the visit control. This strategy combines mandatory access control and role-based access control, designed the security label of the subject and the object, the definition of security access control rules, and introduces the concept of the role, increase the access control security and flexibility, so that the cloud storage data in different organizations can safe isolation, and can secure access to the cloud the data as follows:
First of all, cloud storage service based on HDFS is built in the cloud computing platform of the laboratory. Through the specific configuration and operation, and reading related literature, we study the architecture of HDFS and analyze its security mechanism.
Then, according to the HDFS access control weaknesses are studied. Through the research on the principle and model of traditional access control, designed for the HDFS security policy. Finally selected label the subject and the object of the mandatory access control and role-based access control to achieve cloud data isolation and security access based on.
Finally, after implementing the coding of security policy, the PC file management service based on HDFS is implemented to facilitate the safe operation of organizations and individuals in cloud data. At the same time, a simple application of mobile cloud storage based on Android mobile terminal is implemented.
This topic recombines the traditional access control to design the security strategy suitable for the cloud storage security, which has a certain theoretical significance for the practical application.

【學(xué)位授予單位】：哈爾濱工業(yè)大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2013
【分類號(hào)】：TP393.08;TP333

【參考文獻(xiàn)】

相關(guān)期刊論文 前5條

1 馮登國(guó);張敏;張妍;徐震;;云計(jì)算安全研究[J];軟件學(xué)報(bào);2011年01期

2 孫國(guó)梓;董宇;李云;;基于CP-ABE算法的云存儲(chǔ)數(shù)據(jù)訪問(wèn)控制[J];通信學(xué)報(bào);2011年07期

3 邊根慶;高松;邵必林;;面向分散式存儲(chǔ)的云存儲(chǔ)安全架構(gòu)[J];西安交通大學(xué)學(xué)報(bào);2011年04期

4 黃永峰;張久嶺;李星;;云存儲(chǔ)應(yīng)用中的加密存儲(chǔ)及其檢索技術(shù)[J];中興通訊技術(shù);2010年04期

5 ;Encrypted Storage and Retrieval in Cloud Storage Applications[J];ZTE Communications;2010年04期

本文編號(hào)：1391181