本文關(guān)鍵詞： 同步網(wǎng)盤 云存儲 密文訪問控制 校園環(huán)境 MFS　出處：《國防科學(xué)技術(shù)大學(xué)》2013年碩士論文　論文類型：學(xué)位論文

【摘要】：互聯(lián)網(wǎng)的發(fā)展和智能設(shè)備的普及使得越來越多的用戶同時擁有多臺計算終端,由此帶來的多終端間文件同步需求催生了同步網(wǎng)盤這一產(chǎn)品。同步網(wǎng)盤是云存儲的一種應(yīng)用形式,用戶根據(jù)需求向服務(wù)提供商購買或免費申請一定的存儲空間,將自身數(shù)據(jù)托管給服務(wù)提供商,享受數(shù)據(jù)在線備份、共享、多終端間數(shù)據(jù)同步等一系列服務(wù)。對學(xué)校而言,一方面現(xiàn)有商業(yè)同步網(wǎng)盤產(chǎn)品大多基于公有云存儲構(gòu)建,無法運用于校園中某些相對封閉的網(wǎng)絡(luò)環(huán)境;另一方面,私有云存儲之上的同步網(wǎng)盤產(chǎn)品或價格昂貴或功能薄弱,均無法很好的滿足校園環(huán)境的要求。本文在研究分析當(dāng)前同步網(wǎng)盤產(chǎn)品功能特征的基礎(chǔ)上,以校園網(wǎng)為應(yīng)用環(huán)境提出了自主的安全同步網(wǎng)盤解決方案QXDrive,并著重解決同步網(wǎng)盤中的數(shù)據(jù)同步和訪問控制兩個關(guān)鍵性技術(shù)問題。本文進行的主要工作包括:1.構(gòu)建了一種同步網(wǎng)盤總體框架。本文通過分析同步網(wǎng)盤的功能特點和校園環(huán)境下用戶對同步網(wǎng)盤的需求設(shè)計了QXDr ive中存儲端、服務(wù)端、客戶端三層結(jié)構(gòu)、各層次組成模塊的功能及模塊間關(guān)系。2.提出了一種數(shù)據(jù)同步算法BDsync。本文對同步網(wǎng)盤中各位置副本的同步狀態(tài)進行了定義;將同步網(wǎng)盤中的數(shù)據(jù)同步問題分解為版本控制和差異傳輸兩個子問題。同步算法BDsync采用時間戳進行集中化的版本比較,采用版本鏈進行沖突處理,采用優(yōu)化了的Rsync算法進行數(shù)據(jù)傳輸。實驗證明,本文所提出的BDsyn c算法能夠?qū)崿F(xiàn)同步網(wǎng)盤中的版本比較和沖突處理,其數(shù)據(jù)傳輸過程與傳統(tǒng)的Rsyn c算法相比有更快的傳輸速度和更低的計算資源開銷。3.設(shè)計了一種同步網(wǎng)盤中的密文訪問控制方案。以校園同步網(wǎng)盤中云存儲服務(wù)提供商(CSP)與用戶之間的利益共同體關(guān)系為基礎(chǔ),對學(xué)校作為CSP的可信程度提出了“誠實但無辜”的假設(shè)。本文所設(shè)計的方案中,CSP通過基于角色的訪問控制(RBAC)控制數(shù)據(jù)密文的獲取權(quán)限,用戶通過基于CP-ABE的密文訪問控制架構(gòu)(CCAC)控制對數(shù)據(jù)密文的解密權(quán)限,形成了一套CSP與用戶雙重可控的密文訪問控制方案。通過對本文所提出的訪問控制方案的實現(xiàn)和分析,證明該方案能夠有效阻止未授權(quán)用戶對數(shù)據(jù)的獲取,對校園同步網(wǎng)盤中的數(shù)據(jù)安全有良好的保護效果。
[Abstract]:With the development of Internet and the popularity of intelligent devices, more and more users have multiple computing terminals at the same time. The need for file synchronization between multiple terminals gives birth to the product of synchronous network disk, which is an application form of cloud storage. Users purchase or apply for certain storage space free of charge from service providers according to their needs. Hosting their own data to service providers, enjoy data online backup, sharing, multi-terminal data synchronization and other services. For schools. On the one hand, most of the existing commercial synchronous network disk products are based on public cloud storage, which can not be used in some relatively closed network environment on campus; On the other hand, the synchronous disk products on the private cloud storage or expensive or weak function, can not meet the requirements of the campus environment. Taking the campus network as the application environment, this paper puts forward the independent security synchronous network disk solution QXDrive. Two key technical problems of data synchronization and access control in synchronous network disk are emphatically solved. The main work of this paper includes:. 1. A general frame of synchronous network disk is constructed. The storage terminal in QXDr ive is designed by analyzing the function characteristics of synchronous network disk and the requirements of users on the campus environment. Server, client three-tier structure. This paper presents a data synchronization algorithm BDsync. this paper defines the synchronization state of each replica in the synchronous network disk. The data synchronization problem in the synchronous network disk is decomposed into two sub-problems: version control and differential transmission. The synchronization algorithm BDsync uses time stamp for centralized version comparison and uses version chain for conflict handling. The optimized Rsync algorithm is used for data transmission. Experimental results show that the proposed BDsyn c algorithm can achieve version comparison and conflict handling in synchronous disk. Its data transfer process and traditional Rsyn. C algorithm has faster transmission speed and lower computing resource overhead. 3. A ciphertext access control scheme in synchronous network disk is designed. CSP) is based on a community of interest relationship with users. This paper puts forward the hypothesis of "honesty but innocence" for the trustworthiness of school as CSP. In the scheme designed in this paper, the authority of obtaining data ciphertext is controlled by role-based access control (RBAC). The user controls the decryption permission of the data ciphertext through the ciphertext access control architecture based on CP-ABE. A set of ciphertext access control scheme, which is controlled by CSP and user, is formed. Through the implementation and analysis of the access control scheme proposed in this paper, it is proved that the scheme can effectively prevent unauthorized users from obtaining data. It has good protection effect to the data security in the campus synchronous net disk.
【學(xué)位授予單位】：國防科學(xué)技術(shù)大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2013
【分類號】：TP333
，

本文編號：1455320