本文關(guān)鍵詞： 同步網(wǎng)盤 云存儲(chǔ) 密文訪問(wèn)控制 校園環(huán)境 MFS　出處：《國(guó)防科學(xué)技術(shù)大學(xué)》2013年碩士論文　論文類型：學(xué)位論文

【摘要】：互聯(lián)網(wǎng)的發(fā)展和智能設(shè)備的普及使得越來(lái)越多的用戶同時(shí)擁有多臺(tái)計(jì)算終端,由此帶來(lái)的多終端間文件同步需求催生了同步網(wǎng)盤這一產(chǎn)品。同步網(wǎng)盤是云存儲(chǔ)的一種應(yīng)用形式,用戶根據(jù)需求向服務(wù)提供商購(gòu)買或免費(fèi)申請(qǐng)一定的存儲(chǔ)空間,將自身數(shù)據(jù)托管給服務(wù)提供商,享受數(shù)據(jù)在線備份、共享、多終端間數(shù)據(jù)同步等一系列服務(wù)。對(duì)學(xué)校而言,一方面現(xiàn)有商業(yè)同步網(wǎng)盤產(chǎn)品大多基于公有云存儲(chǔ)構(gòu)建,無(wú)法運(yùn)用于校園中某些相對(duì)封閉的網(wǎng)絡(luò)環(huán)境;另一方面,私有云存儲(chǔ)之上的同步網(wǎng)盤產(chǎn)品或價(jià)格昂貴或功能薄弱,均無(wú)法很好的滿足校園環(huán)境的要求。本文在研究分析當(dāng)前同步網(wǎng)盤產(chǎn)品功能特征的基礎(chǔ)上,以校園網(wǎng)為應(yīng)用環(huán)境提出了自主的安全同步網(wǎng)盤解決方案QXDrive,并著重解決同步網(wǎng)盤中的數(shù)據(jù)同步和訪問(wèn)控制兩個(gè)關(guān)鍵性技術(shù)問(wèn)題。本文進(jìn)行的主要工作包括:1.構(gòu)建了一種同步網(wǎng)盤總體框架。本文通過(guò)分析同步網(wǎng)盤的功能特點(diǎn)和校園環(huán)境下用戶對(duì)同步網(wǎng)盤的需求設(shè)計(jì)了QXDr ive中存儲(chǔ)端、服務(wù)端、客戶端三層結(jié)構(gòu)、各層次組成模塊的功能及模塊間關(guān)系。2.提出了一種數(shù)據(jù)同步算法BDsync。本文對(duì)同步網(wǎng)盤中各位置副本的同步狀態(tài)進(jìn)行了定義;將同步網(wǎng)盤中的數(shù)據(jù)同步問(wèn)題分解為版本控制和差異傳輸兩個(gè)子問(wèn)題。同步算法BDsync采用時(shí)間戳進(jìn)行集中化的版本比較,采用版本鏈進(jìn)行沖突處理,采用優(yōu)化了的Rsync算法進(jìn)行數(shù)據(jù)傳輸。實(shí)驗(yàn)證明,本文所提出的BDsyn c算法能夠?qū)崿F(xiàn)同步網(wǎng)盤中的版本比較和沖突處理,其數(shù)據(jù)傳輸過(guò)程與傳統(tǒng)的Rsyn c算法相比有更快的傳輸速度和更低的計(jì)算資源開(kāi)銷。3.設(shè)計(jì)了一種同步網(wǎng)盤中的密文訪問(wèn)控制方案。以校園同步網(wǎng)盤中云存儲(chǔ)服務(wù)提供商(CSP)與用戶之間的利益共同體關(guān)系為基礎(chǔ),對(duì)學(xué)校作為CSP的可信程度提出了“誠(chéng)實(shí)但無(wú)辜”的假設(shè)。本文所設(shè)計(jì)的方案中,CSP通過(guò)基于角色的訪問(wèn)控制(RBAC)控制數(shù)據(jù)密文的獲取權(quán)限,用戶通過(guò)基于CP-ABE的密文訪問(wèn)控制架構(gòu)(CCAC)控制對(duì)數(shù)據(jù)密文的解密權(quán)限,形成了一套CSP與用戶雙重可控的密文訪問(wèn)控制方案。通過(guò)對(duì)本文所提出的訪問(wèn)控制方案的實(shí)現(xiàn)和分析,證明該方案能夠有效阻止未授權(quán)用戶對(duì)數(shù)據(jù)的獲取,對(duì)校園同步網(wǎng)盤中的數(shù)據(jù)安全有良好的保護(hù)效果。
[Abstract]:With the development of Internet and the popularity of intelligent devices, more and more users have multiple computing terminals at the same time. The need for file synchronization between multiple terminals gives birth to the product of synchronous network disk, which is an application form of cloud storage. Users purchase or apply for certain storage space free of charge from service providers according to their needs. Hosting their own data to service providers, enjoy data online backup, sharing, multi-terminal data synchronization and other services. For schools. On the one hand, most of the existing commercial synchronous network disk products are based on public cloud storage, which can not be used in some relatively closed network environment on campus; On the other hand, the synchronous disk products on the private cloud storage or expensive or weak function, can not meet the requirements of the campus environment. Taking the campus network as the application environment, this paper puts forward the independent security synchronous network disk solution QXDrive. Two key technical problems of data synchronization and access control in synchronous network disk are emphatically solved. The main work of this paper includes:. 1. A general frame of synchronous network disk is constructed. The storage terminal in QXDr ive is designed by analyzing the function characteristics of synchronous network disk and the requirements of users on the campus environment. Server, client three-tier structure. This paper presents a data synchronization algorithm BDsync. this paper defines the synchronization state of each replica in the synchronous network disk. The data synchronization problem in the synchronous network disk is decomposed into two sub-problems: version control and differential transmission. The synchronization algorithm BDsync uses time stamp for centralized version comparison and uses version chain for conflict handling. The optimized Rsync algorithm is used for data transmission. Experimental results show that the proposed BDsyn c algorithm can achieve version comparison and conflict handling in synchronous disk. Its data transfer process and traditional Rsyn. C algorithm has faster transmission speed and lower computing resource overhead. 3. A ciphertext access control scheme in synchronous network disk is designed. CSP) is based on a community of interest relationship with users. This paper puts forward the hypothesis of "honesty but innocence" for the trustworthiness of school as CSP. In the scheme designed in this paper, the authority of obtaining data ciphertext is controlled by role-based access control (RBAC). The user controls the decryption permission of the data ciphertext through the ciphertext access control architecture based on CP-ABE. A set of ciphertext access control scheme, which is controlled by CSP and user, is formed. Through the implementation and analysis of the access control scheme proposed in this paper, it is proved that the scheme can effectively prevent unauthorized users from obtaining data. It has good protection effect to the data security in the campus synchronous net disk.
【學(xué)位授予單位】：國(guó)防科學(xué)技術(shù)大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2013
【分類號(hào)】：TP333
，

本文編號(hào)：1455320