本文選題：云存儲 + 云安全�。� 參考：《西北大學(xué)》2013年碩士論文

【摘要】：2007年至今,云計算一直是國內(nèi)外研究的熱點。云存儲是由云計算發(fā)展而來的,通過云計算技術(shù)、集群應(yīng)用、網(wǎng)絡(luò)技術(shù)以及分布式文件系統(tǒng)等功能,將各種不同類型的存儲設(shè)備集合在一起給用戶提供存儲服務(wù)。云存儲是一種新型的網(wǎng)絡(luò)存儲形式,為用戶提供了低成本、高可靠性、按需分配的網(wǎng)絡(luò)存儲服務(wù)。因此很快被用戶所接受并且受到了小企業(yè)、科研單位的青昧。 然而,企業(yè)在享受云存儲服務(wù)所帶來好處的同時,也不得不考慮這種新存儲方式下所帶來的威脅。在云存儲服務(wù)中文件數(shù)據(jù)大都以文件明文形式存在,即使云存儲服務(wù)供應(yīng)商提供了相應(yīng)的加密功能也都是在云端實現(xiàn)的,對于用戶來說具有不可控制性。這使得云存儲服務(wù)商有獲得、篡改用戶存儲數(shù)據(jù)的能力,從而使得一些企業(yè)用戶不敢將自己的企業(yè)客戶資料、通訊記錄、財務(wù)報表、銷售計劃等敏感數(shù)據(jù)存放在云端,仍然選擇存放在企業(yè)內(nèi)部的存儲設(shè)備中,這也嚴重制約了云存儲的進一步發(fā)展。據(jù)國內(nèi)專業(yè)調(diào)研機構(gòu)CBIResearch相關(guān)數(shù)據(jù)表明：目前,大約有80%的企業(yè)出于對數(shù)據(jù)安全性的考慮不愿意將企業(yè)內(nèi)部資料放在公有云上,企業(yè)非常關(guān)心他們信息的安全性。因此,如何在用戶端實現(xiàn)對數(shù)據(jù)的隱私保護,并且在云端實現(xiàn)不同用戶之間的數(shù)據(jù)的共享成為了解決的重點。 本文深入分析了Linux文件系統(tǒng)的相關(guān)理論和VFS的基礎(chǔ)技術(shù),介紹了亞馬遜S3的相關(guān)概念,并且對Linux中實現(xiàn)文件系統(tǒng)的3種方式進行了討論。從服務(wù)器端不可信的場景下進行考慮,將數(shù)據(jù)的控制權(quán)完全置于數(shù)據(jù)的所有者端,構(gòu)建了一個能夠保證用戶數(shù)據(jù)安全性的云存儲系統(tǒng)。在Linux VFS層下設(shè)計了新的文件系統(tǒng)XFS,該系統(tǒng)是基于S3的云存儲文件系統(tǒng)。當(dāng)用戶在與系統(tǒng)進行數(shù)據(jù)交互時,由于Linux文件系統(tǒng)的VFS層屏蔽了下層具體文件系統(tǒng)的差異,保證了用戶數(shù)據(jù)操作的透明性。本系統(tǒng)使用了細粒度的文件加密方式并且將文件密鑰以文件擴展屬性的方式存放在存儲設(shè)備中,使得用戶在S3中的文件可以實現(xiàn)共享,并且即使用戶的一個文件密鑰丟失也不會影響到其它文件數(shù)據(jù)的隱私性。XFS使用了Linux的緩存機制將文件加密操作后置和將解密操作前移從而實現(xiàn)了動態(tài)加密/解密操作,將系統(tǒng)的性能損失降到了最低。
[Abstract]:So far in 2007, cloud computing has been a hot topic at home and abroad. Cloud storage is developed by cloud computing, through cloud computing technology, cluster applications, network technology and distributed file systems and other functions, a variety of different types of storage devices together to provide users with storage services. Cloud storage is a new type of network storage, which provides users with low cost, high reliability and on-demand distribution of network storage services. As a result, quickly accepted by users and by small enterprises, scientific research units of the green ignorance. However, enterprises not only enjoy the benefits of cloud storage services, but also have to consider the threat of this new storage mode. In the cloud storage service, the file data mostly exists in the form of file plaintext. Even if the cloud storage service provider provides the corresponding encryption function, it is also implemented in the cloud, which is not controllable to the user. This makes cloud storage service providers have the ability to obtain and tamper with the data stored by users, so that some enterprise users are afraid to store their own sensitive data such as customer information, communication records, financial statements, sales plans, etc., in the cloud. Still choose to store in the enterprise internal storage device, this also seriously restricted the further development of cloud storage. According to the relevant data of CBIResearch, a professional research organization in China, at present, about 80% of enterprises are unwilling to put their internal information on the public cloud for the consideration of data security, and enterprises are very concerned about the security of their information. Therefore, how to protect the privacy of the data in the client and share the data among different users in the cloud has become the focus of the solution. This paper analyzes the related theory of Linux file system and the basic technology of VFS, introduces the related concepts of Amazon S3, and discusses three ways to implement file system in Linux. Considering the scenario where the server side is not trusted, the control right of the data is completely placed on the owner side of the data, and a cloud storage system which can guarantee the security of the user data is constructed. A new file system, XFS, is designed under the Linux VFS layer, which is a cloud storage file system based on S3. When the user interacts with the system, the VFS layer of the Linux file system shields the differences of the underlying file system, which ensures the transparency of the user data operation. The system uses the fine-grained file encryption method and stores the file key in the storage device in the form of file extension attributes, so that the user files in S3 can be shared. And even if a user's file key is lost, it will not affect the privacy of other file data. XFS uses the cache mechanism of Linux to post the file encryption operation and to move the decryption operation forward, thus realizing the dynamic encryption / decryption operation. The performance loss of the system is minimized.
【學(xué)位授予單位】：西北大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2013
【分類號】：TP333;TP309

【參考文獻】

相關(guān)期刊論文 前4條

1 陳丹偉;黃秀麗;任勛益;;云計算及安全分析[J];計算機技術(shù)與發(fā)展;2010年02期

2 劉琨;董龍江;;云數(shù)據(jù)存儲與管理[J];計算機系統(tǒng)應(yīng)用;2011年06期

3 王雷;向繼;荊繼武;高能;張令臣;;基于NFS協(xié)議的存儲加密代理設(shè)計與實現(xiàn)[J];信息網(wǎng)絡(luò)安全;2011年09期

4 黃永峰;張久嶺;李星;;云存儲應(yīng)用中的加密存儲及其檢索技術(shù)[J];中興通訊技術(shù);2010年04期

相關(guān)碩士學(xué)位論文 前2條

1 張佳;基于NFS的云存儲網(wǎng)關(guān)的研究[D];電子科技大學(xué);2010年

2 劉媛;個人云存儲技術(shù)研究[D];電子科技大學(xué);2010年

，

本文編號：1905096