發(fā)布時間：2018-06-28 03:00

  本文選題：分布式存儲系統(tǒng) + 基于屬性的訪問控制��； 參考：《華中科技大學》2012年碩士論文

【摘要】：計算機和網(wǎng)絡技術(shù)高速發(fā)展帶來了大規(guī)模分布式存儲系統(tǒng)的出現(xiàn)，面對開放的網(wǎng)絡環(huán)境、數(shù)量龐大的用戶群以及應用需求的不斷變化，信息數(shù)據(jù)具有分布性、自治性和保密性等等特性，那么就要求存儲系統(tǒng)必須靈活、簡單、高效、可擴展和高安全。特別地，如今的存儲設備直接依附于復雜的用戶網(wǎng)絡上，如何讓用戶放心把私有數(shù)據(jù)存放在不可信任的存儲端，同時如何以最小的性能消耗代價來提高整個系統(tǒng)的安全，就成為了大規(guī)模存儲系統(tǒng)安全訪問的設計目的。 訪問控制是在分布式存儲系統(tǒng)對用戶提供最大限度系統(tǒng)資源共享的基礎(chǔ)上，通過管理用戶的操作權(quán)限來防止合法用戶的越權(quán)訪問�，F(xiàn)有的訪問控制機制是基于用戶身份的唯一標識，當存儲系統(tǒng)規(guī)模增大和文件共享方式復雜時，導致文件的訪問效率低下，從而給大規(guī)模存儲系統(tǒng)造成了明顯的性能瓶頸。基于屬性的訪問控制機制，，在基于屬性的密碼學基礎(chǔ)上，使用屬性明確定義和管理用戶、文件以及訪問權(quán)限，解決了分布式開放環(huán)境下細粒度靈活的訪問授權(quán)和大規(guī)模用戶擴展問題，也減少了存儲系統(tǒng)的訪問控制開銷。 在開放網(wǎng)絡環(huán)境下認證端和存儲端都需要檢驗用戶對文件的訪問權(quán)限，基于屬性的分布式認證方法使得存儲端不再需要為用戶維護訪問權(quán)限信息，對用戶訪問請求驗證通過簡單計算可以完成，減少了整個存儲系統(tǒng)用于認證的開銷。它不僅為具有權(quán)限用戶提供安全可靠高效的文件訪問，也有效阻止無權(quán)、越權(quán)用戶或者外部攻擊者的訪問和攻擊。 基于屬性的分布式存儲系統(tǒng)安全訪問方法是基于屬性的訪問控制機制和認證方法相結(jié)合。在原型系統(tǒng)上的實驗結(jié)果表明，該安全訪問方法不僅一定程度上保持了系統(tǒng)的高性能，而且提供了一套靈活、高效和可靠的訪問機制，為復雜網(wǎng)絡環(huán)境下的大規(guī)模分布式存儲系統(tǒng)提供了理想的安全訪問方案。
[Abstract]:The rapid development of computer and network technology has brought about the emergence of large-scale distributed storage system. In the face of open network environment, large number of users and continuous changes in application requirements, information data is distributed. Such features as autonomy and confidentiality require storage systems to be flexible, simple, efficient, extensible and secure. In particular, today's storage devices are directly attached to complex user networks. How to make users feel secure about storing private data in untrusted storage, and how to improve the security of the whole system with minimal performance cost. It has become the design purpose of the security access of the large-scale storage system. Access control is based on the distributed storage system to provide users with maximum system resource sharing, through the management of user's operating rights to prevent legitimate users' unauthorized access. The existing access control mechanism is the unique identification based on the user identity. When the storage system size increases and the file sharing mode is complex, the file access efficiency is low, thus causing a significant performance bottleneck to the large-scale storage system. On the basis of attribute-based cryptography, attribute is used to define and manage users, files and access rights. The problem of fine-grained and flexible access authorization and large-scale user extension in distributed open environment is solved, and the access control overhead of storage system is also reduced. In the open network environment, both the authentication end and the storage end need to check the access rights of the user to the file, and the distributed authentication method based on attributes makes the storage side no longer need to maintain access right information for the user. The verification of user access request can be accomplished by simple calculation, which reduces the cost of authentication in the whole storage system. It not only provides secure, reliable and efficient file access for authorized users, but also effectively prevents unauthorized, ultra vires users or external attackers from accessing and attacking. The secure access method of distributed storage system based on attribute is a combination of attribute based access control mechanism and authentication method. The experimental results on the prototype system show that the secure access method not only maintains the high performance of the system to some extent, but also provides a set of flexible, efficient and reliable access mechanism. It provides an ideal secure access scheme for large-scale distributed storage systems in complex network environments.
【學位授予單位】：華中科技大學
【學位級別】：碩士
【學位授予年份】：2012
【分類號】：TP333;TP393.08

【參考文獻】

相關(guān)期刊論文 前3條

1 王小明;付紅;張立臣;;基于屬性的訪問控制研究進展[J];電子學報;2010年07期

2 李曉峰;馮登國;陳朝武;房子河;;基于屬性的訪問控制模型[J];通信學報;2008年04期

3 殷石昌;徐孟春;魏峰;李曉慧;;開放環(huán)境中基于屬性的訪問控制模型研究[J];信息工程大學學報;2008年04期

相關(guān)博士學位論文 前1條

1 牛中盈;并行文件系統(tǒng)安全性研究[D];華中科技大學;2010年

本文編號：2076427