發(fā)布時(shí)間：2018-06-28 03:00

  本文選題：分布式存儲(chǔ)系統(tǒng) + 基于屬性的訪問控制��； 參考：《華中科技大學(xué)》2012年碩士論文

【摘要】：計(jì)算機(jī)和網(wǎng)絡(luò)技術(shù)高速發(fā)展帶來了大規(guī)模分布式存儲(chǔ)系統(tǒng)的出現(xiàn)，面對(duì)開放的網(wǎng)絡(luò)環(huán)境、數(shù)量龐大的用戶群以及應(yīng)用需求的不斷變化，信息數(shù)據(jù)具有分布性、自治性和保密性等等特性，那么就要求存儲(chǔ)系統(tǒng)必須靈活、簡單、高效、可擴(kuò)展和高安全。特別地，如今的存儲(chǔ)設(shè)備直接依附于復(fù)雜的用戶網(wǎng)絡(luò)上，如何讓用戶放心把私有數(shù)據(jù)存放在不可信任的存儲(chǔ)端，同時(shí)如何以最小的性能消耗代價(jià)來提高整個(gè)系統(tǒng)的安全，就成為了大規(guī)模存儲(chǔ)系統(tǒng)安全訪問的設(shè)計(jì)目的。 訪問控制是在分布式存儲(chǔ)系統(tǒng)對(duì)用戶提供最大限度系統(tǒng)資源共享的基礎(chǔ)上，通過管理用戶的操作權(quán)限來防止合法用戶的越權(quán)訪問�，F(xiàn)有的訪問控制機(jī)制是基于用戶身份的唯一標(biāo)識(shí)，當(dāng)存儲(chǔ)系統(tǒng)規(guī)模增大和文件共享方式復(fù)雜時(shí)，導(dǎo)致文件的訪問效率低下，從而給大規(guī)模存儲(chǔ)系統(tǒng)造成了明顯的性能瓶頸�；趯傩缘脑L問控制機(jī)制，，在基于屬性的密碼學(xué)基礎(chǔ)上，使用屬性明確定義和管理用戶、文件以及訪問權(quán)限，解決了分布式開放環(huán)境下細(xì)粒度靈活的訪問授權(quán)和大規(guī)模用戶擴(kuò)展問題，也減少了存儲(chǔ)系統(tǒng)的訪問控制開銷。 在開放網(wǎng)絡(luò)環(huán)境下認(rèn)證端和存儲(chǔ)端都需要檢驗(yàn)用戶對(duì)文件的訪問權(quán)限，基于屬性的分布式認(rèn)證方法使得存儲(chǔ)端不再需要為用戶維護(hù)訪問權(quán)限信息，對(duì)用戶訪問請(qǐng)求驗(yàn)證通過簡單計(jì)算可以完成，減少了整個(gè)存儲(chǔ)系統(tǒng)用于認(rèn)證的開銷。它不僅為具有權(quán)限用戶提供安全可靠高效的文件訪問，也有效阻止無權(quán)、越權(quán)用戶或者外部攻擊者的訪問和攻擊。 基于屬性的分布式存儲(chǔ)系統(tǒng)安全訪問方法是基于屬性的訪問控制機(jī)制和認(rèn)證方法相結(jié)合。在原型系統(tǒng)上的實(shí)驗(yàn)結(jié)果表明，該安全訪問方法不僅一定程度上保持了系統(tǒng)的高性能，而且提供了一套靈活、高效和可靠的訪問機(jī)制，為復(fù)雜網(wǎng)絡(luò)環(huán)境下的大規(guī)模分布式存儲(chǔ)系統(tǒng)提供了理想的安全訪問方案。
[Abstract]:The rapid development of computer and network technology has brought about the emergence of large-scale distributed storage system. In the face of open network environment, large number of users and continuous changes in application requirements, information data is distributed. Such features as autonomy and confidentiality require storage systems to be flexible, simple, efficient, extensible and secure. In particular, today's storage devices are directly attached to complex user networks. How to make users feel secure about storing private data in untrusted storage, and how to improve the security of the whole system with minimal performance cost. It has become the design purpose of the security access of the large-scale storage system. Access control is based on the distributed storage system to provide users with maximum system resource sharing, through the management of user's operating rights to prevent legitimate users' unauthorized access. The existing access control mechanism is the unique identification based on the user identity. When the storage system size increases and the file sharing mode is complex, the file access efficiency is low, thus causing a significant performance bottleneck to the large-scale storage system. On the basis of attribute-based cryptography, attribute is used to define and manage users, files and access rights. The problem of fine-grained and flexible access authorization and large-scale user extension in distributed open environment is solved, and the access control overhead of storage system is also reduced. In the open network environment, both the authentication end and the storage end need to check the access rights of the user to the file, and the distributed authentication method based on attributes makes the storage side no longer need to maintain access right information for the user. The verification of user access request can be accomplished by simple calculation, which reduces the cost of authentication in the whole storage system. It not only provides secure, reliable and efficient file access for authorized users, but also effectively prevents unauthorized, ultra vires users or external attackers from accessing and attacking. The secure access method of distributed storage system based on attribute is a combination of attribute based access control mechanism and authentication method. The experimental results on the prototype system show that the secure access method not only maintains the high performance of the system to some extent, but also provides a set of flexible, efficient and reliable access mechanism. It provides an ideal secure access scheme for large-scale distributed storage systems in complex network environments.
【學(xué)位授予單位】：華中科技大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2012
【分類號(hào)】：TP333;TP393.08

【參考文獻(xiàn)】

相關(guān)期刊論文 前3條

1 王小明;付紅;張立臣;;基于屬性的訪問控制研究進(jìn)展[J];電子學(xué)報(bào);2010年07期

2 李曉峰;馮登國;陳朝武;房子河;;基于屬性的訪問控制模型[J];通信學(xué)報(bào);2008年04期

3 殷石昌;徐孟春;魏峰;李曉慧;;開放環(huán)境中基于屬性的訪問控制模型研究[J];信息工程大學(xué)學(xué)報(bào);2008年04期

相關(guān)博士學(xué)位論文 前1條

1 牛中盈;并行文件系統(tǒng)安全性研究[D];華中科技大學(xué);2010年

本文編號(hào)：2076427