安全對象分布式文件系統(tǒng)的設計與實現(xiàn)
發(fā)布時間:2018-07-31 10:47
【摘要】:隨著分布式存儲技術的發(fā)展,對象分布式文件系統(tǒng)也成為當前的研究熱點。在不斷滿足高性能、高容量、高可靠性及高可擴展性的同時,其安全性也越來越受到重視,在追求高安全性的同時必然帶來性能的消耗,,如何在保證安全性的同時,減少其帶來的性能開銷,是研究分布式文件系統(tǒng)安全的熱點之一。 面向所開發(fā)的對象分布式文件系統(tǒng)設計了一個基于身份的分布式安全方案,在提供文件系統(tǒng)安全性的同時,降低由安全措施帶來的性能開銷。針對分布式文件系統(tǒng)用戶量大、IO訪問頻繁的特點,結合IBE身份認證方案,采用一種用戶登錄階段與文件IO階段相分離的兩階段身份認證,保證了用戶登錄階段身份認證的安全性及IO階段身份認證的高效性。針對中心式訪問控制會造成的元數(shù)據(jù)服務器性能瓶頸問題,設計了一種基于角色的分布式訪問架構,在元數(shù)據(jù)服務器和對象存儲服務器間恰當分配安全功能,實現(xiàn)存儲節(jié)點對用戶請求的分布式訪問控制。采用基于鎖盒子密鑰的密鑰管理方法,設計了一種多安全級別的加密存儲方案,在增強系統(tǒng)安全性的同時降低了密鑰管理的成本開銷。 實驗表明,所設計的基于身份的分布式安全架構不僅為文件系統(tǒng)提供了有效的安全保證,同時保證了身份認證、訪問控制的高效性。
[Abstract]:With the development of distributed storage technology, object distributed file system has become a hot research topic. Reducing the performance overhead is one of the hotspots in the research of distributed file system security. An identity-based distributed security scheme is designed for the developed object distributed file system, which not only provides the security of the file system, but also reduces the performance overhead brought by the security measures. In view of the frequent access of users in distributed file systems, combined with the IBE authentication scheme, a two-stage authentication is adopted, which separates the user login stage from the file IO stage. The security of identity authentication in login stage and the high efficiency of identity authentication in IO stage are guaranteed. Aiming at the bottleneck of metadata server performance caused by central access control, a role-based distributed access architecture is designed to distribute security functions between metadata server and object storage server. The distributed access control of the storage node to the user request is realized. Based on the key management method of lock box key, a multi-level encryption storage scheme is designed, which not only enhances the security of the system but also reduces the cost of key management. Experimental results show that the proposed ID-based distributed security architecture not only provides an effective security guarantee for file systems, but also ensures the high efficiency of identity authentication and access control.
【學位授予單位】:華中科技大學
【學位級別】:碩士
【學位授予年份】:2013
【分類號】:TP309;TP333
本文編號:2155352
[Abstract]:With the development of distributed storage technology, object distributed file system has become a hot research topic. Reducing the performance overhead is one of the hotspots in the research of distributed file system security. An identity-based distributed security scheme is designed for the developed object distributed file system, which not only provides the security of the file system, but also reduces the performance overhead brought by the security measures. In view of the frequent access of users in distributed file systems, combined with the IBE authentication scheme, a two-stage authentication is adopted, which separates the user login stage from the file IO stage. The security of identity authentication in login stage and the high efficiency of identity authentication in IO stage are guaranteed. Aiming at the bottleneck of metadata server performance caused by central access control, a role-based distributed access architecture is designed to distribute security functions between metadata server and object storage server. The distributed access control of the storage node to the user request is realized. Based on the key management method of lock box key, a multi-level encryption storage scheme is designed, which not only enhances the security of the system but also reduces the cost of key management. Experimental results show that the proposed ID-based distributed security architecture not only provides an effective security guarantee for file systems, but also ensures the high efficiency of identity authentication and access control.
【學位授予單位】:華中科技大學
【學位級別】:碩士
【學位授予年份】:2013
【分類號】:TP309;TP333
【參考文獻】
相關期刊論文 前2條
1 陳濤;肖儂;劉芳;;對象存儲系統(tǒng)中自適應的元數(shù)據(jù)負載均衡機制[J];軟件學報;2013年02期
2 鄭芳芳;侯整風;朱曉林;;無可信中心數(shù)字簽名方案[J];微計算機信息;2012年02期
本文編號:2155352
本文鏈接:http://sikaile.net/kejilunwen/jisuanjikexuelunwen/2155352.html
最近更新
教材專著
