基于Lustre的集群存儲系統(tǒng)的安全性研究
發(fā)布時(shí)間:2018-08-30 18:03
【摘要】:近年來,數(shù)據(jù)量爆炸式增長及用戶需求跨越式提升使高性能計(jì)算技術(shù)得到廣泛應(yīng)用,這些應(yīng)用不僅需要高性能的計(jì)算能力,還需要提供良好的存儲性能,傳統(tǒng)的存儲技術(shù)逐漸顯露不足,融合了基于對象存儲技術(shù)的集群存儲系統(tǒng)能夠滿足高帶寬、并發(fā)訪問、高可擴(kuò)展性、易管理等各項(xiàng)需求,成為解決傳統(tǒng)存儲技術(shù)問題的有效途徑。但是,開放式的網(wǎng)絡(luò)環(huán)境給集群存儲系統(tǒng)造成了極大的安全威脅,所以集群系統(tǒng)的安全性研究成為當(dāng)前一項(xiàng)重要課題。 本文應(yīng)用Lustre文件系統(tǒng)搭建了一個(gè)基于對象存儲技術(shù)的集群存儲系統(tǒng),通過分析Lustre文件系統(tǒng)和集群存儲的特點(diǎn),結(jié)合實(shí)現(xiàn)系統(tǒng)安全的關(guān)鍵技術(shù),如數(shù)據(jù)加密技術(shù)、認(rèn)證技術(shù)、訪問控制技術(shù)和密鑰管理技術(shù)等,提出了一種基于該存儲系統(tǒng)的安全架構(gòu)。 本文提出的安全架構(gòu)主要實(shí)現(xiàn)身份認(rèn)證,數(shù)據(jù)加密,密鑰管理和訪問控制等功能。其中身份認(rèn)證是計(jì)算機(jī)網(wǎng)絡(luò)系統(tǒng)確認(rèn)操作者身份的過程,是安全系統(tǒng)的首個(gè)關(guān)卡,數(shù)據(jù)加密是保護(hù)數(shù)據(jù)的重要方式之一,密鑰管理是保證系統(tǒng)安全的核心問題,訪問控制可以實(shí)現(xiàn)對用戶權(quán)限的有效規(guī)范。系統(tǒng)在原有組密鑰管理器基礎(chǔ)上,增加訪問控制器,使密鑰計(jì)算和訪問控制分離,提高系統(tǒng)的安全性和部署靈活性,同時(shí)降低對組密鑰管理器的存儲需求,提高密鑰計(jì)算的效率;認(rèn)證部分采用基于公鑰基礎(chǔ)設(shè)施的認(rèn)證機(jī)制,與傳統(tǒng)的基于對稱密鑰的Kerberos機(jī)制相比,節(jié)省了管理時(shí)間和資源,提高了系統(tǒng)的可擴(kuò)展性。 最后在實(shí)驗(yàn)室集群系統(tǒng)環(huán)境的基礎(chǔ)上實(shí)現(xiàn)了該安全架構(gòu),并進(jìn)行了相關(guān)性能測試。通過分析,該安全架構(gòu)能有效防止一些常見的攻擊,能夠有效保護(hù)基于Lustre的集群存儲系統(tǒng)的數(shù)據(jù)安全,相關(guān)的性能測試結(jié)果證明了Lustre在集群存儲系統(tǒng)中的良好性能,,同時(shí)給出了安全架構(gòu)對當(dāng)前系統(tǒng)的性能影響,為課題進(jìn)一步優(yōu)化提供了依據(jù)。
[Abstract]:In recent years, the explosive growth of data volume and the leapfrog upgrade of user demand have made high performance computing technology widely used. These applications require not only high performance computing power, but also good storage performance. The traditional storage technology is becoming more and more inadequate. The cluster storage system based on object storage technology can meet the requirements of high bandwidth, concurrent access, high scalability, easy management and so on. It has become an effective way to solve the problem of traditional storage technology. However, the open network environment poses a great security threat to the cluster storage system, so the research on the security of the cluster system has become an important subject. This paper uses Lustre file system to build a cluster storage system based on object storage technology. By analyzing the characteristics of Lustre file system and cluster storage, this paper combines the key technologies to realize system security, such as data encryption technology, authentication technology, etc. A security architecture based on access control and key management is proposed. The proposed security architecture mainly implements the functions of identity authentication, data encryption, key management and access control. Identity authentication is the process of confirming the identity of the operator in the computer network system, and it is the first level of the security system. Data encryption is one of the important ways to protect data. Key management is the core problem to ensure the security of the system. Access control can achieve the effective specification of user rights. Based on the original group key manager, the system adds an access controller to separate the key calculation from access control, improves the security and flexibility of the system, and reduces the storage requirements of the group key manager. In the authentication part, the authentication mechanism based on public key infrastructure is adopted, which saves the management time and resources and improves the scalability of the system compared with the traditional Kerberos mechanism based on symmetric key. Finally, the security architecture is implemented on the basis of the laboratory cluster system environment, and the related performance tests are carried out. Through analysis, the security architecture can effectively prevent some common attacks, and can effectively protect the data security of cluster storage system based on Lustre. The related performance test results prove the good performance of Lustre in cluster storage system. At the same time, the influence of the security architecture on the performance of the current system is given, which provides the basis for further optimization.
【學(xué)位授予單位】:中國石油大學(xué)(華東)
【學(xué)位級別】:碩士
【學(xué)位授予年份】:2013
【分類號】:TP333;TP309
本文編號:2213864
[Abstract]:In recent years, the explosive growth of data volume and the leapfrog upgrade of user demand have made high performance computing technology widely used. These applications require not only high performance computing power, but also good storage performance. The traditional storage technology is becoming more and more inadequate. The cluster storage system based on object storage technology can meet the requirements of high bandwidth, concurrent access, high scalability, easy management and so on. It has become an effective way to solve the problem of traditional storage technology. However, the open network environment poses a great security threat to the cluster storage system, so the research on the security of the cluster system has become an important subject. This paper uses Lustre file system to build a cluster storage system based on object storage technology. By analyzing the characteristics of Lustre file system and cluster storage, this paper combines the key technologies to realize system security, such as data encryption technology, authentication technology, etc. A security architecture based on access control and key management is proposed. The proposed security architecture mainly implements the functions of identity authentication, data encryption, key management and access control. Identity authentication is the process of confirming the identity of the operator in the computer network system, and it is the first level of the security system. Data encryption is one of the important ways to protect data. Key management is the core problem to ensure the security of the system. Access control can achieve the effective specification of user rights. Based on the original group key manager, the system adds an access controller to separate the key calculation from access control, improves the security and flexibility of the system, and reduces the storage requirements of the group key manager. In the authentication part, the authentication mechanism based on public key infrastructure is adopted, which saves the management time and resources and improves the scalability of the system compared with the traditional Kerberos mechanism based on symmetric key. Finally, the security architecture is implemented on the basis of the laboratory cluster system environment, and the related performance tests are carried out. Through analysis, the security architecture can effectively prevent some common attacks, and can effectively protect the data security of cluster storage system based on Lustre. The related performance test results prove the good performance of Lustre in cluster storage system. At the same time, the influence of the security architecture on the performance of the current system is given, which provides the basis for further optimization.
【學(xué)位授予單位】:中國石油大學(xué)(華東)
【學(xué)位級別】:碩士
【學(xué)位授予年份】:2013
【分類號】:TP333;TP309
【參考文獻(xiàn)】
相關(guān)期刊論文 前7條
1 張松敏;陶榮;于國華;;安全散列算法SHA-1的研究[J];計(jì)算機(jī)安全;2010年10期
2 陳凱,白英彩;網(wǎng)絡(luò)存儲技術(shù)及發(fā)展趨勢[J];電子學(xué)報(bào);2002年S1期
3 鄧曉軍;;PKI技術(shù)及其應(yīng)用的分析[J];計(jì)算機(jī)技術(shù)與發(fā)展;2008年06期
4 徐嘉;李建華;;結(jié)合PKI與Kerberos的分布式認(rèn)證與訪問控制[J];微計(jì)算機(jī)信息;2006年21期
5 向華萍;萬仲保;;基于ECC的身份認(rèn)證系統(tǒng)的設(shè)計(jì)與實(shí)現(xiàn)[J];微計(jì)算機(jī)信息;2007年03期
6 李煥芝;馮震宇;何波;;集群存儲技術(shù)及其在石油勘探行業(yè)的應(yīng)用[J];中國西部科技;2012年01期
7 熊艷,覃俊;SSL協(xié)議及其幾個(gè)安全性問題[J];中南民族大學(xué)學(xué)報(bào)(自然科學(xué)版);2005年03期
本文編號:2213864
本文鏈接:http://sikaile.net/kejilunwen/jisuanjikexuelunwen/2213864.html
最近更新
教材專著
