计算机科学 ›› 2014, Vol. 41 ›› Issue (1): 202-207.

• 网络与通信 • 上一篇    下一篇

一种基于虚拟隔离机制的安全私有云存储系统

鲍爱华,袁晓萍,陈锋,缪嘉嘉   

  1. 解放军理工大学指挥信息系统学院 南京210007;解放军理工大学指挥信息系统学院 南京210007;第二军医大学 上海200000;解放军理工大学指挥信息系统学院 南京210007
  • 出版日期:2018-11-14 发布日期:2018-11-14
  • 基金资助:
    本文受江苏省自然科学基金项目(BK2010131)资助

Secure Private Cloud Storage System Based on Virtual Isolation Mechanism

BAO Ai-hua,YUAN Xiao-ping,CHEN Feng and MIAO Jia-jia   

  • Online:2018-11-14 Published:2018-11-14

摘要: 云存储技术是云计算领域的重要研究方向,由于存在隐私泄漏和安全问题 ,公共云存储服务在持有核心数据的组织(如创新型企业、军队)中往往难以得到广泛应用。提出一种基于虚拟隔离机制的安全私有云存储系统VI-PCS:系统将物理存储介质和公共云存储服务虚拟化为虚拟存储能力,通过集中生命周期管理使其为系统提供服务;系统将文件存储过程划分为元数据管理、文件虚拟存储和文件物理存储3个层面,通过文件重命名、IO透明加解密等方式实现数据安全可靠存储;系统提供基于隔离沙箱技术的安全网盘访问方法,通过虚拟化隔离环境来保证数据安全、可控、可用;系统提出基于有序哈希树的文件双向同步方法来实现数据的高效同步,其离线模式也提高了系统的可用性和适应性。结果表明,系统在可靠性、安全性、可伸缩性和适应性方面具有一定的优势。

关键词: 云计算,私有云存储,虚拟隔离,沙盒,双向同步

Abstract: Cloud storage technology is an important research area of cloud computing,because of the loss of privacy and security concerns,public cloud storage services are often difficult to be widely used in organizations which keep the core data,such as the innovative enterprises or the army.VI-PCS,a secure private cloud storage system based on virtual isolation mechanism,was proposed in which physical storage media and public cloud storage services are virtualized as storage capabilities,which are managed through centralized life-cycle,provide storage services for applications in VI-PCS;file storage procedure is divided into three levels(i.e.Meta-data management,virtual storage and physical stora-ge),in which secure,reliable data storage is achieved by file renaming and transparent encryption and decryption technology;a secure net disk based on isolated sandbox is provided as access method,and data security,controllability and availability are achieved in this isolated environment;a file bidirectional synchronization method based on ordered hash tree is proposed,and its offline mode is also helpful to improve system availability and adaptability.The results show that VI-PCS has certain advantages in reliability,security,scalability and adaptability.

Key words: Cloud computing,Private cloud storage,Virtual isolation,Sandbox,Bidirectional synchronization

[1] Zhan Ying,Sun Yong.Cloud storage management technology[C]∥2009Second International Conference on Information and Computing Seience.2009
[2] Storage networking Industry Association.Cloud storage forcloud computing[EB/OL].http://www.snia.org
[3] Larry D.Cloud computing hasn’t gone fortune 500yet,but it’s coming[EB/OL].http://blogs.zdnet.corn/BTL/?p=8199
[4] Atenises G,Burns R,Curtmola R,et al.Provable data possession at untrusted stores[C]∥CCS’07:Proceedings f the 14th ACM Conference on Computer and Communications Security.New York:ACM Press,2007:598-609
[5] Atenises G,Kamara S,Katz J.Proofs of storage from homomorphic identification protocols[C]∥ASIACRYPT’09:Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security:Advances in Cryptology.Berlin:Springer-Verlag,2009:319-333
[6] Shah M A,Baker M,Mogul J C,et al.Auditing to keep online storage services honest[C]∥HOTOS’07:Proceedings of the 11th USENIX Workshop on Hot Topics in Operating Systems.Berkeley,CA:USENIX Association,2007:1-6
[7] 曹夕,许力,陈兰香.云存储系统中数据完整性验证协议[J].计算机应用,2012,32(1):8-12
[8] 颜湘涛,李益发.基于哈希树的云存储完整性检测算法[J].计算机科学,2012,39(12):94-97
[9] Sahai A,Wates B.Fuzzy identify-based encryption[C]∥Ad-vances in Cryptology-EUROCRYPT.Berlin:Springer-Verlag,2005:457-473
[10] Bethencourt J,Sahai A,Waters B.Ciphertext-policy attribute-based encryptio[C]∥Proc of IEEE Sympoisum on Security and privacy.Washington DC:IEEE Computer Society,2007:321-334
[11] 刘帆,杨明.一种用于云存储的密文策略属性基加密方案[J].计算机应用研究,2012,29(4):1452-1456
[12] 刘鹏等.云计算[M].北京:电子工业出版社,2010
[13] Goldberg I,Wagner D,Thomas R,et al.A Secure Environment for Untrusted Helper Applications (Confining the Wily Hacker)[C]∥Proceedings of the Sixth USENIX UNIX Security Symposium.1996
[14] Pierce B C,Vouillon J.What is in Unison[R].MS-CIS-03-06.Philadelphia,Pennsylvania:Department of Computer and Information Science,University of Pennsylvania,2004

No related articles found!
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!