摘要
针对云存储在存储性能和存储安全方面日益增长的需求,在研究私有云平台最新存储技术及政务云需求分析的基础上,结合云密码服务,设计一套基于Ceph的私有云平台加密存储方案。其中,私有云存储以Ceph为核心组件,并在与Swift的对比测试中显示出Ceph的强大动力;密钥管理模块以云服务密码机为基础,结合门限共享思想、分割思想,设计多级密钥保护机制;数据加密存储模块以Ceph组件为支撑、多级密钥保护机制为基础,利用国密SM4算法实现政务私有云文件安全存储。通过分析或部件测试发现,该方案具有良好的可行性以及安全性,适用于小文件突出的政务私有云平台的安全保障。
In view of the increasing demand of cloud storage for storage performance and storage security,based on a research on the latest storage technology of private cloud platform and an analysis of the government cloud demand,combined with the cloud cryptography service,an encrypted storage scheme of private cloud platform based on the Ceph is designed.In the scheme,the Ceph is the core component of the private cloud storage and exhibits strong power in a comparison test with the Swift.The key management module is based on the cryptographic machine of cloud service.Combined with the idea of threshold sharing and segmentation,a multi-level key protection mechanism is designed.The data encryption storage module is supported by the Ceph component and based on the multi-level key protection mechanism.The SM4 algorithm of State Secret is used to realize the secure storage of government private cloud files.Analysis and component testing results show that the scheme has good feasibility and security,and is suitable for the security guarantee of the government private cloud platform with small files.
作者
于淼
王雄
池亚平
YU Miao;WANG Xiong;CHI Yaping(Beijing Electronic Science and Technology Institute,Beijing 100070,P.R.China)
出处
《北京电子科技学院学报》
2022年第1期32-42,共11页
Journal of Beijing Electronic Science And Technology Institute
基金
国家重点研发计划项目(项目编号:2018YFB1004100)