摘要
随着数据密集型应用的发展,网络存储的安全性成为研究热点。针对大规模存储系统的可扩展性和安全性的要求,本文提出了一种基于三方传输模式的存储安全系统框架,并设计了一种基于权能标识的三方安全协议,该协议的最大特点是传输安全性和访问控制机制二者独立。通过对三方安全协议的形式化分析和推导,从逻辑上验证请求中权能标识的完整性、协议传输过程的正确性,以及消息的真实性,从而确保了三方安全协议的可行性。
With the growth of data-intensive application, networked storage security becomes hotpot of research. Aiming at the scalability and security requirement of large-scale storage system, a storage security framework basing on third-party transferring mode is proposed, and a capability-based third-party security protocol separating transfer security from access control mechanism is designed. After the formal analysis, it is clear that the deducing results logically validate the integrity of requested capability, correctness of transfers process and authenticity of message, thus guaranteeing the feasibility of the third-party security protocol.
出处
《计算机科学》
CSCD
北大核心
2007年第3期50-53,68,共5页
Computer Science
基金
国家"973"重大基础研究项目(2004CB318203)
国家自然科学基金(60603074)资助
关键词
海量存储系统
权能标识
三方安全协议
形式化分析
Massive storage system, Capability, Third-party security protocol, Formal analysis