摘要
提出了一种用于基于对象存储系统(OBS)的安全认证机制——RACOS,它采用基于角色的访问控制,保证了系统中客户对OBS中对象访问的合法性以及数据的完整性,通过在系统中设置专用安全管理器减轻了文件服务器的负担。同时,安全管理器和对象存储设备(OSD)之间使用经过改进的简单密钥交换协议(SAKA)来设置和更新共享密钥,降低了系统对通信信道安全性能的要求。
A security mechanism-RACOS for object-based storage (OBS) systems is proposed, the access control mechanism is based on role based access control (RBAC), which assures the user's legal access to objects stored in object-based storage devices (OSD) and maintains integrity of the data, by setting a special security manager in the storage system, the workload of the file manager is reduced, meanwhile, the using of improved SAKA between the security manager and the OSD to set and refresh the shared keys has also reduced the demand of the channel security performance.
出处
《计算机工程与设计》
CSCD
北大核心
2007年第24期5847-5849,共3页
Computer Engineering and Design
基金
国家973重点基础研究发展计划基金项目(2004CB318201)