摘要
云存储是一种新型的网络存储形式,并逐步为大家所接受,企业和个人用户都开始使用云存储作为其网络存储媒介。目前很多著名的IT企业都推出了云存储服务,其中Amazon公司推出的Simple Storage Service(S3)就是商用云存储服务的典型代表。随着云存储的广泛使用,云存储中数据的安全问题,如数据泄漏和数据篡改,也成了用户广泛关注的问题。文章基于Amazon S3的云存储服务,设计并实现了一款云存储安全增强系统,对用户上传至Amazon S3的数据进行加密保护,使得文件以密文形式存储于Amazon S3,可以有效防止数据在传输和存储过程中的泄漏;同时系统还对从S3下载的文件进行完整性校验,检测其内容与上传时是否一致,以防止文件被篡改;最后,系统还提供了多用户访问控制支持,多个用户可以共享同一个S3账号,同时保证各自存储的内容互相隔离,禁止一个用户非授权访问其他用户存储的文件。
The cloud storage is a novel kind of network storage and is becoming more and more popular, Large quantities of enterprises and individual users adopt the cloud storage as their network storage mediums. So far, there are kinds of cloud storage service afforded by the famous IT enterprises, such as Simple Storage Service (S3), which is provided by Amazon. As the widespread use, the security issues of the cloud storage catch the eyes of researchers, such as data leakage and data tampering. In this paper, we proposed and implemented a security enhancement system, which is based on Amazon S3. The system is to protect users' data through encrypting the plain texts before uploading them to Amazon S3, and when users want to download the texts, the system downloads and checks the integrity of the uploaded texts before decrypting and saving them on local file system. On this wise, we are capable of ensuring the data security while transmitting and storing, and guaranteeing the data integrity. What's more, we proposed the fine-grained access control mechanism to achieve that many users are able to utilize the same Amazon S3 account while preserving the effective isolation of their files, and to prevent the unauthorized access to the uploaded files effectively,
出处
《信息网络安全》
2012年第3期38-41,共4页
Netinfo Security
关键词
云存储
加解密
完整性校验
访问控制
cloud storage
encipher and decipher
integrity check
access control