期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

一种云存储环境下的安全存储系统 被引量:28

A Secure Storage System Over Cloud Storage Environment
下载PDF
导出
摘要 如今,数据越来越多地被选择存放在云存储环境,而非个人电脑中.这使得用户失去了对数据的完全控制,从而难以保证数据的安全性.为了解决此问题,文中提出了一种新的安全云存储系统架构.基于这套架构,文中设计并实现了一个安全云存储系统——Corslet.Corslet可以直接架在已有的云存储系统之上而无需对其进行任何改变,同时提供端到端的数据私密性保护、完整性保护以及访问权限控制等功能.Corslet使用简单,用户只需在客户端存放他们的身份证书即可.对Corslet的测试结果显示,Corslet架在NFSv4集群之上I/O性能下降不到5%,证明Corslet在提高用户数据安全性的同时,其性能也是可以接受的. Nowadays, data has been increasingly shared among different users inside the cloud storage systems, instead of being owned by any single private user, which makes an ordinary user usually does not have the control permission over the whole system, thus hard to secure data storage or data sharing of his own files. To solve this problem, this paper proposes a new secure cloud storage system architecture. Based on this architecture, this paper designs and implements a secure cloud storage system called Corslet. Corslet can run directly on deployed underlying cloud storage systems without modification, while bringing end-to-end confidentiality and integrity as well as efficient access control for user data. For individual users, Corslet is easy to use, the only thing to keep locally is their certifications. The experiments and standard benchmark results show that Corslet over NFSv4 cluster brings acceptable I/O throughput reduction which is less than 5%, proving that Corslet can provide enhanced security for user data while maintaining acceptable performance.
作者 薛矛 薛巍 舒继武 刘洋
机构地区 清华大学计算机科学与技术系 清华大学信息科学与技术国家实验室
出处 《计算机学报》 EI CSCD 北大核心 2015年第5期987-998,共12页 Chinese Journal of Computers
基金 国家自然科学基金(60925006 61232003) 国家"八六三"高技术研究发展计划重大专项课题子课题(2009AA01A403) 国家科技重大专项子课题(2013ZX03002004-003)资助~~
关键词 安全存储系统 加密文件系统 私密性 完整性 访问控制 secure storage system cryptographic file systems confidentiality integrity access control
分类号 TP309 [自动化与计算机技术—计算机系统结构]
  • 相关文献

参考文献19

  • 1Sandberg R, Goldberg D, Kleiman S, et al. Design and implementation of the SUN network filesystem//Proceedings of the Summer USENIX Conference. Portland, USA, 1985, 119-130.
  • 2Weil S, Brandt S, Miller E, et al. Cepht A scalable, high- performance distributed file system//Proceedings of the 7th Symposium on Operating Systems Design and Implementation. Seattle, USA, 2006:307-320.
  • 3Hasan R, Myagmar S, Lee A J, Yurcik W. Toward a threat model for storage systems//Proceedings of the 2005 ACM Workshop on Storage Security and Survivability. Fairfax, USA, 2005:94-102.
  • 4Kallahal]a M, Riedel E, Swaminathan R, et al. Plutus: Scalable secure file sharing on untrusted storage//Proceed- ings of the 2nd USENIX File and Storage Technologies. San Francisco, USA, 2003: 29-42.
  • 5Riedel E, Kallahalla M, Swaminathan R. A framework for evaluating storage system security//Proceedings of the 1st USENIX File and Storage Technologies. Monterey, USA, 2002z 15-30.
  • 6Fu K. Group Sharing and Random Access in Cryptographic Storage File Systems [M]. S. dissertation]. Massachusetts Institute of Technology, Boston, USA, 1999.
  • 7Merkle R. A digital signature based on a conventional encryption function//Proceedings of the Conference on the Theory and Applications of Cryptographic Techniques on Advances in Cryptology. Santa Barbara, USA, 1987:369-378.
  • 8Geron E, Wool A. CRUST: Cryptographic remote untrusted storage without public keys//Poceedings of the 4th Interna- tional IEEE Security in Storage Workshop. San Diego, USA, 2007:3-14.
  • 9BorerA,CesatiM.深入理解Linux内核.第3版.陈莉君,张琼声,张宏伟,译.北京:中国电力出版社,2007.
  • 10Blaze M. A cryptographic file system for Unix//Proceedings of the ACM Conference on Computer and Communications Security. Scottsdale, AZ, USA, 1993:9-16.

同被引文献230

  • 1郝建青,张仲义.实时信息系统需求分析的动态建模方法[J].管理工程学报,2001,15(1):40-43. 被引量:1
  • 2曹珍富.密码学的新发展[J].四川大学学报(工程科学版),2015,47(1):1-12. 被引量:27
  • 3王贵林,卿斯汉.对两个防欺诈秘密共享方案的安全性注记[J].计算机研究与发展,2005,42(11):1924-1927. 被引量:1
  • 4桑辉.网上顾客转换成本的影响因素及其结果的实证研究[J].南开管理评论,2007,10(6):33-39. 被引量:23
  • 5Wu J, Ping L, Ge X, et al. Cloud storage as the infrastructure of cloud computing[C]//International Conference on Intelli- gent Computing and Cognitive Informatics (ICICCI). Kuala Lumpur: IEEE, 2010 : 380-383.
  • 6Fiveash K. AWS outage knocks Amazon, Netflix, Tinder and IMDb in MEGA data collapse[EB/OL], http://www, thereg- ister, co. uk/2015/09/20/aws_database_outage/, 2015-09-20.
  • 7O'Reilly L. Google suffered a rare but major outage early Thursday[EB/OL]. http://www, businessinsider, com/google-is- down-2015-3, 2015-03-12.
  • 8Neal D. Google SSL certificate update error affects millions of Gmail users[EB/OL], http://www, v3. co. uk/v3-uk/news/ 2402863/ google-ssl-certificate-update-error-affects-millions-of-gmail-users, 2015-04-07.
  • 9Bellare M, Keelveedhi S, Ristenpart T. Dupless: Server-aided encryption for deduplicated storage[C]//Proceedings of the 22nd USENIX Conference on Security. Washington D C: USENIX Association, 2013:179-194.
  • 10Puzio P, Molva R, Onen M, et al. ClouDedup.. Secure deduplication with encrypted data for cloud storage[C]//IEEE 5th In-ternational Conference on Cloud Computing Technology and Science (CloudCom). Bristol: IEEE, 2013:363-370.

引证文献28

二级引证文献89

计算机学报
2015年 第5期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部