| With the development of distributed storage technology, object-based distributed filesystem has become a research hotspot. In addition to high performance, high capacity,high reliability and high scalability, the security of object-based file system draws moreand more attention. The performance consumption is an inevitable problem in pursuit ofhigh security. It has become a hotspot of distributed file system research to reduce theimpact on performance while ensuring the security.We designed a identity based distributed secure architecture for secure objectdistributed file system.While providing security service for file system,it reduce theperformance consuming caused by security measures.According to the feature ofdistributed file system that the user amount is huge and IO access is frequent, wecombined IBE authentication scheme and implemented an authentication mechanism withtwo separated stages, including user login stage and file IO stage, thus ensured the securityof authentication in user login stage and the efficiency of authentication in IO stage. As weall know, security load will cause metadata server performance bottleneck whencentralized access control is utilized. We designed a role based distributed accessarchitecture based on data access feature of users in practical application. We assignedsecurity function appropriately between metadata server and object storage server,implementing distributed access control of client requests on storage nodes. Based on lockkey management method,we designed a multi-level security encrypted storage.Whileincreasing the security of the system,it reduce the costs of key management.The experiments show that our distributed identity-based security framework not onlyprovides effective security guarantees for the file system, but also ensures the efficiency ofauthentication, access control. |
PDF Full Text Request