Research And Implementation Of Distributed And Parallel File System Security

It is known that security subject is a very important branch of information technology field. Computer security includes both hardware and software security according to classification of computer system. Software security can be divided into application-level security, database security, OS(Operating System) security and network-level security. OS is the most important system software which manages both software and hardware resources, interacts with hardware directly and provides API(Application Programming Interface) to users. All application software including database system and network software are running above OS, finishing their jobs respectively through APIs provided by OS. So it can be saying that OS security is the basis of computer security. Without it, you can't talk anything about host, application ,database and network security. DPFS ( Distributed Parallel File System ) is a distributed file system which is developed by 8010 Lab, UESTC, in 2002. Based on Linux, it is developed as a data storage management system for distributed and parallelled server system. It can manage the file resources intelligently. It is the core part of the distributed and paralleled OS. In the paper SECDPFS(Security of DPFS) is introduced as a security module of DPFS. It adopts the research principles of improvement&intensification (namely,analyses the security-Oriented strategies on the Linux security frame and the basis of DPFS), adds the security mechanism and maintains the original interface of DPFS. The module of SECDPFS has the optimal security&development ratio.The main function of SECDPFS is to provide reliable security access mechanism for DPFS including MAC(Mandatory Access Control) and integrality access control. Meanwhile, it implements the least-privilege principles for users based on RBAC(Role Based Access Control) and TE(Type Enforcement).In this paper, DPFS is first introduced completely, and several typical security mechanism models are discussed by the author. Based on these, security framework based on DPFS and logical structure of security module are put forward. Then the design and implementation about security policy of database synchronization module and security context synchronization module are discussed in details. In the discussion the author focus on the research of security framework of DPFS, the arithmetic study and its implementation of those two synchronization modules. In the end, the author view the future work of SECDPFS briefly.