| With the development of information technology, more and more data aregenerated in the world. The single storage device can’t meet the storage requirementanymore, distributed Storage system is the inevitable trend of storage technologydevelopment. The distributed file system is an important part of distributed storagetechnology. It becomes hotspot of current research. The object based storagetechnology has many advantages that the traditional block-based file system doesn’thave. The object-based storage technology is used by almost all the current populardistributed file system.Almost all of current distributed file system is designed for some specificscenarios. Those file systems focus on performance of reading and writing, payinglittle attention on security. At present, more and more data stored on the same storagesystem, those data are from different applications or users and most of them needprotected from accessing by unauthorized users. It is very meaningful to study thesecurity model of the distributed file system.In this paper, the overview of object based storage technology is introduced first,and then the secure model is defined in OSD standard, Maat secure models and securemodel for Lustre are analyzed. As those models are capacity-based model. When thenum of files become huge, a large number of capacity tickets are required and theperformance will decrease. As Symmetric key are used in those model, the keymanager will be complex. So the capability-based secure model can’t resolve thesecure problem for large distributed file system.This paper designs a new secure model which based on role, secure domain andthe characters of data access for object based distributed file system. The key tasks ofthis paper are as following:1. With two-way authentication technology, the identity of the visitor isdetermined during the process of session set up, and then the identity is used to verifythe visitor’s request. 2. Analyze data access features in most systems, and design an efficientmechanism to verify the most common requests, this helps to reduce average time ofverification.3. Add extended attributes to file and object to make secure management simpler.With those attributes, little interaction with the metadata server is required during theprocess of verification, this help to reduce the impact on performance.4. Use secure domain and add new file manage command to extend the currentcommands set. With the commands extended, the flexibility to manage fine-grainedfile is achieved.At the last, the new model is designed and implemented based on Ceph sourcecodes. The experiment shows that this secure model achieves good balance betweensecurity and performance of reading and writing. Flexible file access control isachieved too. |
PDF Full Text Request