èŠ‚ç‚¹æ–‡çŒ®

å¯¹è±¡å˜å‚¨ä¸é«˜å¯é æ€§å’Œå®‰å…¨æœºåˆ¶çš„ç ”ç©¶

The Research of High Reliability and Security Mechanism in Object-Based Storage

åˆ†é¡µä¸‹è½½
åˆ†ç« ä¸‹è½½
æ•´æœ¬ä¸‹è½½
åœ¨çº¿é˜…è¯»
ä¸æ”¯æŒè¿…é›·ç‰ä¸‹è½½å·¥å…·ï¼Œè¯·å–æ¶ˆåŠ é€Ÿå·¥å…·åŽä¸‹è½½ã€‚

ã€ä½œè€…ã€‘ æŽè‰¯åˆšï¼›

ã€ä½œè€…åŸºæœ¬ä¿¡æ¯ã€‘ åŽä¸ç§‘æŠ€å¤§å¦ ï¼Œ è®¡ç®—æœºç³»ç»Ÿç»“æž„ï¼Œ 2007ï¼Œ ç¡•å£«

ã€æ‘˜è¦ã€‘ å¯¹è±¡å˜å‚¨æ˜¯å˜å‚¨é¢†åŸŸæ–°å…´çš„å‘å±•è¶‹åŠ¿,å®ƒç»¼åˆäº†SANå’ŒNASçš„ä¼˜ç‚¹,åŒæ—¶å…·æœ‰SANçš„é«˜é€Ÿç›´æŽ¥è®¿é—®å’ŒNASçš„æ•°æ®å…±äº«ç‰ä¼˜åŠ¿ã€‚ä¸Žä¼ ç»Ÿå˜å‚¨ç³»ç»Ÿæ¯”è¾ƒ,å®žéªŒè¯æ˜Žå¯¹è±¡å˜å‚¨æ˜¯ä¸€ç§å…·æœ‰é«˜æ€§èƒ½ã€é«˜å¯é æ€§ã€è·¨å¹³å°ä»¥åŠå®‰å…¨çš„æ•°æ®å…±äº«çš„å˜å‚¨ä½“ç³»ç»“æž„ã€‚ç„¶è€Œ,å› ä¸ºç½‘ç»œæŠ€æœ¯çš„ä½“ç³»ç»“æž„å…·æœ‰ä¸€å®šçš„å¼€æ”¾æ€§,å¿…é¡»é‡‡ç”¨å¿…è¦çš„æŽªæ–½æ¥ä¿è¯å¯¹è±¡å˜å‚¨ç³»ç»Ÿçš„é«˜å¯é æ€§å’Œå®‰å…¨æ€§ã€‚ç³»ç»Ÿçš„å¯é æ€§ä»¥å¯é åº¦å’Œå¯ç”¨åº¦æ¥è¡¡é‡,å…¶ä¸ç³»ç»Ÿçš„å¯é åº¦å‡½æ•°æœä»ŽæŒ‡æ•°åˆ†å¸ƒè§„å¾‹,è¿™æ˜¯å¯é æ€§å»ºæ¨¡å’Œåˆ†æžçš„åŸºç¡€ã€‚å®¹é”™å’Œé™¤é”™æ˜¯æé«˜ç³»ç»Ÿå¯é æ€§çš„ä¸¤ç§æ¯”è¾ƒå¥½çš„æ–¹æ³•,ä½Žå¯†åº¦å¥‡å¶æ ¡éªŒç (Low-Density Parity-Check code,LDPC)æ˜¯ä¸€ç§é«˜æ•ˆçš„çº é”™ç¼–ç ,å®ƒæŠŠkä¸ªæºæ•°æ®ç¼–ç ä¸ºn(n>k)ä¸ªæ•°æ®,ç”¨è¿™nä¸ªæ•°æ®ä¸ä»»æ„kä¸ªç¼–ç æ•°æ®å‡å¯é‡æž„åŽŸæ¥çš„kä¸ªæºæ•°æ®ã€‚å°†è¿™ä¸€é«˜æ•ˆçš„ç¼–ç è¿ç”¨äºŽå¯¹è±¡å˜å‚¨ç³»ç»Ÿä¸,ä»Žåˆ†æžå¯¹è±¡å˜å‚¨æ–‡ä»¶ç³»ç»Ÿå…¥æ‰‹,å®žçŽ°äº†Linux Clientç«¯LDPCç çš„ç¼–è§£ç ,è®¾è®¡äº†OSDç«¯å¯¹è±¡çš„æ”¾ç½®ç–ç•¥,ä»¥åŠåœ¨MDSç«¯æ·»åŠ äº†éƒ¨åˆ†å…ƒæ•°æ®ä¿¡æ¯ã€‚é€šè¿‡ç†è®ºåˆ†æžå¾—å‡ºäº†è¿™ç§å†—ä½™æ–¹æ¡ˆå¯¹æé«˜ç³»ç»Ÿå¯é æ€§æ›´æœ‰ä¼˜åŠ¿:è¦ä½¿æ•°æ®è¾¾åˆ°ç›¸åŒçš„å¯ç”¨æ€§,åŸºäºŽLDPCç æ–¹æ¡ˆåªéœ€è¦è¾ƒä½Žçš„å†—ä½™åº¦;åŒæ ·åœ¨ç›¸åŒçš„å†—ä½™åº¦æƒ…å†µä¸‹,åŸºäºŽLDPCç å†—ä½™æ–¹æ¡ˆçš„æ•°æ®æœ‰æ›´é«˜çš„å¯ç”¨æ€§ã€‚åœ¨å¯¹è±¡å˜å‚¨ç³»ç»ŸçŽ°æœ‰çš„å‡ ç§å®‰å…¨æ–¹æ¡ˆä¸,å®¢æˆ·æœºè¦ä¹ˆè®¿é—®æ¯ä¸ªå¯¹è±¡éƒ½è¯·æ±‚ä¸€ä¸ªèƒ½åŠ›é’¥(capability key),è¦ä¹ˆéœ€è¦èŽ·å¾—ä¸€ä¸ªèº«ä»½é’¥(identity key)ã€‚ç„¶è€Œè¿™ä¸¤ç§æ–¹æ¡ˆä¸åŽè€…ä½¿å¾—æ’¤é”€ååˆ†å›°éš¾;å‰è€…æ‰€éœ€è¦çš„å¯†é’¥æ•°é‡å¤ªå¤§,åŒæ—¶å®¢æˆ·æœºéœ€è¦é¢‘ç¹åœ°è®¿é—®å…ƒæ•°æ®æœåŠ¡å™¨ä»¥èŽ·å¾—å¯†é’¥,è¿™å¤§å¤§åŠ é‡äº†å…ƒæ•°æ®æœåŠ¡å™¨çš„å¤„ç†å’Œè®¡ç®—è´Ÿè·,è€Œä¸”ä½¿å®ƒæˆä¸ºé‡è¦çš„æ”»å‡»ç›®æ ‡ã€‚å› æ¤ç ”ç©¶äº†ä¸€ç§æ–°é¢–çš„åŸºäºŽè§’è‰²è®¿é—®æŽ§åˆ¶çš„å¯¹è±¡å˜å‚¨è®¿é—®æŽ§åˆ¶å’Œè®¤è¯æœºåˆ¶,ä»Žç†è®ºä¸Šåˆ†æžäº†å®ƒå¯ä»¥æŠµå¾¡å¤šç§ç½‘ç»œæ”»å‡»,å¹¶æä¾›å®¢æˆ·å’ŒOSDä¹‹é—´çš„ç›¸äº’è®¤è¯,åŒæ—¶ä¹Ÿå…‹æœäº†çŽ°æœ‰æ–¹æ¡ˆä¸æ‰€éœ€çš„å¯†é’¥æ•°é‡å¤§å’Œå…ƒæ•°æ®æœåŠ¡å™¨è´Ÿè·é‡çš„ç¼ºé™·ã€‚æ›´å¤š è¿˜åŽŸ

ã€Abstractã€‘ Object-Based Storage(OBS) is a new emerging development tendency in storage field,which combines the advantages of the Storage Area Network(SAN) and Network Attached Storage(NAS),has the superiority of SANâ€™s high-speed direct access and NASâ€™s data sharing. Compared with the traditional storage systems, the experiment has proved OBS is a high-performance, high reliability, cross-platform data sharing and security of the storage structure. However,because network technologyâ€™s architecture is somewhat opening,measure is necessary to ensure OBS systemâ€™s high reliabiity and security.Systemic reliability is measured by reliability and availability,where systemic reliability function obeys exponential distribution,which is the basis of modeling and analyzing reliability in this thesis.Fault Tolerance and Error Removal are two better ways to improve the reliability of the system.Low-Density Parity-Check(LDPC) code is a highly efficient fault-tolerant coding, which encodes k-source data into n (n>k) of the data, using the arbitrary k data can reconstruct the original k data sources. By applying this highly efficient coding method to OBS system, the technology of encoding&decoding of LDPC is realized on Linux Client,LDPC-based objects distribution model is designed on OSD, and some meta data information is added in Meta Data Servers. The theoretical analysis concludes this redundancy scheme to enhance system reliability has more advantages: to obtain the same availability of data, LDPC code-based needs only lower edundancy degree;also in the same degree of redundancy, the scheme based on LDPC code has higher availability.In the existing security schemes of OBS,a client either acquires a capability key for each object or an identity key from the Meta Data Server(MDS).Use of identity keys makes revocation difficult whereas,in the prior case,client needs to acquire a large number of keys.The client has to frequently contact the MDS to acquire a key for each object that he wants to access. This imposes a lot of overhead on the file manager, which also presents a single point of failure and an attractive attack target.So we research a novel mechanism of access control and authentication based on Role-Based Access Control for OBS.This scheme is robust against many networks attacks on theory and provides client to OSD mutual authentication.Besides,it reduces the total cryptographic keys of the existing schemes and the load on the MDS.æ›´å¤š è¿˜åŽŸ

ã€å…³é”®è¯ã€‘ å¯¹è±¡å˜å‚¨ï¼› é«˜å¯é æ€§ï¼› å®‰å…¨æ€§ï¼› ä½Žå¯†åº¦å¥‡å¶æ ¡éªŒç ï¼› åŸºäºŽè§’è‰²è®¿é—®æŽ§åˆ¶ï¼›
ã€Key wordsã€‘ Object-Based Storageï¼› high reliabilityï¼› securityï¼› Low-Density Parity-Check codeï¼› Role-Based Access Controlï¼›

ã€ç½‘ç»œå‡ºç‰ˆæŠ•ç¨¿äººã€‘ åŽä¸ç§‘æŠ€å¤§å¦

ã€åˆ†ç±»å·ã€‘TP333
ã€ä¸‹è½½é¢‘æ¬¡ã€‘62
æ”»è¯»æœŸæˆæžœ

çŸ¥ç½‘èŠ‚ä¸‹è½½

èŠ‚ç‚¹æ–‡çŒ®ä¸ï¼š

æœ¬æ–‡é“¾æŽ¥çš„æ–‡çŒ®ç½‘ç»œå›¾ç¤º:

æœ¬æ–‡çš„å¼•æ–‡ç½‘ç»œ

èŠ‚ç‚¹æ–‡çŒ®

èŠ‚ç‚¹æ–‡çŒ®

å¯¹è±¡å­˜å‚¨ä¸­é«˜å¯é æ€§å’Œå®‰å…¨æœºåˆ¶çš„ç ”ç©¶

The Research of High Reliability and Security Mechanism in Object-Based Storage

æœ¬æ–‡é“¾æŽ¥çš„æ–‡çŒ®ç½‘ç»œå›¾ç¤º:

å¯¹è±¡å˜å‚¨ä¸é«˜å¯é æ€§å’Œå®‰å…¨æœºåˆ¶çš„ç ”ç©¶