数字有机体系统安全子系统的设计与实现

【作者】 肖啸；

【导师】 刘心松；

【作者基本信息】 电子科技大学 ， 计算机系统结构， 2009， 硕士

【摘要】 Linux是多用户、多任务的操作系统,它不仅继承了Unix系统功能强大、性能稳定的特点,还在许多方面超过了Unix,比如简单高效的进程调度,支持内核线程、虚拟文件系统、模块机制,强大的网络支持等。近些年,由于Linux的高性能、低价格,它在很多领域得到了广泛的应用。很多个人和企业都转向了Linux操作系统,并且在公开源码的基础上的开发和研究也越来越多。当前随着大规模网络应用的不断出现,特别是大规模的存储需求,分布式系统和虚拟存储系统[10]也随之诞生,以Linux为开发平台的分布式系统也成为当今主流。目前较为流行的大型分布式系统,都以Linux或者类似的Unix变种作为开发平台。数字有机体系统[1]就是一个基于Linux平台的虚拟存储系统。其核心思想是通过聚集网络上的各种存储资源[11,12],形成虚拟的单一空间,向业务系统提供统一的映像,并提供数据的高可用性保证,从而满足大规模网络应用的需要。在传统的P2P分布式存储中数据对于所有用户都是公开的,但随着共享资源和用户数量的增多,就会存在安全问题。在某些特定系统中一些高敏感资源只能对某些用户开放,这就需要设立访问控制权限机制。本文分析了当前Linux已有的安全策略,通过结合数字有机体系统和数字有机体虚拟文件系统的特点,描述了数字有机体系统资源访问安全子系统的设计与实现。由于数字有机体系统本生对文件元数据的管理的高效性,使得作为文件附加属性的访问控制信息不管在访问和修改都有很高的效率。而且DOSFS良好的兼容性,也使得对于本地用户对文件访问控制属性的设置十分简便,和操作单机系统没有区别。当然还有方便系统安全管理员的界面系统和安全角色概念的引入,使管理员对整个数字有机体系统的文件访问控制信息管理的工作量大大减低。更多还原

【Abstract】 Linux is a operation system of multi-user and multi-tasks. It not only inherited the powerful, stable performance characteristics of Unix system, is still more than a lot of aspects of Unix. Such as simple and efficient process of scheduling, support for kernel threads, virtual file system, the module mechanism, and a strong network of support. In recent years, because of Linux, high-performance, low price, which has been widely used in many areas. A lot of individuals and businesses have turned to Linux operating system, and development and basic research on it’s open source become more and more. With the current ongoing large-scale network applications, especially large-scale storage requirements, distributed systems and virtual storage system come into the world. Linux platform for the development of distributed systems has become today’s mainstream. At present, the most popular large-scale distributed systems are based on Linux or Unix variant as a development platform.Digital Organzation System[1] is a Linux-based platform for virtual storage systems. Its core idea is gathered on a variety of network storage resources to form a single virtual space to provide a unified image to the application software. And it ensure the high availability data to meet the needs of large-scale network applications. In a traditional P2P distributed storage of data for all users are open, but with the increase of sharing resources and user scales, there will exist some security problem. In some specific system, highly sensitive resources can only be open to certain users, so there must set access control mechanism.This article has analyzed the current Linux security strategy, through a combination of Digital Organzation System and Digital Organzation System FS characteristics, described how to design and implementation Digital Organzation System access security subsystem.Because Digital Organzation System have a high file meta-data management efficiency, the access and modify access control information which is the additional property of file meta-data also have a very high efficiency. And the Digital Organzation System FS’s good compatibility, allows local user to set the file access control property very easy. And this security subsystem have a very convenient interface and based role access mechanism, so that Greatly reduce the workload of the administrator.更多还原