增强OpenStack Swift云存储系统安全功能的方法  被引量:7

Method to enhance security function of OpenStack Swift cloud storage system

在线阅读下载全文

作  者:宋元 周丹媛 石文昌[1,2] SONG Yuan;ZHOU Dan-yuan;SHI Wen-chang(School of Information,Renmin University of China,Beijing 100872,China;Key Laboratory of Data Engineering and Knowledge Engineering(Renmin University of China)of Ministry of Education,Beijing 100872,China)

机构地区:[1]中国人民大学信息学院,北京100872 [2]中国人民大学数据工程与知识工程教育部重点实验室,北京100872

出  处:《吉林大学学报(工学版)》2021年第1期314-322,共9页Journal of Jilin University:Engineering and Technology Edition

基  金:国家自然科学基金项目(61472429,U1836209).

摘  要:针对OpenStack Swift云存储系统直接且完整地存储用户文件带来的安全风险,为防止攻击者从Swift系统窃取完整的用户文件,本文采用数据分割技术将用户文件分割成若干块,分散存储至不同节点;为防止攻击者利用文件块内容之间的逻辑关系,恢复完整的用户文件,本文采用数据加密技术将分割后的文件以密文形式存储;为防止攻击者窃取密钥恢复用户文件,本文采用用户口令与秘密共享相结合的方式,以用户口令为基础分层级加密存储密钥。实验结果表明,本文方法加大了攻击者获取用户文件的难度,提高了OpenStack Swift云存储系统的安全性,性能开销属于可接受范围。To solve the security problem caused by OpenStack Swift cloud storage system directly and completely storing user files,this paper proposes a method to enhance its security function. First of all,the user files are divided into several fragments by using data dispersal technology,which makes it difficult for attackers to obtain complete user files;Second,the segmented files are stored in ciphertext form through data encryption technology to prevent attackers from using the logical relationship between segmented file contents to recover complete user files;In addition,this paper presents a hierarchical management approach to protect various keys in different layers,and combines user password with secret sharing to prevent cryptographic materials leakage. The experimental results indicate that it will increase the difficulty for attackers to obtain user files after using this method,so as to ensure the security of data storage in OpenStack Swift system,and the performance cost is acceptable to users.

关 键 词:计算机应用技术 云计算 云存储安全 数据分割 数据加密 密钥管理 

分 类 号:TP309[自动化与计算机技术—计算机系统结构]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象