CN104092733A - Credibility distribution type file system based on HDFS - Google Patents
Credibility distribution type file system based on HDFS Download PDFInfo
- Publication number
- CN104092733A CN104092733A CN201410281244.1A CN201410281244A CN104092733A CN 104092733 A CN104092733 A CN 104092733A CN 201410281244 A CN201410281244 A CN 201410281244A CN 104092733 A CN104092733 A CN 104092733A
- Authority
- CN
- China
- Prior art keywords
- remote
- data
- file system
- module
- procedure call
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a credibility distribution type file system based on an HDFS. The credibility distribution type file system comprises a remote attestation module and a data sealing module. The remote attestation module comprises a remote attestation module body based on an integrity measurement architecture IMA, a remote procedure call remote attestation module and a socket connection remote attestation module. The data sealing module comprises a module for conducting data sealing after remote attestation fails. The credibility distribution type file system based on the HDFS has the advantages that a credibility safety mechanism is added in an HDFS distribution type file system, so that the creditability of interaction objects is determined when data interaction is conducted between entity nodes, non-credible addresses of system connection can be blocked after the system integrity is damaged, and data are sealed after remote attestation failure to ensure that the data are not leaked.
Description
Technical field
The present invention relates to credible calculating field, particularly a kind of credible distributed file system based on HDFS.
Background technology
Due to information technology in recent years developing rapidly and extensively universal, a large amount of data increase with exponential, the large enterprises such as Google, Yahoo, Amazon face the challenge of mass data.Google has taken the lead in releasing the file system GFS of Google and MapReduce and has dealt with the Storage and Processing of mass data, causes widely and pays close attention to, and expedited the emergence of rapidly a version of increasing income, and is called Hadoop.After development at full speed in recent years, Hadoop has become a pith of Internet firm's basic calculation platform, in domestic large enterprises such as Tengxun, Baidu, Alibaba, and in the external large enterprises such as Twitter, Facebook, all there is the version oneself customizing.Hadoop is specially for processed offline and large-scale data analysis design, and in the affairs that repeatedly read in write-once, Hadoop, to realize efficiently and stable performance, is supported widely and applies in Internet enterprises.
Be accompanied by the flourish of cloud computing, also encountered many critical problems, safety problem is especially outstanding.The distributed memory system of Hadoop is called Hadoop distributed file system, is called for short HDFS, and it is made up of entity nodes such as namenode, the second namenode, back end and DFS clients.Namenode is being stored NameSpace mirror image fsimage and editor's daily record edits of distributed file system, and in internal memory, is safeguarding all file and catalogues in file system tree and whole tree.Back end is the place that data block is stored in fact, and data block acquiescence number of copies is 3, can between copy, carry out synchronous in this data block of read-write.The second namenode is responsible for the merging of NameSpace mirror image fsimage and editor daily record edits, and the data back after merging to namenode.DFS client is an object of DistributedFilesystem, HDFS application program generally can obtain a DistributedFilesystem to carry out alternately with HDFS, and DFS client is in fact to carry out mutual object with namenode and back end.Between these multiple entity nodes, frequently carrying out the interactive operations such as remote procedure call, TCP Transmitting Data Stream and HTTP Transmitting Data Stream, how to ensure that these data interactions are safe and reliable receiving publicity gradually.Because Hadoop is the local area network (LAN) deployment in fire compartment wall, the security mechanism of adding after 1.0 versions is mainly used for assisting better the cooperation of multi-user in local area network (LAN).But after advanced continuation penetration attack Advanced Persistent Attack comes into vogue, it is unable to do what one wishes that the safety curtain that fire compartment wall provides becomes gradually.
At present, solving in cloud computing safety problem, a lot of methods and thinking have been emerged.Reliable computing technology being applied in to cloud computing environment, solving the safety problem of encountering in cloud computing application, is exactly a large focus of cloud computing security fields research.The object of credible calculating is to protect the most responsive information, as private key and symmetric key are not stolen or are not used by malicious code.With Hadoop assumptions' environment be contrary in the fire compartment wall of safety, credible calculation assumption software in use may be destroyed, when attacking while occurring, responsive key will be protected.The credible platform module (Trusted Platform Module, TPM) of credible computation organization (Trusted Computing Group, TCG) definition is a kind of new embedded security subsystem that is placed in computer.TCG chip is mainly by authentication public key function, and integrity measurement function and remote proving function reach the object of protection terminal security.By checking the variation of PCR metric, the platform that has TPM can be found the existence of the rogue program such as spyware, wooden horse, and finding after malicious code the operation that platform can order TPM to refuse the decryption oprerations to sensitive data or sign or decipher with private key.Search full private key because TPM is possessory and can not be revealed, it is all infeasible that therefore the malicious act of private key is obtained in any attempt.
Summary of the invention
The present invention is based under the quick universal background of distributed system and reliable computing technology, research is dissolved into reliable computing technology in distributed system, to solve the safety problem of distributed system, propose to use reliable computing technology especially remote proving technology and data Sealing Technology solve the solution of the safety problem of distributed file system, concrete technical scheme is as follows.
Technical scheme of the present invention is:
A kind of credible distributed file system based on HDFS, comprise remote proving module and data seal modules, described remote proving module comprises: based on the remote authentication module of integrity measurement framework IMA, for carrying out platform status remote proving, verification platform integrality between entity node; Remote procedure call remote proving module, for set up remote procedure call connection between HDFS entity node in, carries out remote proving, guarantees remote procedure call promoter's platform status integrality; Socket connects remote proving module, carries out remote proving for entity node in connecting untrusted address, avoids platform data to reveal.Described data seal modules for sealing data after remote proving failure, seal piling key by PCR value, and data are encrypted with symmetric key, thereby make the data only could be decrypted under believable platform status, thus guarantee that data are not revealed.
Further, in such scheme, described remote procedure call remote proving module is carried out following steps: first remote procedure call applicant initiates socket connection request to the remote procedure call port of remote procedure call server, after remote procedure call server is accepted to connect, the random number n that remote procedure call applicant sends remote procedure call header and uses server public key to encrypt, remote procedure call server uses private key deciphering to obtain after random number n, send the value of platform status register PCR10, applicant is returned in random number n and tolerance list.Applicant determines that the other side, whether in believable platform status, confirms the other side's platform status integrality after carrying out seriously to reception data.
Described socket connects remote procedure call module and carries out following steps: first consumer process initiation socket connected system calls connect and imports link address into as parameter, then in system call, judge that link address is whether in credible address list, if not judging whether trusted agent process starts, if start, send link address to trusted agent process, otherwise directly return to mistake.
Described data seal modules carries out following steps: first process remote proving, if remote proving success generates a pair of AES key and uses and specifies platform status register PCR to the sealing of key process data, exports to sealing data on disk.If remote proving failure, is used key to be encrypted data, and abandon this key after encryption completes.
The static state tolerance list of remote proving based on integrity measurement framework IMA.
Data seal by AES key being sealed and using AES key to be encrypted data, avoid directly using RSA key to be encrypted and to cause Efficiency Decreasing data.
The present invention added the process of remote proving before entity node and the normal communication interaction of entity node, only, in the time showing that by remote proving and dynamic measurement the entity node that will communicate by letter is credible, just allowed to carry out data interaction.The present invention carries out socket connected system when calling at entity node, if remote proving can be carried out in link address untrusted address, only have remote proving by just allowing socket to connect, thereby avoid, after entity node destroy integrity, transfer of data is arrived to invader's machine.The present invention, after remote proving failure, carries out data sealing the data on entity node, avoids data to reveal.One aspect of the present invention can be carried out remote proving to each entity, thereby also can connect untrusted address at the destroyed rear prevention socket of system integrity on the other hand avoids data to reveal, can after remote proving failure, seal data simultaneously, finally realize practicable credible distributed file system.
Compared with prior art, the invention has the beneficial effects as follows: one, after the failure of traditional binary system remote proving, added data and seal the safety of machine-processed protected data; Two, in remote procedure call, add remote proving and data sealing mechanism, make entity node mutual in distributed file system all obtain the credible security that integrity measurement framework IMA and TPM provide; Three, in socket connection procedure, add when connect operation is carried out in untrusted address, carry out the operation of remote proving, thereby ensure that invader cannot be connected to assailant's server and local data is directly sent to assailant's server by network.Four, on the basis of credible distributed file system, design and Implement a net dish application, this application, for the feature of credible distributed file system, can customize further fail safe.
Brief description of the drawings
Fig. 1 is that the present invention forms schematic diagram;
Fig. 2 is the platform status remote proving modular design figure based on IMA;
Fig. 3 is remote procedure call remote proving modular design figure;
Fig. 4 is that socket connects remote proving modular design figure;
Fig. 5 is data seal modules design drawing.
Embodiment
Below in conjunction with accompanying drawing, the present invention is further described, but enforcement of the present invention and protection are not limited to this, if below have not specified symbol or process, be all that those skilled in the art can be with reference to existing techniques in realizing.
Embodiment mono-
As shown in Figure 1, a kind of design of the credible distributed file system based on HDFS, comprise remote proving module and data seal modules, described remote proving module comprises: based on the remote proving module of integrity measurement framework IMA, the activation certificate connecting for applicant, provides applicant to have the voucher of legal TPM; Remote procedure call remote proving module, for set up remote procedure call connection between HDFS entity node in, carries out remote proving, guarantees remote procedure call promoter's platform status integrality; Socket connects remote proving module, carries out remote proving for entity node in connecting untrusted address, avoids platform data to reveal.Described data seal modules for sealing data after remote proving failure, seal piling key by PCR value, and data are encrypted with symmetric key, thereby make the data only could be decrypted under believable platform status, thus guarantee that data are not revealed.
As shown in Figure 2, the described remote proving module based on integrity measurement framework IMA comprises challenger and two parts of certified person, challenger sends random number to certified person, and certified person carries out returning to challenger after digital signature to the value of random number and platform status register PCR10 by identity key.Challenger uses certified person's identity key PKI to be encrypted data, and verifies that whether random number is correct.Follow certified person and send the tolerance list that integrity measurement framework is safeguarded, whether challenger is consistent by the value of simulation PCR expansion tolerance list operation demonstration PCR10, if the list of consistent explanation tolerance is not tampered, measure list by traversal and check that whether metric is legal, if all legal, the completeness of platform that certified person is described does not have destroyed, and returns to tolerance result.
As shown in Figure 3, described remote procedure call remote proving module comprises remote procedure call client and remote procedure call server, remote procedure call applicant initiates socket connection request to the remote procedure call port of remote procedure call server, after remote procedure call server is accepted to connect, the random number n that remote procedure call applicant sends remote procedure call header and uses server public key to encrypt, remote procedure call server uses private key deciphering to obtain after random number n, send the value of platform status register PCR10, applicant is returned in random number n and tolerance list.Applicant determines that the other side, whether in believable platform status, confirms the other side's platform status integrality after carrying out seriously to reception data.
As shown in Figure 4, described socket connects remote procedure call and comprises the following steps: first consumer process initiation socket connected system calls connect and imports link address into as parameter, then in system call, judge that link address is whether in credible address list, if not whether trusted agent process being started and judged, if start, send link address to trusted agent process, otherwise directly return to mistake.Described credible address list comprises INADDR_ANY, and totally ten one local addresss such as INADDR_LOCALHOST etc., and the IP address of inner other the mutual machines of cluster.Described transmission link address has been used Netlink to carry out data interactive method as kernel and user to trusted agent.Described tPid represents the process number of trusted agent process, is initialized as-1 in the time that system starts, when being initialized as the process number of trusted agent process after trusted agent process initiation.Described ERR represents that system call returns to improper value.
As shown in Figure 5, described data seal modules comprises the following steps: first process remote proving, if remote proving success, generates a pair of AES key and use and specify platform status register PCR to the sealing of key process data, sealing data are exported on disk.If remote proving failure, is used key to be encrypted data, and abandon this key after encryption completes.
Claims (7)
1. the credible distributed file system based on HDFS, comprises remote proving module and data seal modules, it is characterized in that
Described remote proving module comprises:
Based on the remote authentication module of integrity measurement framework IMA, for carrying out platform status remote proving, verification platform integrality between entity node;
Remote procedure call remote proving module, communicates and carries out verifying completeness of platform when mutual for entity node;
Socket connects remote proving module, for entity node, verifying completeness of platform is carried out carrying out when socket connected system calls in untrusted address;
Described data seal modules carries out, after remote proving failure, platform data being carried out to data sealing for entity node.
2. the credible distributed file system based on HDFS according to claim 1, it is characterized in that the described remote proving module based on integrity measurement framework IMA is specifically for being achieved as follows process: first challenger sends random number to certified person, and certified person carries out returning to challenger after digital signature to the value of random number and platform status register PCR10 by identity key; Challenger uses certified person's identity key PKI to be encrypted data, and verifies that whether random number is correct; Follow certified person and send the tolerance list that integrity measurement framework is safeguarded, whether challenger is consistent by the value of simulation PCR expansion tolerance list operation demonstration PCR10, if the list of consistent explanation tolerance is not tampered, measure list by traversal and check that whether metric is legal, if all legal, the completeness of platform that certified person is described does not have destroyed, and returns to tolerance result.
3. the credible distributed file system based on HDFS according to claim 1, it is characterized in that described remote procedure call remote proving module is specifically for being achieved as follows process: first remote procedure call applicant initiates socket connection request to the remote procedure call port of remote procedure call server, after remote procedure call server is accepted to connect, the random number n that remote procedure call applicant sends remote procedure call header and uses server public key to encrypt, remote procedure call server uses private key deciphering to obtain after random number n, send the value of platform status register PCR10, applicant is returned in random number n and tolerance list, applicant determines that the other side, whether in believable platform status, confirms the other side's platform status integrality after carrying out seriously to reception data.
4. the credible distributed file system based on HDFS according to claim 1, it is characterized in that described socket connects remote proving module specifically for being achieved as follows process: first consumer process initiation socket connected system calls connect and imports link address into as parameter, then in system call, judge that link address is whether in credible address list, if not judging whether trusted agent process starts, if start, send link address to trusted agent process, otherwise directly return to mistake.
5. the credible distributed file system based on HDFS according to claim 1, it is characterized in that: described data seal modules is specifically for being achieved as follows process: first carry out remote proving, if remote proving success, generates a pair of AES key and use and specify platform status register PCR to the sealing of key process data, sealing data are exported on disk; If remote proving failure, is used key to be encrypted data, and abandon this key after encryption completes.
6. the credible distributed file system based on HDFS according to claim 1, is characterized in that: described platform status remote proving is that the static state based on IMA integrity measurement framework is measured result.
7. the credible distributed file system based on HDFS according to claim 1, is characterized in that: described remote proving module and data seal modules can effectively defend high-order continuation to threaten APT.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410281244.1A CN104092733B (en) | 2014-06-20 | 2014-06-20 | A kind of credible distributed file system based on HDFS |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410281244.1A CN104092733B (en) | 2014-06-20 | 2014-06-20 | A kind of credible distributed file system based on HDFS |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104092733A true CN104092733A (en) | 2014-10-08 |
| CN104092733B CN104092733B (en) | 2018-09-14 |
Family
ID=51640413
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410281244.1A Active CN104092733B (en) | 2014-06-20 | 2014-06-20 | A kind of credible distributed file system based on HDFS |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104092733B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106656915A (en) * | 2015-10-30 | 2017-05-10 | 深圳市中电智慧信息安全技术有限公司 | Cloud security server based on trusted computing |
| CN106650459A (en) * | 2016-11-11 | 2017-05-10 | 大唐高鸿信安(浙江)信息科技有限公司 | System and method for maintaining data credibility of distributed storage system |
| CN108763397A (en) * | 2018-05-22 | 2018-11-06 | 中国科学技术大学苏州研究院 | A kind of data method for placing of the distributed file system of supporting depth study |
| US11469890B2 (en) * | 2020-02-06 | 2022-10-11 | Google Llc | Derived keys for connectionless network protocols |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101394283A (en) * | 2008-11-04 | 2009-03-25 | 西安西电捷通无线网络通信有限公司 | Trusted platform verification method based on three-element peer authentication |
| CN101477602A (en) * | 2009-02-10 | 2009-07-08 | 浪潮电子信息产业股份有限公司 | Remote proving method in trusted computation environment |
| US20120131341A1 (en) * | 2010-11-22 | 2012-05-24 | Network Appliance, Inc. | Method and system for improving storage security in a cloud computing environment |
-
2014
- 2014-06-20 CN CN201410281244.1A patent/CN104092733B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101394283A (en) * | 2008-11-04 | 2009-03-25 | 西安西电捷通无线网络通信有限公司 | Trusted platform verification method based on three-element peer authentication |
| CN101477602A (en) * | 2009-02-10 | 2009-07-08 | 浪潮电子信息产业股份有限公司 | Remote proving method in trusted computation environment |
| US20120131341A1 (en) * | 2010-11-22 | 2012-05-24 | Network Appliance, Inc. | Method and system for improving storage security in a cloud computing environment |
Non-Patent Citations (2)
| Title |
|---|
| JASON C. COHEN ET AL: "Incorporating Hardware Trust Mechanisms in Apache Hadoop", 《GLOBECOM WORKSHOPS(GC WKSHPS),2012 IEEE》 * |
| REINER SAILER ET AL: "Design and Implementation of a TCG-Based Integrity Measurement Architecture", 《USENIX ASSOCIATION PROCEEDINGS OF THE 13TH USENIX SECURITY SYMPOSIUM》 * |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106656915A (en) * | 2015-10-30 | 2017-05-10 | 深圳市中电智慧信息安全技术有限公司 | Cloud security server based on trusted computing |
| CN106650459A (en) * | 2016-11-11 | 2017-05-10 | 大唐高鸿信安(浙江)信息科技有限公司 | System and method for maintaining data credibility of distributed storage system |
| CN108763397A (en) * | 2018-05-22 | 2018-11-06 | 中国科学技术大学苏州研究院 | A kind of data method for placing of the distributed file system of supporting depth study |
| CN108763397B (en) * | 2018-05-22 | 2022-07-08 | 中国科学技术大学苏州研究院 | Data placement method of distributed file system supporting deep learning |
| US11469890B2 (en) * | 2020-02-06 | 2022-10-11 | Google Llc | Derived keys for connectionless network protocols |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104092733B (en) | 2018-09-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Graham et al. | Cyber security essentials | |
| Dai et al. | SBLWT: A secure blockchain lightweight wallet based on trustzone | |
| Islam et al. | A classification and characterization of security threats in cloud computing | |
| Ruan | Platform Embedded Security Technology Revealed | |
| Aguiar et al. | An overview of issues and recent developments in cloud computing and storage security | |
| US9208335B2 (en) | Space-time separated and jointly evolving relationship-based network access and data protection system | |
| US8966642B2 (en) | Trust verification of a computing platform using a peripheral device | |
| US20120324236A1 (en) | Trusted Snapshot Generation | |
| WO2016164275A1 (en) | Security system for data communications including key management and privacy | |
| Popoola et al. | Ransomware: Current trend, challenges, and research directions | |
| KR102134491B1 (en) | Network based management of protected data sets | |
| Cabrera-Gutiérrez et al. | Integration of hardware security modules and permissioned blockchain in industrial iot networks | |
| Aldribi et al. | Data sources and datasets for cloud intrusion detection modeling and evaluation | |
| Hosseinzadeh et al. | Recent trends in applying TPM to cloud computing | |
| CN104092733A (en) | Credibility distribution type file system based on HDFS | |
| Prostov et al. | Construction and security analysis of private directed acyclic graph based systems for internet of things | |
| Lakhe | Practical Hadoop Security | |
| Furtak et al. | Procedures for sensor nodes operation in the secured domain | |
| Faizi et al. | Secured Cloud for Enterprise Computing. | |
| Nayak et al. | Review of ransomware attacks and a data recovery framework using autopsy digital forensics platform | |
| Boyarchuk et al. | Keeping up with the emotets: Tracking a multi-infrastructure botnet | |
| Ko et al. | Trends in Mobile Ransomware and Incident Response from a Digital Forensics Perspective | |
| Zhong et al. | Construction of a trusted SaaS platform | |
| Jenkins | Defense in Depth of Resource-Constrained Devices | |
| Jungwirth et al. | Cyber defense through hardware security |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |