CN106911814A - Large-scale data distributed storage method - Google Patents

Large-scale data distributed storage method Download PDF

Info

Publication number
CN106911814A
CN106911814A CN201710330182.2A CN201710330182A CN106911814A CN 106911814 A CN106911814 A CN 106911814A CN 201710330182 A CN201710330182 A CN 201710330182A CN 106911814 A CN106911814 A CN 106911814A
Authority
CN
China
Prior art keywords
tenant
data
authentication
module
cloud
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710330182.2A
Other languages
Chinese (zh)
Inventor
赖真霖
文君
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chengdu Sixiang Lianchuang Technology Co Ltd
Original Assignee
Chengdu Sixiang Lianchuang Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chengdu Sixiang Lianchuang Technology Co Ltd filed Critical Chengdu Sixiang Lianchuang Technology Co Ltd
Priority to CN201710330182.2A priority Critical patent/CN106911814A/en
Publication of CN106911814A publication Critical patent/CN106911814A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a kind of large-scale data distributed storage method, the method includes:The TPM calculating platforms based on security mechanism are built, the data access to tenant on the platform carries out authentication, there is provided protection and authentication mechanism to the data of storage, and to carrying out data isolation between multi-tenant.The present invention proposes a kind of large-scale data distributed storage method, for the correct execution of data safety memory mechanism provides guarantee.

Description

Large-scale data distributed storage method
Technical field
The present invention relates to distributed storage, more particularly to a kind of large-scale data distributed storage method.
Background technology
Under cloud computing service pattern, by data and AH to cloud platform, the transparency of cloud service makes tenant to tenant The control to data is lost, because server credibility is difficult assessment, therefore, problem of data safety is as tenant under cloud platform Primary worry.Cloud computing is that data are carried out with associative operation according to the service request of tenant, therefore, the identity between tenant and cloud Certification be ensure data not by illegal tenant assume another's name access premise.Tenant is by after authentication, it is possible to use what cloud was provided Data storage and calculating are serviced.By mass data storage to cloud platform, simultaneously Delegation Server device is calculated data tenant, locally The copy of data storage, when tenant has found that data integrity is destroyed, can only not place hope on the calamity standby host system of server. For the characteristics of calculating the dynamic data in servicing, having multi-tenant due to cloud computing, tenant is by service processes to data Access and calculate, the process carrier of share and access turns into the centrostigma of authority, shared leak is threatened and need to taken for tenant's dimension Authority isolation mech isolation test.In the event of data safety event, how tenant is a key issue to server tracks, at present Mechanism need the details of cloud service, it is more difficult to realize.Additionally, due to credible base mechanism is lacked, security mechanism may be attacked, Distort, it is impossible to play a role.
The content of the invention
To solve the problems of above-mentioned prior art, the present invention proposes a kind of large-scale data distributed storage side Method, including:
The TPM calculating platforms based on security mechanism are built, carrying out identity to the data access of tenant on the platform recognizes Card, there is provided protection and authentication mechanism to the data of storage, and to carrying out data isolation between multi-tenant.
Preferably, it is described to build the TPM calculating platforms based on security mechanism, further include:
Using smart card device as credible platform control module, multiple operating system boot load module in the pre-boot, to Xen's The source code of source code and Dom0 is compiled;When the VMM of Xen forms is loaded, multiple operating system boot load module performs such as order Under order, including set root device, load VMM system kernel images, be Dom0 kernel mappings load one it is initial Ramdisk images, and for the safety zone of host operating system sets initial parameter, performed order and order and configuration text It is consistent in part, related device drives and configuration file are all stored in the RAMDisk.
Preferably, methods described also includes:
Credible reconstruct is carried out to Hypervisor, increases program perform detection module, the module provides one group of Hook Function Interface, Hook Function is embodied as by metric function, including is loaded new procedures and redirected execution, the executable file that will load Pathname be converted into the execution file where index node, kernel function is directly executable to disk access using index node File;Function pointer is pointed to program perform detection module the Hook Function for realizing metric function, to be loaded in executable file Before, Hook Function is called so as to produce corresponding metric, and the foundation for measuring checking is trusted program list;It is verified Afterwards, the node of executable code file is found, executable program is then charged into and is run.
Preferably, when tenant's executable code is tampered, program perform detection module is in loading according to path orientation Code content, and calculation code hashed value, the expected hashed value in hashed value obtained by calculating and the trusted program list Difference, forbids the loading and operation to the process.
Preferably, the data access to tenant carries out authentication, further includes:
In registration phase, tenant generates the password of oneself, password authentication primitive is generated, by the identity information and Qi Kou of tenant Order checking primitive binding, stores in database;
In authentication phase, when tenant desires access to public cloud, certification request is sent to cloud platform authentication module first, recognized The identity of its affiliated Identity Management authentication module is contained in card request;
Public cloud generates the password of oneself, password authentication primitive is generated, by the identity ID of cloud, password authentication primitive and rent Its two-way authentication between tenant is realized in the message transmission at family to the affiliated Identity Management authentication module of tenant, request;
After Identity Management authentication module receives the protocol message of cloud, authentication is carried out to both sides, verify tenant's identity Legitimacy;If authentication of the cloud platform authentication module to tenant passes through, correct session key can be obtained, and reply certification Message gives tenant end;
The legitimacy of cloud identity is verified at tenant end, and after cloud authentication passes through, tenant receives session key;If tenant and Two-way authentication between cloud passes through, then a shared session key is set up between both sides;
It is used for secure communication using the session key between tenant and cloud service provider, the key is served only for once safety Session;If after any entity receives the content of certain amount malice interaction, it will disable or lock password, prevent from attacking The person of hitting is soundd out.
The present invention compared to existing technology, with advantages below:
The present invention proposes a kind of large-scale data distributed storage method, is the correct execution of data safety memory mechanism There is provided guarantee.
Brief description of the drawings
Fig. 1 is the flow chart of large-scale data distributed storage method according to embodiments of the present invention.
Specific embodiment
Retouching in detail to one or more embodiment of the invention is hereafter provided together with the accompanying drawing of the diagram principle of the invention State.The present invention is described with reference to such embodiment, but the invention is not restricted to any embodiment.The scope of the present invention is only by right Claim is limited, and the present invention covers many replacements, modification and equivalent.Illustrate in the following description many details with Thorough understanding of the present invention is just provided.These details are provided for exemplary purposes, and without in these details Some or all details can also realize the present invention according to claims.
An aspect of of the present present invention provides a kind of large-scale data distributed storage method.Fig. 1 is implemented according to the present invention The large-scale data distributed storage method flow chart of example.
The method of the present invention is realized by providing the safe cloud storage system of comprehensive data security protecting for tenant, first The TPM calculating platforms based on security mechanism are first built, the access to tenant to data on the platform is carried out safely and efficiently Authentication, there is provided the protection mechanism and authentication mechanism of the data to storing, and fine-grained data between multi-tenant are provided Isolation and control.The realization of Formal Modeling, data object mark and Tracing Control is carried out for mark system and data stream rule Mechanism.In code layer, realization meets execution point location and the monitoring of security strategy;In operating system layer, based on unified safety Policy model provides the support to upper layer application, and operating system layer is transferred to using tenant's information as application context semanteme, real Fine-grained data control is showed and has protected.
Safe cloud storage system includes TPM calculating platforms, cross-domain authentication module, distributed storage module, software virtualization Module and Identity Management agent.First by external security smart card for starting point sets up trust chain to the node of server, build TPM calculating platforms based on virtualization architecture, for the execution of certification, data protection provides credible base;Cross-domain authentication module base In existing tenant's letter of identity and private clound, the two-way authentication of tenant and public cloud is realized;It is right that distributed storage module is provided The integrity verification and data recovery function of static storage data, and the server that tracking is revealed in leaking data;It is soft Part virtualization modules are realized to tenant's dynamic by following the trail of the private data in application program, the private file in operating system The protection of data;The node of Identity Management agent and TPM calculating platforms is interacted, and the identity to trusted node is managed, And tenant's identity information is managed and protected.
Identity and its required service of the cloud platform according to tenant, are that tenant customization service uses strategy, once tenant is logical Authentication is crossed, then uses cloud service according to predefined security strategy.Server is first to the part of nodes in cloud computing platform Credible reconstruct is carried out, Trust transitivity mechanism is set up based on external security smart card and safe Hypervisor, it is ensured that cloud computing is put down Other security modules disposed on platform have believable performing environment, will not be destroyed by malicious code.Used below in conjunction with tenant The flow of service, illustrates the workflow of safe cloud storage system:
When tenant will use cloud service, input password carries out authentication, by cross-domain authentication module and Identity Management Agent realizes the two-way authentication between tenant and cloud.
After bidirectional identity authentication passes through, tenant submits the mission requirements of oneself to by cloud platform interface, when tenant have submitted After mission requirements, the needs that use to computing resource or storage resource that the task is related to are awarded by tenant's strategic server Power.If all operations of tenant task are allowed to, the type according to service request is respectively processed.Appoint for calculating Business, cloud platform interface will submit to cluster controller to the description file of tenant's calculating task, due to tenant's virtual machine mirror image text Part is encrypted, even if virtual machine image file is dispatched to insincere node by cluster controller, cannot also open tenant's virtual machine. For data storage or operation task, the description file of tenant's store tasks is given storage control by cloud platform interface.
Task to storing or accessing static data, storage control sends to data server and instructs, and carries out data The operation such as store, fetch or read and write.Before tenant is by data storage to cloud platform, first with distributed storage module to data Pre-processed.When the security of data storage during tenant will confirm cloud, distributed storage module is called to verify again.
To the calculating task of dynamic data, cluster controller by according to the resource state information of each host node by share tasks It is dispatched on the host node of free time, and is responsible for the configuration of network, after calculating task is issued, data is calculated in virtual machine, soft Part virtualization modules prevent the privacy and integrality of dynamic data from being destroyed by cloud application security breaches or other malice tenant.
For credible reconstruct, using smart card device as credible platform control module, for trust computing function is provided Hardware foundation.In the pre-boot, the source code of source code and Dom0 to Xen is compiled multiple operating system boot load module.In loading Xen During the VMM of form, order is performed following order by multiple operating system boot load module, including sets root device, loads VMM systems Kernel image, is that the kernel mappings of Dom0 load an initial ramdisk image, and be the safety zone of host operating system Initial parameter is set, performed order and order with it is consistent in configuration file.Related device drives and configuration file are all It is stored in the RAMDisk.In order to realize measurements of the VMM to application software executable code, Hypervisor is carried out credible Reconstruct, increases program perform detection module.This module provides one group of Hook Function interface, metric function is embodied as hook letter Number, including load new procedures and redirect execution, the pathname of the executable file that will load is converted into where the execution file Index node, so, kernel function is directly using index node to disk access executable file.Therefore, program performs inspection Survey module and function pointer is pointed to the Hook Function for realizing metric function, before executable file will be loaded, Hook Function is adjusted With so as to produce corresponding metric, the foundation for measuring checking is trusted program list.After being verified, executable code is found The node of file.It is then charged into executable program and runs.When tenant's executable code is tampered, program perform detection module In loading according to path orientation code content, and calculation code hashed value, hashed value and the credible journey obtained by calculating Expected hashed value in sequence table is different, forbids the loading and operation to the process.
Cross-domain authentication module includes tenant end authentication module, Identity Management authentication module and cloud platform authentication module.Tenant Realize that the flow of two-way authentication is described as follows and cloud between using cross-domain authentication module:
In registration phase, tenant generates the password of oneself, calls tenant end authentication module generation password authentication primitive, tenant The identity ID and password authentication primitive of tenant are transferred to Identity Management authentication module by end authentication module, and the module is by tenant's Identity information is bound with its password authentication primitive, stores in database.
In authentication phase, when tenant desires access to public cloud, tenant end authentication module is called first to cloud platform certification Module sends certification request, and the identity of its affiliated Identity Management authentication module is contained in certification request.Public cloud generates oneself Password, call cloud platform authentication module to generate password authentication primitive, cloud platform authentication module is by identity ID, the password authentication of cloud The message transmission of primitive and foregoing tenant to the affiliated Identity Management authentication module of tenant, request Identity Management authentication module is realized Its two-way authentication between tenant.After Identity Management authentication module receives the protocol message of cloud, both sides are carried out with authentication, and Reply certification message and give cloud platform authentication module, by the legitimacy of module verification tenant's identity.If cloud platform authentication module pair The authentication of tenant passes through, then can obtain correct session key, and reply certification message and give tenant end authentication module.Tenant End authentication module verifies the legitimacy of cloud identity, and after cloud authentication passes through, tenant receives session key.If tenant and cloud it Between two-way authentication pass through, then a shared session key is set up between both sides.Being used between tenant and cloud service provider should Session key is used for secure communication, and the key is served only for once safety session, to improve security.If any entity is received After the content of certain amount malice interaction, it will disable or lock password, prevent attacker from being soundd out.
Distributed storage module provides general file access interface and basic fault-tolerant ability, supports to the long-range of data Integrity certification simultaneously can determine the data block of error;By numeric type data together with the identity binding of server, once Generation leaking data accident, can be with Scout service device.The identity for protecting tenant using the certificate server of Identity Management agent is believed Breath, and generate storage voucher of the authentication code as tenant;The copyright information of embedded tenant in data value data, in number During according to leakage, positioning is tracked to server by tenant's copyright information.
In distributed storage module, tenant creates private file storehouse and copyright data storehouse, private file storehouse is carried out pre- Treatment, hidden file content simultaneously realizes fractionation and the redundant storage of file, and watermark insertion is carried out to copyright data storehouse:It is right to realize The protection of copyrights of data.Based on two kinds of data, copy protection module is deployed in client, integrity verification module, Tracing positioning is deployed in client and cloud server end respectively, and file access module is deployed in Identity Management agent.Copy Tenant's private file is split redundant storage again by protection module, it is ensured that file can be all extensive when there is certain damage It is multiple.File access module is used to protect the identity information of tenant, by the way that for tenant generates storage voucher, to be authentication storage yard prevent Only external attacker obtains more data blocks so as to reconstruct the data file of tenant.The integrity verification module of tenant side The open checking mark of raw paired data file, and challenging value is generated in challenge response agreement and is sent to file access mould Block, is verified after the response for receiving return, exports integrity verification result.When data integrity is destroyed, using rent Family determines wrong block for the filename of data block generation.The integrity verification module of server side, in challenge response association The response to challenging value is generated in view, and is returned to file access module, also to confirming the request of wrong block as sound Should.The tracing positioning of tenant side consults generation watermark keys with cloud platform tracing positioning, for by copyright data storehouse With server identity binding, it is then based on being embedded in extraction algorithm and embedded copyright watermark is repeated in the copyright data storehouse of tenant.
In data prediction and Stored Procedure, for private file storehouse, tenant is using distributed storage module to data File carries out the pretreatment of many copies, and file is stored to cloud platform, and idiographic flow is as follows:
Private file is divided into k blocks by Step1 tenant, then calls copy protection module, generates the n data field to be stored The title DiD of block and blocki, the data block title of generation is transferred to copy protection module the text of Identity Management agent Part access module.
The file access module of Step2 Identity Managements agent should according to tenant's identity and the generation of data block name information The authentication storage code MID of tenanti, and set up the mapping table of user's indications UID and MID, MID is transferred to respectively tenant and point Cloth storage server.
Step3 tenant is by MIDiDistributed storage server, distributed storage server checking are transferred to data block MIDiWhether it is legal, if legal, by data block and MIDiIn the respective column of write-in private data storehouse table.
For copyright data storehouse, tenant calls distributed storage module to be embedded in copyright information, and and server to database Identity binding, flow is as follows:
Step1 tenant calls tenant side tracing positioning to consult generation watermark keys with cloud platform tracing positioning (En, He), and by the key and the identity binding of server, tenant sends to the backup of remote trusted mechanism negotiation result.
Step2 tenant calls tenant side tracing positioning, based on original watermark and key, generates N number of copyright watermark, will Copyright watermark is embedded into database as copyright information, and copyright data storehouse then is transferred into cloud platform.
When tenant will confirm whether storage is complete in the data of cloud platform, integrity verification business.Flow is as follows:
The open checking mark of Step1 tenant's generation data file.
Step2 tenant calls client integrity authentication module, generates a challenging value, by challenging value and the text to be verified Part block filename DiDiIt is transferred to the file access module of Identity Management agent.
Step3 file access module polls obtain the MID of data blocki, by challenging value and MIDiIt is transferred to cloud platform complete Property authentication module.
Step4 cloud platform integrity verification module accesses private datas storehouse table obtains tenant data block, and according to challenge Value calculates response, by response and MIDiIt is transferred to the file access module of Identity Management agent.
Step5 tenant end integrity verification module is verified to response, if passed through, a wheel verification process knot Beam;If do not passed through, the confirmation process of the block that can subsequently be malfunctioned.
If Step6 integrity verifications do not pass through, tenant end integrity verification module asks to return again to DiDiMistake Mistaken ideas block confirms response, and file access module polls obtain MIDi, it is desirable to server end integrity verification module is generated to MIDi The response of corresponding data content, tenant end integrity verification module is returned by the response.
Step7 tenant is based on response and oneself pretreatment stage generates DiDiIn parameter, confirm error data field Block, unspoiled k is downloaded according to share by tenant, is called copy protection module to reconstruct and is obtained data file.
If tenant has found file leakage, confirm the database purchase in which server using distributed storage module Infrastructure, flow is as follows:
Tenant downloads the database file of leakage, the copyright in calling cloud platform tracing positioning to extract database file Watermark, generation (En ', He '), the similarity to original watermark key (En, He) and (En ', He ') is compared, if similar Degree is more than certain threshold value, then judge that watermark is present, and determines that server occurs leaking data.
In software virtualization module, a side of the source and destination entity of data flow is main body thread, and a side is yes in addition Thread or data object, or operating system abstract resource.
If thread p will read a private file f (founder of file is its distribution safety label), following flow is performed:
Step1 threads p is intercepted and captured to the read operation request of private data d by private data monitoring module, judges aforesaid operations Whether traffic policing is met;
Step2 is first to acquisition main body p in the signature library of specified location (i.e. the mark of privileged secure class where it) sum Marked according to the privacy and integrality of d.
Step3 will be marked and sent to traffic policing Predicated execution module and sending strategy decision request.
Step4 traffic policings determination module obtains the ability of main body thread p;
Step5 is based on the mark of data d, and the ability and mark of thread p carry out traffic policing detection;
Step6 judges that p will read whether an operation of private data d meets data flow rule, and returns to strategy judgement knot Really.
Finally, decided whether to allow thread p to read private data d according to policy decision outcome.
Software virtualization module is additionally operable to follow the trail of the private data of tenant, and according to the transmission of security strategy control data. On the one hand, software virtualization module realizes the fine granularity mark of data objects rank and follows the trail of that the process address space is interior not Also can effectively be followed the trail of and be isolated with the data of tenant, be i.e. the data flow con-trol of code layer.Developer only needs will be based on mark The strategy of note is added in existing application with fixed program structure.When code will operate the private data of tenant, based on most Small franchise principle is endowed specific principal rights, is marked tracking and strategy judges, only meets security strategy and just performs Private data is operated.On the other hand, the safety enhancing of VME operating system aspect is carried out, there is provided in upper layer application The support of API related to data flow con-trol, operating system layer is transferred to using tenant's information as the parameter that system is called, and to text Part system is marked and protects, the data transfer between control main body and system resource.
In software virtualization module, labeled object includes private data object, operating system in java applet In operating system abstraction resource and main body thread.The privacy and integrality label of object do not allow change after setting up, such as Fruit needs to change the mark of object, can only replicate one new object of generation, and according to data flow constraint rule for its distribution becomes Safety label after more.The mark of main body can be changed, separately below coded description layer and operating system layer data flow con-trol Operation principle.
The method of the present invention carries out fine-grained mark and tracking based on Java language.Code layer data is added in JVM Flow-control mechanism, performs security strategy in the address space of process, supports dynamic class loading and multithreading.Work as operating system When corresponding access control mechanisms are set, JVM processes are only allowed to access data.
The JVM internal memory Zhong Zhan areas whole objects of storage in Memory Allocation, some privacy objects according to tenant tactful quilt Distribution privacy and integrality mark, the mark of stack object are defined array type.In object with safety label is stored in Deposit in the separate space in stack, there is the pointer for pointing to its privacy and integrality mark in the head of object.Object is marked at During can not change, it is to avoid because object tag change causes the convert channel of information.Present invention introduces code layer Data flow control mechanism all of object is not marked, only treatment tenant's private data program at add mark Note and policy depiction, existing application is explicitly added to by newly-increased mark and data flow control policy in the form of code segment In, to control the data transfer between thread and stack object and between stack object, it is referred to as privileged secure class.
Operation for control program to flag data, is changed accordingly in the application.It is being object distribution During stack internal memory, addition sets the associative operation of mark.When the operation such as reading or writing to tagged object, the data in operation are judged Whether flow direction meets policing rule, and the operation for only meeting security strategy is just allowed to.
For the data flow con-trol of operating system layer, operating system layer provides related to data flow con-trol to upper strata JVM System is called, and application context is transferred into operating system layer, enables operating system thread according to fine-grained Preservation tactics The protection to data is realized, unified Security Policy Model is realized in application layer and operating system layer.
Same tenant to the mark of stack object in JVM and compatible to the mark of operating-system resources so that operation System could be followed the trail of according to the mark of code layer and provide support.The abstract mark of operating-system resources is the integer value of 64, is deposited Storage is in the extended attribute domain of various Resource Abstracts.Thread with the addition to marking or deletes ability as main body.Operation system Unite and thread is stored in performance database for the competence set for marking.
Software virtualization module is marked to the message buffer of pipeline, and the communication between process is controlled. When only meeting data transfer rule between the mark of the mark of process and management message buffer, just in permission process reading pipeline Data or to writing data in pipeline.
In order that secure data flow control is supported in distributed document storage, operation is run on namenode and back end System layer.By privacy and integrality mark write structure body node data structure, by the data structure storage in namenode On server.Then the safety label of the affiliated file of data block is put into the data structure of block on each back end.Will Distributed document stores safety label and also is stored in the data structure of block with the mapping relations of local security mark presence.
Operation of the client to file will be according to predefined secure data flow control policy.It is right when tab file is created For tenant's client, distributed file system is stored data into, and provide the safety label of file.When client creates one , it is necessary to perform below scheme during individual tab file:
Step1 clients assign the namenode and back end some competence sets for storing these files, these abilities Set allows distributed document memory node to create tab file, and this article is created in file system name space by namenode Part.
Step2 clients inquire about a dead zone block, the data section where data then are flowed into the block to namenode Point.
After Step3 back end receives the data of client, write data into local file system and notify namenode.
If block is copied to other back end by Step4 namenodes, namenode assigns these sections first The corresponding ability of point.
When there is file read-write operations, client is interacted with namenode first, carries out tactful detection by namenode, such as The strategy of data transfer is not met between the mark of fruit client and the mark of filename, then refuses operation requests;If mark Between allow data transfer, then namenode provides the list of back end where this document to client.Back end is being received Also the authority of client is verified during the read-write operation request of client.
If file includes multiple Attribute domains, to set up mapping table between field mark and domain name, the visitor in certain domain is operated Family end need to only have can conduct interviews and operate to the operating right of corresponding field mark to flag data.Once main body passes through The authentication of cloud computing system, executable operation includes:A label is created, while also obtain all behaviour to the label Make privilege;Assign ability of other main bodys for the label;The label of object is added or deleted in its limit of power.
To make the present invention reach higher-security, least privilege is incorporated in code layer model, it is to avoid super tenant's The potential safety hazard that maloperation brings.Additionally, public service process processes its operation requests with the privilege of current tenant.Work as tenant When A proposes the operation to its private data, the request is obtained via the escape way in cloud computing system by thread, the thread pair All tenants are to authorize.The thread firstly the need of certification tenant identity, once have authenticated the identity of tenant, by tenant Its transfer of right is the authority of tenant's A main bodys by contextual information, the thread.Once thread is by main body Authorization execution to privacy number According to operation, then it has the dual capability to the private data label t of A, and can will assign other main bodys to the ability of t. If occurring mistake in code or malicious attack making thread read the private data of user B, its privacy label is s, then judge The ability of the main body of thread, the main body according to thread does not possess GL and forbids the privacy operations to user B.
Operation to private data is entirely encapsulated in privileged secure class.Thread outside privileged secure class cannot obtain right The internal pointer of sharing data objects, for the private data object for operating certain shared, current thread must be by explicitly awarding Power obtains corresponding principal rights.After operation during thread performs completion code section, it is necessary to the power of explicit revocation current topic Limit, mark and competence set revert to sky.In addition, decrypting and encrypting the main body that both privileged operations are limited at establishing label In its privileged secure class, in order to avoid cause the destruction to tenant data.
Body mark conversion follows the constraint of data transfer rule.The privileged secure class of new main body operation will be nested in previously Among the privileged secure class of main body, and transfer process between main body will follow following principle, that is, the main body after converting its mark Note and ability are no greater than previous main body.
If there is privileged secure class privacy to mark, the variable write in privileged secure class can not be pacified by special permission again Program outside universal class is read.I.e. the variable has and is marked with the privacy of privileged secure class-cause, it is impossible to do not possessed the privacy Property mark main body read.If there is privileged secure class integrality to mark, the change being written outside the privileged secure class Amount can not be read in the privileged secure class.In other words, the variable write outside privileged secure class, it is believed that its integrality is Through destroyed, it is impossible to flow into integrality privileged secure class high.
Code layer is detected in the place addition testing mechanism for internal memory stack object read-write operation occur in JVM real time executions Whether access of the main body to data object follows secure data flow rule.Inside privileged secure class, testing mechanism will load quilt Access object privacy and integrality mark, mark and ability based on current privileged secure class, the mark of current topic and Ability come judge to main body whether have the right perform for data object access operate.Outside privileged secure class, testing mechanism Detect and whether be accessed for object labeled as sky.
The mapping relations existed between mark and the distributed document storage of native operating sys-tern file system are stored in text In the structure information of part block.
In addition to being marked to operating system abstraction, operating system layer is also related to data flow con-trol to upper strata API provides corresponding system and calls.Operating system layer is transferred to using the application semantics of tenant's authority as the parameter that system is called, Thread is obtained the authority of special body in privileged secure class, just fine-grained data transfer control can be performed with the authority of the main body System.
In sum, the present invention proposes a kind of large-scale data distributed storage method, is data safety memory mechanism Correct execution provide ensure.
Obviously, can be with general it should be appreciated by those skilled in the art, above-mentioned of the invention each module or each step Computing system realize that they can be concentrated in single computing system, or be distributed in multiple computing systems and constituted Network on, alternatively, the program code that they can be can perform with computing system be realized, it is thus possible to they are stored Performed by computing system within the storage system.So, the present invention is not restricted to any specific hardware and software combination.
It should be appreciated that above-mentioned specific embodiment of the invention is used only for exemplary illustration or explains of the invention Principle, without being construed as limiting the invention.Therefore, that is done without departing from the spirit and scope of the present invention is any Modification, equivalent, improvement etc., should be included within the scope of the present invention.Additionally, appended claims purport of the present invention In the whole changes covered in the equivalents for falling into scope and border or this scope and border and repair Change example.

Claims (5)

1. a kind of large-scale data distributed storage method, it is characterised in that including:
The TPM calculating platforms based on security mechanism are built, the data access to tenant on the platform carries out authentication, carries Protection and authentication mechanism for the data to storing, and to carrying out data isolation between multi-tenant.
2. method according to claim 1, it is characterised in that the structure is based on the TPM calculating platforms of security mechanism, enters One step includes:
Using smart card device as credible platform control module, multiple operating system boot load module in the pre-boot, to the source code of Xen Source code with Dom0 is compiled;When the VMM of Xen forms is loaded, multiple operating system boot load module performs order following Order, including root device is set, VMM system kernel images are loaded, it is that the kernel mappings of Dom0 load an initial ramdisk In image, and be that the safety zone of host operating system sets initial parameter, performed order and order and configuration file Unanimously, related device drives and configuration file are all stored in the RAMDisk.
3. method according to claim 2, it is characterised in that methods described also includes:
Credible reconstruct is carried out to Hypervisor, increases program perform detection module, the module provides one group of Hook Function interface, Metric function is embodied as Hook Function, including is loaded new procedures and is redirected execution, the path of the executable file that will load Name be converted into the execution file where index node, kernel function is directly executable literary to disk access using index node Part;Function pointer is pointed to program perform detection module the Hook Function for realizing metric function, before executable file will be loaded, Hook Function is called so as to produce corresponding metric, and the foundation for measuring checking is trusted program list;After being verified, look for To the node of executable code file, it is then charged into executable program and runs.
4. method according to claim 3, it is characterised in that when tenant's executable code is tampered, program performs inspection Module is surveyed in loading according to path orientation code content, and calculation code hashed value, hashed value obtained by calculating with it is described Expected hashed value in trusted program list is different, forbids the loading and operation to the process.
5. method according to claim 1, it is characterised in that the data access to tenant carries out authentication, enters One step includes:
In registration phase, tenant generates the password of oneself, generates password authentication primitive, and the identity information of tenant is tested with its password Card primitive binding, stores in database;
In authentication phase, when tenant desires access to public cloud, certification request is sent to cloud platform authentication module first, certification please The identity of its affiliated Identity Management authentication module is contained in asking;
Public cloud generates the password of oneself, password authentication primitive is generated, by the identity ID of cloud, password authentication primitive and tenant Its two-way authentication between tenant is realized in message transmission to the affiliated Identity Management authentication module of tenant, request;
After Identity Management authentication module receives the protocol message of cloud, authentication is carried out to both sides, verify the legal of tenant's identity Property;If authentication of the cloud platform authentication module to tenant passes through, correct session key can be obtained, and reply certification message Give tenant end;
The legitimacy of cloud identity is verified at tenant end, and after cloud authentication passes through, tenant receives session key;If tenant and cloud it Between two-way authentication pass through, then a shared session key is set up between both sides;
It is used for secure communication using the session key between tenant and cloud service provider, the key is served only for once safety meeting Words;If after any entity receives the content of certain amount malice interaction, it will disable or lock password, preventing from attacking Person is soundd out.
CN201710330182.2A 2017-05-11 2017-05-11 Large-scale data distributed storage method Pending CN106911814A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710330182.2A CN106911814A (en) 2017-05-11 2017-05-11 Large-scale data distributed storage method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710330182.2A CN106911814A (en) 2017-05-11 2017-05-11 Large-scale data distributed storage method

Publications (1)

Publication Number Publication Date
CN106911814A true CN106911814A (en) 2017-06-30

Family

ID=59211121

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710330182.2A Pending CN106911814A (en) 2017-05-11 2017-05-11 Large-scale data distributed storage method

Country Status (1)

Country Link
CN (1) CN106911814A (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108055314A (en) * 2017-12-08 2018-05-18 锐捷网络股份有限公司 The management method and group system of a kind of group system
CN109800596A (en) * 2018-12-27 2019-05-24 余炀 A kind of personal data safety management system
CN110765455A (en) * 2018-09-04 2020-02-07 哈尔滨安天科技集团股份有限公司 Malicious document detection method, device and system based on attribute domain abnormal calling
CN110855714A (en) * 2019-11-29 2020-02-28 广州鲁邦通物联网科技有限公司 Secure connection method and system for multi-tenant equipment
CN114237144A (en) * 2021-11-22 2022-03-25 上海交通大学宁波人工智能研究院 Embedded PLC (programmable logic controller) safe and credible system and method
US11669368B2 (en) 2019-09-28 2023-06-06 Intel Corporation Multi-tenant data protection in edge computing environments

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101350044A (en) * 2008-09-02 2009-01-21 中国科学院软件研究所 Method for constructing virtual environment trust
US20120030475A1 (en) * 2010-08-02 2012-02-02 Ma Felix Kuo-We Machine-machine authentication method and human-machine authentication method for cloud computing
CN104767745A (en) * 2015-03-26 2015-07-08 浪潮集团有限公司 Cloud data security protection method

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101350044A (en) * 2008-09-02 2009-01-21 中国科学院软件研究所 Method for constructing virtual environment trust
US20120030475A1 (en) * 2010-08-02 2012-02-02 Ma Felix Kuo-We Machine-machine authentication method and human-machine authentication method for cloud computing
CN104767745A (en) * 2015-03-26 2015-07-08 浪潮集团有限公司 Cloud data security protection method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
刘婷婷: "面向云计算的数据安全保护关键技术研究", 《中国博士学位论文全文数据库》 *

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108055314A (en) * 2017-12-08 2018-05-18 锐捷网络股份有限公司 The management method and group system of a kind of group system
CN110765455A (en) * 2018-09-04 2020-02-07 哈尔滨安天科技集团股份有限公司 Malicious document detection method, device and system based on attribute domain abnormal calling
CN109800596A (en) * 2018-12-27 2019-05-24 余炀 A kind of personal data safety management system
US11669368B2 (en) 2019-09-28 2023-06-06 Intel Corporation Multi-tenant data protection in edge computing environments
CN110855714A (en) * 2019-11-29 2020-02-28 广州鲁邦通物联网科技有限公司 Secure connection method and system for multi-tenant equipment
CN110855714B (en) * 2019-11-29 2021-09-14 广州鲁邦通物联网科技有限公司 Secure connection method and system for multi-tenant equipment
CN114237144A (en) * 2021-11-22 2022-03-25 上海交通大学宁波人工智能研究院 Embedded PLC (programmable logic controller) safe and credible system and method
CN114237144B (en) * 2021-11-22 2024-04-02 上海交通大学宁波人工智能研究院 System and method for PLC security and credibility based on embedded type

Similar Documents

Publication Publication Date Title
CN111741036B (en) Trusted data transmission method, device and equipment
CN110414268B (en) Access control method, device, equipment and storage medium
CN111638943B (en) Apparatus and method for authenticating host control with protected guest
US9989043B2 (en) System and method for processor-based security
CN106911814A (en) Large-scale data distributed storage method
JP6484255B2 (en) Host attestation, including trusted execution environment
CA2640804C (en) Method and system for integrated securing and managing of virtual machines and virtual appliances
CN107147649A (en) Data-optimized dispatching method based on cloud storage
US11080419B2 (en) Distributed data rights management for peer data pools
KR100930218B1 (en) Method, apparatus and processing system for providing a software-based security coprocessor
Chen et al. A software-hardware architecture for self-protecting data
EP3047375B1 (en) Virtual machine manager facilitated selective code integrity enforcement
CN110851231A (en) Secure public cloud using extended paging and memory integrity
CN109565444A (en) Safe public cloud
CN107135223A (en) The data persistence method of Mass Data Management system
CN109923548A (en) Method, system and the computer program product that encryption data realizes data protection are accessed by supervisory process
CN103154925A (en) Disabling communication in a multiprocessor system
JP7431225B2 (en) trusted intermediary realm
CN106534148A (en) Access control method and device for application
US9961052B2 (en) Virtualized host ID key sharing
Lebedev et al. Sanctorum: A lightweight security monitor for secure enclaves
Russinovich et al. Toward confidential cloud computing: Extending hardware-enforced cryptographic protection to data while in use
US10691356B2 (en) Operating a secure storage device
Krautheim Building trust into utility cloud computing
Park et al. TGVisor: A tiny hypervisor-based trusted geolocation framework for mobile cloud clients

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20170630