CN107147649A - Data-optimized dispatching method based on cloud storage - Google Patents

Data-optimized dispatching method based on cloud storage Download PDF

Info

Publication number
CN107147649A
CN107147649A CN201710331084.0A CN201710331084A CN107147649A CN 107147649 A CN107147649 A CN 107147649A CN 201710331084 A CN201710331084 A CN 201710331084A CN 107147649 A CN107147649 A CN 107147649A
Authority
CN
China
Prior art keywords
data
tenant
cloud
storage
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710331084.0A
Other languages
Chinese (zh)
Inventor
赖真霖
文君
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chengdu Sixiang Lianchuang Technology Co Ltd
Original Assignee
Chengdu Sixiang Lianchuang Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chengdu Sixiang Lianchuang Technology Co Ltd filed Critical Chengdu Sixiang Lianchuang Technology Co Ltd
Priority to CN201710331084.0A priority Critical patent/CN107147649A/en
Publication of CN107147649A publication Critical patent/CN107147649A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources

Landscapes

  • Engineering & Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a kind of data-optimized dispatching method based on cloud storage, this method includes:Credible reconstruct is carried out to the part of nodes in cloud computing platform;Identity and its required service of the cloud platform according to tenant, are that tenant customization service uses strategy;For calculating task, the description file of tenant's calculating task is submitted to cluster controller by cloud platform interface, if tenant's virtual machine image file is encrypted, forbids opening tenant's virtual machine;For data storage or operation task, the description file of tenant's store tasks is given storage control by cloud platform interface;Storage control sends to data server and instructed, and carries out the storage of data, fetches or read and write.The present invention proposes a kind of data-optimized dispatching method based on cloud storage, and guarantee is provided for the correct execution of data safety memory mechanism.

Description

Data-optimized dispatching method based on cloud storage
Technical field
The present invention relates to distributed storage, more particularly to a kind of data-optimized dispatching method based on cloud storage.
Background technology
Under cloud computing service pattern, tenant is by data and AH to cloud platform, and the transparency of cloud service makes tenant The control to data is lost, because server credibility is difficult to assess, therefore, problem of data safety turns into tenant under cloud platform Primary worry.Cloud computing is to carry out associative operation, therefore, the identity between tenant and cloud to data according to the service request of tenant Certification be ensure data not by illegal tenant assume another's name access premise.After tenant is by authentication, it can use what cloud was provided Data storage and calculating are serviced.By mass data storage to cloud platform, simultaneously Delegation Server device is calculated data tenant, locally The copy of data storage, when tenant has found that data integrity is destroyed, can only not place hope on the calamity standby host system of server. For the dynamic data in service is calculated, the characteristics of there is multi-tenant due to cloud computing, tenant is by service processes to data Access and calculate, the process carrier of share and access turns into the centrostigma of authority, and shared leak is threatened and need to taken for tenant's dimension Authority isolation mech isolation test.In the event of data safety event, how tenant is a key issue to server tracks, at present Mechanism need the details of cloud service, it is more difficult to realize.Additionally, due to credible base mechanism is lacked, security mechanism may be attacked, Distort, it is impossible to play a role.
The content of the invention
To solve the problems of above-mentioned prior art, the present invention proposes a kind of data-optimized tune based on cloud storage Degree method, including:
Credible reconstruct is carried out to the part of nodes in cloud computing platform, based on external security smart card and safety Hypervisor sets up Trust transitivity mechanism, it is ensured that the other security modules disposed on cloud computing platform have believable execution ring Border;
Identity and its required service of the cloud platform according to tenant, are that tenant customization service uses strategy, once tenant is logical Authentication is crossed, then uses cloud service according to predefined security strategy;
For calculating task, the description file of tenant's calculating task is submitted to cluster controller by cloud platform interface, works as collection When virtual machine image file is dispatched to insincere node by group controller, if tenant's virtual machine image file is encrypted, prohibit Only open tenant's virtual machine;
For data storage or operation task, the description file of tenant's store tasks is given storage control by cloud platform interface Device;Storage control sends to data server and instructed, and carries out the storage of data, fetches or read and write;Tenant by data storage extremely Before cloud platform, data are pre-processed first with the distributed storage module of cloud storage system, when tenant will confirm cloud During the security of middle data storage, distributed storage module is called to verify again.
Preferably, methods described also includes:To the calculating task of dynamic data, cluster controller is according to the money of each host node Share tasks are dispatched on the host node of free time by source status information, by the anti-dynamic of software virtualization module of cloud storage system The privacy and integrality of data are destroyed.
Preferably, the safe cloud storage system includes TPM calculating platforms, and the TPM calculating platforms are by external credible intelligence It can block and trust chain is set up to the node of server for starting point, build and be based on virtualization architecture calculating platform, for certification, data protection Execution provide credible base.
Preferably, the safe cloud storage system also includes cross-domain authentication module, for based on existing tenant's identity card Book and private clound realize the two-way authentication of tenant and public cloud.
Preferably, the distributed storage module of the safe cloud storage system, for providing to the complete of static storage data Integrity verification and data recovery function, and the server revealed is followed the trail of in leaking data.
Preferably, the software virtualization module of the safe cloud storage system is used for by following the trail of the privacy in application program Private file in data, operating system, realizes the protection to tenant's dynamic data.
Preferably, the safe cloud storage system also includes Identity Management agent, for the node with TPM calculating platforms Interact, the identity to trusted node is managed, and tenant's identity information is managed and protected.
The present invention compared with prior art, with advantages below:
The present invention proposes a kind of data-optimized dispatching method based on cloud storage, is the correct of data safety memory mechanism Perform to provide and ensure.
Brief description of the drawings
Fig. 1 is the flow chart of the data-optimized dispatching method according to embodiments of the present invention based on cloud storage.
Embodiment
Retouching in detail to one or more embodiment of the invention is hereafter provided together with illustrating the accompanying drawing of the principle of the invention State.The present invention is described with reference to such embodiment, but the invention is not restricted to any embodiment.The scope of the present invention is only by right Claim is limited, and the present invention covers many replacements, modification and equivalent.Illustrate in the following description many details with Thorough understanding of the present invention is just provided.These details are provided for exemplary purposes, and without in these details Some or all details can also realize the present invention according to claims.
An aspect of of the present present invention provides a kind of data-optimized dispatching method based on cloud storage.Fig. 1 is according to the present invention The data-optimized dispatching method flow chart based on cloud storage of embodiment.
The method of the present invention is realized by providing the safe cloud storage system of comprehensive data security protecting for tenant, first The TPM calculating platforms based on security mechanism are first built, tenant are carried out to the access of data on the platform safe and efficient Authentication provides fine-grained data between multi-tenant there is provided the protection mechanism of the data to storage and authentication mechanism Isolation and control.The realization of Formal Modeling, data object mark and Tracing Control is carried out for mark system and data stream rule Mechanism.In code layer, execution point location and the monitoring for meeting security strategy are realized;In operating system layer, based on unified safety Policy model provides the support to upper layer application, and operating system layer is transferred to using tenant's information as application context semanteme, real Fine-grained data control is showed and has protected.
Safe cloud storage system includes TPM calculating platforms, cross-domain authentication module, distributed storage module, software virtualization Module and Identity Management agent.It is that starting point sets up trust chain to the node of server first by external security smart card, builds TPM calculating platforms based on virtualization architecture, the execution for certification, data protection provides credible base;Cross-domain authentication module base In existing tenant's letter of identity and private clound, the two-way authentication of tenant and public cloud is realized;The offer pair of distributed storage module The integrity verification and data recovery function of static storage data, and the server revealed is followed the trail of in leaking data;It is soft Part virtualization modules are realized to tenant's dynamic by following the trail of the private file in the private data in application program, operating system The protection of data;The node of Identity Management agent and TPM calculating platforms is interacted, and the identity to trusted node is managed, And tenant's identity information is managed and protected.
Identity and its required service of the cloud platform according to tenant, are that tenant customization service uses strategy, once tenant is logical Authentication is crossed, then uses cloud service according to predefined security strategy.Server is first to the part of nodes in cloud computing platform Credible reconstruct is carried out, Trust transitivity mechanism is set up based on external security smart card and safe Hypervisor, it is ensured that cloud computing is put down The other security modules disposed on platform have believable performing environment, will not be destroyed by malicious code.Used below in conjunction with tenant The flow of service, illustrates the workflow of safe cloud storage system:
When tenant will use cloud service, input password carries out authentication, by cross-domain authentication module and Identity Management Agent realizes the two-way authentication between tenant and cloud.
Bidirectional identity authentication is by rear, and tenant submits the mission requirements of oneself by cloud platform interface, when tenant have submitted After mission requirements, the use needs to computing resource or storage resource that the task is related to are awarded by tenant's strategic server Power.If all operations of tenant task are allowed to, it is respectively processed according to the type of service request.Appoint for calculating Description file to tenant's calculating task is submitted to cluster controller by business, cloud platform interface, due to tenant's virtual machine mirror image text Part is encrypted, even if virtual machine image file is dispatched to insincere node by cluster controller, can not also open tenant's virtual machine. For data storage or operation task, the description file of tenant's store tasks is given storage control by cloud platform interface.
Task to storing or accessing static data, storage control sends to data server and instructed, and carries out data The operation such as store, fetch or read and write.Tenant is by before data storage to cloud platform, first with distributed storage module to data Pre-processed.When tenant will confirm the security of data storage in cloud, distributed storage module is called to verify again.
To the calculating task of dynamic data, cluster controller is by the resource state information according to each host node by share tasks On the host node for being dispatched to the free time, and it is responsible for the configuration of network, after calculating task is issued, data are calculated in virtual machine, soft Part virtualization modules prevent the privacy and integrality of dynamic data from being destroyed by cloud application security breaches or other malice tenant.
For credible reconstruct, using smart card device as credible platform control module, provided for trust computing function Hardware foundation.In the pre-boot, the source code of source code and Dom0 to Xen is compiled multiple operating system boot load module.In loading Xen During the VMM of form, order is performed following order by multiple operating system boot load module, including sets root device, loads VMM systems The kernel mappings that kernel image is Dom0 load an initial ramdisk image, and are the safety zone of host operating system Initial parameter is set, and performed order and order is consistent with configuration file.Related device drives and configuration file are all It is stored in the RAMDisk.In order to realize measurements of the VMM to application software executable code, Hypervisor is carried out credible Reconstruct, increases program perform detection module.This module provides one group of Hook Function interface, metric function is embodied as hook letter Number, including load new procedures and redirect execution, the pathname for the executable file that will load is converted into where the execution file Index node, so, kernel function is directly using index node to disk access executable file.Therefore, program performs inspection Survey module and function pointer is pointed to the Hook Function for realizing metric function, before executable file will be loaded, Hook Function is adjusted With so as to produce corresponding metric, the foundation of measurement checking is trusted program list.After being verified, executable code is found The node of file.It is then charged into executable program and runs.When tenant's executable code is tampered, program perform detection module In loading according to path orientation code content, and the hashed value of calculation code, hashed value and the credible journey obtained by calculating Expection hashed value in sequence table is different, forbids the loading and operation to the process.
Cross-domain authentication module includes tenant end authentication module, Identity Management authentication module and cloud platform authentication module.Tenant Realize that the flow of two-way authentication is described as follows between cloud using cross-domain authentication module:
In registration phase, tenant generates the password of oneself, calls tenant end authentication module generation password authentication primitive, tenant The identity ID and password authentication primitive of tenant are transferred to Identity Management authentication module by end authentication module, and the module is by tenant's Identity information is bound with its password authentication primitive, is stored in database.
In authentication phase, when tenant desires access to public cloud, tenant end authentication module is called first to cloud platform certification Module sends the identity that its affiliated Identity Management authentication module is contained in certification request, certification request.Public cloud generates oneself Password, call cloud platform authentication module to generate password authentication primitive, cloud platform authentication module is by identity ID, the password authentication of cloud The message transmission of primitive and foregoing tenant to the affiliated Identity Management authentication module of tenant, request Identity Management authentication module are realized Its two-way authentication between tenant.Identity Management authentication module is received after the protocol message of cloud, and both sides are carried out with authentication, and Reply certification message and give cloud platform authentication module, by the legitimacy of module verification tenant's identity.If cloud platform authentication module pair The authentication of tenant passes through, then can obtain correct session key, and reply certification message and give tenant end authentication module.Tenant Authentication module is held to verify the legitimacy of cloud identity, cloud authentication is by rear, and tenant receives session key.If tenant and cloud it Between two-way authentication pass through, then a shared session key is set up between both sides.Being used between tenant and cloud service provider should Session key is used for secure communication, and the key is served only for once safety session, to improve security.If any entity is received After the content of certain amount malice interaction, it will disable or lock password, prevent attacker from being soundd out.
Distributed storage module provides general file access interface and basic fault-tolerant ability, supports to the long-range of data Integrity certification and the data block that can determine error;By numeric type data together with the identity binding of server, once Generation leaking data accident, can be with Scout service device.The identity letter of tenant is protected using Identity Management agent certificate server Breath, and authentication code is generated as the storage voucher of tenant;The copyright information of embedded tenant in data value data, in number During according to leakage, positioning is tracked to server by tenant's copyright information.
In distributed storage module, tenant creates private file storehouse and copyright data storehouse, private file storehouse is carried out pre- Processing, hidden file content and fractionation and the redundant storage for realizing file, watermark insertion is carried out to copyright data storehouse:With realization pair The protection of copyrights of data.Based on two kinds of data, copy protection module is deployed in client, integrity verification module, Tracing positioning is deployed in client and cloud server end respectively, and file access module is deployed in Identity Management agent.Copy Tenant's private file is split redundant storage again by protection module, it is ensured that file can be all extensive when occurring certain damage It is multiple.File access module is used for the identity information for protecting tenant, by preventing for tenant's generation storage voucher is authentication storage code Only external attacker obtains more data blocks to reconstruct the data file of tenant.The integrity verification module of tenant side The open checking mark of raw paired data file, and generate challenging value in challenge response agreement and send to file access mould Verified after block, the response for receiving return, export integrity verification result.When data integrity is destroyed, rent is utilized Family is the filename of data block generation to determine wrong block.The integrity verification module of server side, in challenge response association The response to challenging value is generated in view, and is returned to file access module, the request also to confirming wrong block is used as sound Should.The tracing positioning of tenant side consults generation watermark keys with cloud platform tracing positioning, for by copyright data storehouse Bound with server identity, be then based on being embedded in extraction algorithm and embedded copyright watermark is repeated in the copyright data storehouse of tenant.
In data prediction and Stored Procedure, for private file storehouse, tenant is using distributed storage module to data File carries out the pretreatment of many copies, and file is stored to cloud platform, and idiographic flow is as follows:
Private file is divided into k blocks by Step1 tenant, then calls copy protection module, generates the n data field to be stored The title DiD of block and blocki, the data block title of generation is transferred to Identity Management agent text by copy protection module Part access module.
Step2 Identity Managements agent file access module should according to tenant's identity and the generation of data block name information The authentication storage code MID of tenanti, and user's indications UID and MID mapping table is set up, MID is transferred to tenant respectively and divided Cloth storage server.
Step3 tenant is by MIDiDistributed storage server, distributed storage server checking are transferred to data block MIDiWhether it is legal, if legal, by data block and MIDiIn the respective column for writing private data storehouse table.
For copyright data storehouse, tenant calls distributed storage module to be embedded in copyright information, and and server to database Identity binding, flow is as follows:
Step1 tenant calls tenant side tracing positioning to consult generation watermark keys with cloud platform tracing positioning (En, He), and by the key and the identity binding of server, negotiation result is sent to remote trusted mechanism and backed up by tenant.
Step2 tenant calls tenant side tracing positioning, based on original watermark and key, generates N number of copyright watermark, will Copyright watermark is embedded into database as copyright information, and copyright data storehouse then is transferred into cloud platform.
When tenant will confirm whether the data for being stored in cloud platform are complete, integrity verification business.Flow is as follows:
The open checking mark of Step1 tenant's generation data file.
Step2 tenant calls client integrity authentication module, a challenging value is generated, by challenging value and the text to be verified Part block filename DiDiIt is transferred to Identity Management agent file access module.
Step3 file access module polls obtain the MID of data blocki, by challenging value and MIDiIt is transferred to cloud platform complete Property authentication module.
Step4 cloud platform integrity verification module accesses private datas storehouse table obtains tenant data block, and according to challenge Value calculates response, by response and MIDiIt is transferred to Identity Management agent file access module.
Step5 tenant end integrity verification module is verified to response, if passed through, a wheel verification process knot Beam;If do not passed through, the confirmation process of follow-up error block can be carried out.
If Step6 integrity verifications do not pass through, tenant end integrity verification module asks to return again to DiDiMistake Mistaken ideas block confirms response, and file access module polls obtain MIDi, it is desirable to server end integrity verification module is generated to MIDi The response of corresponding data content, tenant end integrity verification module is returned by the response.
Step7 tenant is based on response and oneself pretreatment stage generates DiDiIn parameter, confirm error data field Block, unspoiled k is downloaded according to share by tenant, calls copy protection module reconstruct to obtain data file.
If tenant has found file leakage, confirm the database purchase in which server using distributed storage module Infrastructure, flow is as follows:
Tenant downloads the database file of leakage, calls cloud platform tracing positioning to extract the copyright in database file Watermark, generation (En ', He '), the similarity to original watermark key (En, He) and (En ', He ') is compared, if similar Degree is more than certain threshold value, then judges that watermark is present, and determines that leaking data occurs for server.
In software virtualization module, a side of the source and destination entity of data flow is main body thread, and a side is yes in addition Thread or data object, or operating system abstract resource.
If thread p will read a private file f (founder of file distributes safety label for it), following flow is performed:
Step1 threads p is intercepted and captured to private data d read operation request by private data monitoring module, judges aforesaid operations Whether traffic policing is met;
Step2 obtains main body p (i.e. the mark of privileged secure class where it) sum first into the signature library of specified location Marked according to d privacy and integrality.
Step3, which will be marked, to be sent to traffic policing Predicated execution module and sending strategy decision request.
Step4 traffic policings determination module obtains main body thread p ability;
Marks of the Step5 based on data d, and thread p ability and mark carry out traffic policing detection;
Whether the operation that Step6 judgements p will read a private data d meets data flow rule, and returns to strategy judgement knot Really.
Finally, decided whether to allow thread p to read private data d according to policy decision outcome.
Software virtualization module is additionally operable to follow the trail of the private data of tenant, and according to the transmission of security strategy control data. On the one hand, software virtualization module is realized the fine granularity mark of data objects rank and followed the trail of, in the process address space not Data with tenant effectively can also be followed the trail of and isolated, i.e. the data flow control of code layer.Developer only needs will be based on mark The strategy of note is added in existing application with fixed program structure.When code will operate the private data of tenant, based on most Small franchise principle is endowed specific principal rights, and tracking is marked and strategy judges, only meets security strategy and just performs Private data is operated.On the other hand, there is provided in upper layer application for the safety enhancing of progress VME operating system aspect API related to data flow control support, operating system layer is transferred to using tenant's information as the parameter that system is called, and to text Part system is marked and protected, the data transfer between control main body and system resource.
In software virtualization module, labeled object includes the private data object in java applet, operating system In operating system abstraction resource and main body thread.The privacy and integrality label of object do not allow change after setting up, such as Fruit needs to change the mark of object, can only replicate one new object of generation, and become for its distribution according to data flow constraint rule Safety label after more.The mark of main body can be changed, separately below coded description layer and operating system layer data flow control Operation principle.
The method of the present invention is based on Java language and carries out fine-grained mark and tracking.Code layer data is added in JVM Flow-control mechanism, performs security strategy in the address space of process, supports dynamic class loading and multithreading.Work as operating system When corresponding access control mechanisms are set, only JVM processes are allowed to access data.
The JVM internal memory Zhong Zhan areas whole objects of storage in Memory Allocation, some privacy objects according to tenant tactful quilt Privacy and integrality mark are distributed, the mark of stack object is defined array type.In object with safety label is stored in Deposit in the separate space in stack, there is the pointer for pointing to its privacy and integrality mark in the head of object.Object is marked at During can not change, it is to avoid because object tag, which is changed, causes the convert channel of information.Present invention introduces code layer Data flow control mechanism all objects are not marked, only processing tenant's private data program at add mark Note and policy depiction, existing application is explicitly added to by newly-increased mark and data flow control policy in the form of code segment In, to control the data transfer between thread and stack object and between stack object, it is referred to as privileged secure class.
Operation for control program to flag data, is changed accordingly in the application.For object distribution During stack internal memory, addition sets the associative operation of mark.When the operation such as reading or writing to tagged object, the data in operation are judged Whether flow direction meets policing rule, and the operation for only meeting security strategy is just allowed to.
For the data flow control of operating system layer, operating system layer provides related to data flow control to upper strata JVM System is called, and application context is transferred into operating system layer, enables operating system thread according to fine-grained Preservation tactics The protection to data is realized, unified Security Policy Model is realized in application layer and operating system layer.
Same tenant is compatible to the mark of stack object in JVM and to the mark of operating-system resources, so that operation System could follow the trail of according to the mark of code layer and provide support.The abstract mark of operating-system resources is the integer value of 64, is deposited Storage is in the extended attribute domain of various Resource Abstracts.Thread is as main body, with the addition to mark or deletion ability.Operation system The competence set by thread for mark of uniting is stored in performance database.
Software virtualization module is marked to the message buffer of pipeline, and the communication process is controlled. When only meeting data transfer rule between the mark of process and the mark of management message buffer, just process is allowed to read in pipeline Data or data are write into pipeline.
In order that secure data flow control is supported in distributed document storage, operation is run on namenode and back end System layer.By privacy and integrality mark write structure body node data structure, by the data structure storage in namenode On server.Then the safety label of the affiliated file of data block is put into the data structure of block on each back end.Will Distributed document stores safety label and marks the mapping relations existed also to be stored in the data structure of block with local security.
Operation of the client to file will be according to predefined secure data flow control policy.It is right when creating tab file For tenant's client, distributed file system is stored data into, and provide the safety label of file.When client creates one , it is necessary to perform below scheme during individual tab file:
Step1 clients assign the namenode and some competence sets of back end for storing these files, these abilities Set allows distributed document memory node to create tab file, and this article is created in file system name space by namenode Part.
Step2 clients inquire about a dead zone block, the data section for then flowing into data where the block to namenode Point.
Step3 back end is received after the data of client, is write data into local file system and is notified namenode.
If block is copied to other back end by Step4 namenodes, namenode assigns these sections first The corresponding ability of point.
When there is file read-write operations, client is interacted with namenode first, carries out tactful detection by namenode, such as The strategy of data transfer is not met between the mark of fruit client and the mark of filename, then refuses operation requests;If mark Between allow data transfer, then namenode provides the list of back end where this document to client.Back end is being received Also the authority of client is verified during the read-write operation request of client.
If file includes multiple Attribute domains, to set up mapping table between field mark and domain name, the visitor in some domain is operated Family end, which need to only have, can conduct interviews and operate to flag data to the operating right of corresponding field mark.Once main body passes through The authentication of cloud computing system, executable operation includes:A label is created, while also obtain all behaviour to the label Make privilege;Assign ability of other main bodys for the label;The label of object is added or deleted in its limit of power.
To make the present invention reach higher-security, least privilege is incorporated in code layer model, it is to avoid super tenant's The potential safety hazard that maloperation is brought.In addition, public service process handles its operation requests with the privilege of current tenant.Work as tenant When A proposes the operation to its private data, the request is obtained via the escape way in cloud computing system by thread, the thread pair All tenants are to authorize.The thread, once have authenticated the identity of tenant, passes through tenant firstly the need of the identity of certification tenant Contextual information, the thread by its transfer of right be tenant's A main bodys authority.Once thread is by main body Authorization execution to privacy number According to operation, then it has dual capability to A private data label t, and can will assign other main bodys to t ability. If occurring the private data that mistake or malicious attack make thread read user B in code, its privacy label is s, then judges The ability of the main body of thread, does not possess GL according to the main body of thread and forbids the privacy operations to user B.
Operation to private data is entirely encapsulated in privileged secure class.Thread outside privileged secure class can not be obtained pair The internal pointer of sharing data objects, in order to operate the private data object that some is shared, current thread must be by explicitly awarding Power obtains corresponding principal rights.After thread performs the operation in completion code section, it is necessary to the power of explicit revocation current topic Limit, mark and competence set revert to sky.In addition, decrypting and encrypting the main body that both privileged operations are limited at establishing label In its privileged secure class, in order to avoid cause the destruction to tenant data.
Body mark conversion follows the constraint of data transfer rule.The privileged secure class of new main body operation will be nested in previously Among the privileged secure class of main body, and transfer process between main body will follow following principle, that is, its mark of the main body after converting Note and ability are no greater than previous main body.
If privileged secure class has privacy mark, the variable write in privileged secure class can not be pacified by special permission again Program outside universal class is read.I.e. there is the variable privacy with privileged secure class-cause to mark, it is impossible to not possessed the privacy Property mark main body read.If privileged secure class has integrality mark, the change being written outside the privileged secure class Amount can not be read in the privileged secure class.In other words, the variable write outside privileged secure class, it is believed that its integrality is Through destroyed, it is impossible to flow into the high privileged secure class of integrality.
Is there is the place addition testing mechanism of internal memory stack object read-write operation in code layer, is detected in JVM real time executions Whether access of the main body to data object follows secure data flow rule.Inside privileged secure class, testing mechanism will load quilt Access object privacy and integrality mark, mark and ability based on current privileged secure class, the mark of current topic and Ability performs the access operation for data object to judge whether to have the right to main body.Outside privileged secure class, testing mechanism Detect accessed object whether labeled as sky.
The mapping relations existed between mark and the distributed document storage of native operating sys-tern file system are stored in text In the structure information of part block.
In addition to operating system abstraction is marked, operating system layer is also related to data flow control to upper strata API provides corresponding system and called.Operating system layer is transferred to using the application semantics of tenant's authority as the parameter that system is called, Thread is obtained the authority of special body in privileged secure class, just fine-grained data transfer control can be performed with the authority of the main body System.
In summary, the present invention proposes a kind of data-optimized dispatching method based on cloud storage, is data safety storage The correct execution of mechanism, which is provided, to be ensured.
Obviously, can be with general it should be appreciated by those skilled in the art, above-mentioned each module of the invention or each step Computing system realize that they can be concentrated in single computing system, or be distributed in multiple computing systems and constituted Network on, alternatively, the program code that they can be can perform with computing system be realized, it is thus possible to they are stored Performed within the storage system by computing system.So, the present invention is not restricted to any specific hardware and software combination.
It should be appreciated that the above-mentioned embodiment of the present invention is used only for exemplary illustration or explains the present invention's Principle, without being construed as limiting the invention.Therefore, that is done without departing from the spirit and scope of the present invention is any Modification, equivalent substitution, improvement etc., should be included in the scope of the protection.In addition, appended claims purport of the present invention Covering the whole changes fallen into scope and border or this scope and the equivalents on border and repairing Change example.

Claims (7)

1. a kind of data-optimized dispatching method based on cloud storage, is protected applied in cloud storage system to tenant data Shield, it is characterised in that including:
Credible reconstruct is carried out to the part of nodes in cloud computing platform, built based on external security smart card and safe Hypervisor Vertical Trust transitivity mechanism, it is ensured that the other security modules disposed on cloud computing platform have believable performing environment;
Identity and its required service of the cloud platform according to tenant, are that tenant customization service uses strategy, once tenant passes through body Part certification, then use cloud service according to predefined security strategy;
For calculating task, the description file of tenant's calculating task is submitted to cluster controller by cloud platform interface, when collection team control When virtual machine image file is dispatched to insincere node by device processed, if tenant's virtual machine image file is encrypted, forbid out Open tenant's virtual machine;
For data storage or operation task, the description file of tenant's store tasks is given storage control by cloud platform interface; Storage control sends to data server and instructed, and carries out the storage of data, fetches or read and write;Tenant equals data storage to cloud Before platform, data are pre-processed first with the distributed storage module of cloud storage system, when tenant will confirm Yun Zhongcun When storing up the security of data, distributed storage module is called to verify again.
2. according to the method described in claim 1, it is characterised in that methods described also includes:To the calculating task of dynamic data, Share tasks are dispatched on the host node of free time by cluster controller according to the resource state information of each host node, by cloud storage system The software virtualization module of system prevents the privacy and integrality of dynamic data to be destroyed.
3. according to the method described in claim 1, it is characterised in that the safe cloud storage system includes TPM calculating platforms, institute It is that starting point sets up trust chain to the node of server that TPM calculating platforms, which are stated, by external security smart card, is built based on virtualization frame Structure calculating platform, the execution for certification, data protection provides credible base.
4. according to the method described in claim 1, it is characterised in that the safe cloud storage system also includes cross-domain certification mould Block, for realizing the two-way authentication of tenant and public cloud based on existing tenant's letter of identity and private clound.
5. according to the method described in claim 1, it is characterised in that the distributed storage module of the safe cloud storage system, For providing integrity verification and data recovery function to static storage data, and follow the trail of what is revealed in leaking data Server.
6. according to the method described in claim 1, it is characterised in that the software virtualization module of the safe cloud storage system is used In by following the trail of the private file in the private data in application program, operating system, the protection to tenant's dynamic data is realized.
7. according to the method described in claim 1, it is characterised in that the safe cloud storage system also includes Identity Management Agent, is interacted, the identity to trusted node is managed for the node with TPM calculating platforms, and tenant's identity is believed Breath is managed and protected.
CN201710331084.0A 2017-05-11 2017-05-11 Data-optimized dispatching method based on cloud storage Pending CN107147649A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710331084.0A CN107147649A (en) 2017-05-11 2017-05-11 Data-optimized dispatching method based on cloud storage

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710331084.0A CN107147649A (en) 2017-05-11 2017-05-11 Data-optimized dispatching method based on cloud storage

Publications (1)

Publication Number Publication Date
CN107147649A true CN107147649A (en) 2017-09-08

Family

ID=59776860

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710331084.0A Pending CN107147649A (en) 2017-05-11 2017-05-11 Data-optimized dispatching method based on cloud storage

Country Status (1)

Country Link
CN (1) CN107147649A (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108449364A (en) * 2018-05-08 2018-08-24 北京明朝万达科技股份有限公司 A kind of distributed identity authentication method and cloud certification node
CN110830351A (en) * 2018-08-07 2020-02-21 深信服科技股份有限公司 Tenant management and service providing method and device based on SaaS service mode
CN112543109A (en) * 2019-09-20 2021-03-23 上海数荃数据科技有限公司 Cloud host creation method, system, server and storage medium
WO2021109784A1 (en) * 2019-12-06 2021-06-10 中兴通讯股份有限公司 Application management method, system and server in hybrid cloud environment
CN114301651A (en) * 2021-12-22 2022-04-08 河南大学 CP-ABE-based yellow river dam bank monitoring data sharing method
CN114567479A (en) * 2022-02-28 2022-05-31 中国科学院软件研究所 Intelligent equipment safety control reinforcement and monitoring early warning method

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103888251A (en) * 2014-04-11 2014-06-25 北京工业大学 Virtual machine credibility guaranteeing method in cloud environment
CN104134038A (en) * 2014-07-31 2014-11-05 浪潮电子信息产业股份有限公司 Safe and credible operation protective method based on virtual platform
CN105224385A (en) * 2015-09-03 2016-01-06 成都中机盈科科技有限公司 A kind of virtualization system based on cloud computing and method
US20160366113A1 (en) * 2015-06-09 2016-12-15 Skyhigh Networks, Inc. Wildcard search in encrypted text
CN106375323A (en) * 2016-09-09 2017-02-01 浪潮软件股份有限公司 Kerberos identity authentication method in multi-tenant mode

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103888251A (en) * 2014-04-11 2014-06-25 北京工业大学 Virtual machine credibility guaranteeing method in cloud environment
CN104134038A (en) * 2014-07-31 2014-11-05 浪潮电子信息产业股份有限公司 Safe and credible operation protective method based on virtual platform
US20160366113A1 (en) * 2015-06-09 2016-12-15 Skyhigh Networks, Inc. Wildcard search in encrypted text
CN105224385A (en) * 2015-09-03 2016-01-06 成都中机盈科科技有限公司 A kind of virtualization system based on cloud computing and method
CN106375323A (en) * 2016-09-09 2017-02-01 浪潮软件股份有限公司 Kerberos identity authentication method in multi-tenant mode

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
刘婷婷: "面向云计算的数据安全保护关键技术研究", 《中国博士学位论文全文数据库 信息科技辑》 *

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108449364A (en) * 2018-05-08 2018-08-24 北京明朝万达科技股份有限公司 A kind of distributed identity authentication method and cloud certification node
CN110830351A (en) * 2018-08-07 2020-02-21 深信服科技股份有限公司 Tenant management and service providing method and device based on SaaS service mode
CN112543109A (en) * 2019-09-20 2021-03-23 上海数荃数据科技有限公司 Cloud host creation method, system, server and storage medium
CN112543109B (en) * 2019-09-20 2023-08-15 上海数荃数据科技有限公司 Cloud host creation method, cloud host creation system, server and storage medium
WO2021109784A1 (en) * 2019-12-06 2021-06-10 中兴通讯股份有限公司 Application management method, system and server in hybrid cloud environment
CN114301651A (en) * 2021-12-22 2022-04-08 河南大学 CP-ABE-based yellow river dam bank monitoring data sharing method
CN114567479A (en) * 2022-02-28 2022-05-31 中国科学院软件研究所 Intelligent equipment safety control reinforcement and monitoring early warning method

Similar Documents

Publication Publication Date Title
CN110414268B (en) Access control method, device, equipment and storage medium
CN106462438B (en) The proof of host comprising trusted execution environment
CN107147649A (en) Data-optimized dispatching method based on cloud storage
US11080419B2 (en) Distributed data rights management for peer data pools
Chen et al. A software-hardware architecture for self-protecting data
CN106911814A (en) Large-scale data distributed storage method
US9784260B2 (en) System and method for processor-based security
CA2640804C (en) Method and system for integrated securing and managing of virtual machines and virtual appliances
KR100930218B1 (en) Method, apparatus and processing system for providing a software-based security coprocessor
CN109565444A (en) Safe public cloud
CN107135223A (en) The data persistence method of Mass Data Management system
CN109923548A (en) Method, system and the computer program product that encryption data realizes data protection are accessed by supervisory process
US20080250493A1 (en) Method, System and Computer Program for Automating Configuration of Software Applications
JP2022539969A (en) Using secure memory enclaves from the context of the process container
US11750652B2 (en) Generating false data for suspicious users
MX2014007102A (en) Facilitating system service request interactions for hardware-protected applications.
Lebedev et al. Sanctorum: A lightweight security monitor for secure enclaves
Russinovich et al. Toward confidential cloud computing: Extending hardware-enforced cryptographic protection to data while in use
De Benedictis et al. A novel architecture to virtualise a hardware-bound trusted platform module
Maass et al. In-nimbo sandboxing
US10691356B2 (en) Operating a secure storage device
Krautheim Building trust into utility cloud computing
Pontes et al. Attesting AMD SEV-SNP Virtual Machines with SPIRE
Haider et al. Leveraging hardware isolation for process level access control & authentication
Chen Architecture for data-centric security

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20170908