CN108156175A - To the access method of shared storage information under cloud computing platform - Google Patents

To the access method of shared storage information under cloud computing platform Download PDF

Info

Publication number
CN108156175A
CN108156175A CN201810061041.XA CN201810061041A CN108156175A CN 108156175 A CN108156175 A CN 108156175A CN 201810061041 A CN201810061041 A CN 201810061041A CN 108156175 A CN108156175 A CN 108156175A
Authority
CN
China
Prior art keywords
data
web application
access
application
copy
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810061041.XA
Other languages
Chinese (zh)
Other versions
CN108156175B (en
Inventor
刘颖
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Securities PENGYUAN credit rating Co.,Ltd.
Original Assignee
Chengdu Hui Zhi Distant View Science And Technology Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chengdu Hui Zhi Distant View Science And Technology Ltd filed Critical Chengdu Hui Zhi Distant View Science And Technology Ltd
Priority to CN201810061041.XA priority Critical patent/CN108156175B/en
Publication of CN108156175A publication Critical patent/CN108156175A/en
Application granted granted Critical
Publication of CN108156175B publication Critical patent/CN108156175B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention provides the access method of shared storage information, this method are included under a kind of cloud computing platform:Terminal access address is parsed, obtains the authentication information of access;The type of access data is judged according to the authentication information, if the type is control data, the processing of control data is carried out by the main control module of private clound;Address requests if the type is Transaction Information are transmitted to the cluster engine of private clound, the processing of Transaction Information is carried out by cluster engine.The present invention is proposed under a kind of cloud computing platform to the access method of shared storage information, and the basic cluster environment of cloud platform is carried out space instances, more fully using the system resource of cluster, solves the problems, such as to take using caused by the private clound of virtual machine.Both it ensure that private data was isolated with clustered node, and also ensured isolation of the private data between application is had verified that, ensure the safety of privately owned storage.

Description

To the access method of shared storage information under cloud computing platform
Technical field
The present invention relates to cloud computing, to the access method of shared storage information under more particularly to a kind of cloud computing platform.
Background technology
The affairs of mobile terminal processing extend to office, the contour security affairs field of payment from traditional communications field.It moves Dynamic terminal, which needs to handle, includes user account information, individual privacy information, pay invoice information, secret file etc..How effectively Ensureing the safety of private data becomes the problem that mobile terminal device carries out safety, secret affairs face.Existing solution Scheme is that private data is encrypted by high intensity cryptographic algorithm, and controls to limit data visit using the permission of clustered node It asks.But the complexity of mobile terminal clustered node and opening make it that can not create safe running environment, clustered node is certainly Body and application are easily subject to malicious attack.In addition by private data be stored encrypted in generic file system there is also by Unauthorised broken leads to risk of attacks.Although credible isolated area technology provides the operation of security isolation for application processing private data When environment, but application and development and the web application and development failed to have verified that provides unified secure access interface, while to sending Safety detection is done in the web applications of Data Access Security request.
Invention content
To solve the problems of above-mentioned prior art, the present invention is proposed under a kind of cloud computing platform to shared storage The access method of information, including:
Terminal access address is parsed, obtains the authentication information of access;
The type of access data is judged according to the authentication information,
If the type is control data, the processing of control data is carried out by the main control module of private clound;
Address requests are transmitted to the cluster engine of private clound if the type is Transaction Information, by cluster engine into The processing of row Transaction Information.
Preferably, the processing that Transaction Information is carried out by cluster engine, further comprises:
Access request is forwarded to specific space instances by cluster engine, after carrying out issued transaction by specific space instances Return to cluster engine.
Preferably, it after the processing for completing Transaction Information, further includes:
Handling result is directly returned to mobile terminal by cluster engine.
Preferably, cluster engine maintenance addressing list, the addressing list include web application IDs, scheduling rule, Web application operation copy addresses and recent renewal time.
Preferably, the web application IDs are the web application IDs being deployed in space instances, and a web application is one corresponding Or multiple web application operations copies, and provide specific processing by web application operations copy.
Preferably, processing rule of the scheduling rule for task scheduling.
Preferably, used address when the web application operations copy address is addressing space exemplary application.
Preferably, nearest renewal time when the web application operations Replica updating time is space instances application.
The present invention compared with prior art, has the following advantages:
The present invention is proposed to the access method of shared storage information under a kind of cloud computing platform, by the baseset of cloud platform Group rings border carries out space instances, more fully using the system resource of cluster, solves the private clound institute using virtual machine The time-consuming problem brought.Both it ensure that private data was isolated with clustered node, and also ensured that private data was being had verified that using it Between isolation, ensure the safety of privately owned storage.
Description of the drawings
Fig. 1 is the flow chart of the access method to shared storage information under cloud computing platform according to embodiments of the present invention.
Specific embodiment
Retouching in detail to one or more embodiment of the invention is hereafter provided together with the attached drawing for illustrating the principle of the invention It states.The present invention is described with reference to such embodiment, but the present invention is not limited to any embodiments.The scope of the present invention is only by right Claim limits, and the present invention covers many replacements, modification and equivalent.Illustrate in the following description many details with Just it provides a thorough understanding of the present invention.These details are provided for exemplary purposes, and without in these details Some or all details can also realize the present invention according to claims.
An aspect of of the present present invention is provided under a kind of cloud computing platform to the access method of shared storage information.Fig. 1 is root According to the access method flow chart to sharing storage information under the cloud computing platform of the embodiment of the present invention.
The present invention sets task distributor in privately owned cloud computing system first, is connect with cluster engine and main control module, Task distributor is used to control data and the access distribution of Transaction Information and the Authority Verification of access request in privately owned cloud platform, Cluster engine is connect with group space instantiating unit;Main control module further comprises permission control node and management control section Point;
The access of control data and Transaction Information is distributed, is as follows:
1. being parsed to access address, the authentication information of access is got;
2. authentication information is passed to main control module, testing for authentication information is carried out by the permission control node of main control module Card, verification result return to task distributor.
3. if verification result fails, task distributor returns to failure information to mobile terminal;If verification result into Work(, then task distributor analysis access the type of data, analyze control data or Transaction Information;
4. if control data are then carried out the processing of control data by main control module;
5. if Address requests are then transmitted to cluster engine by Transaction Information, Transaction Information is carried out by cluster engine Reason;
Access request is forwarded to specific space instances by cluster engine, after carrying out issued transaction by specific space instances Cluster engine is returned to, handling result is returned to mobile terminal by cluster engine;
Cluster engine safeguards addressing list in memory, and the addressing list includes web application IDs, scheduling rule, web should With operation copy address and recent renewal time.Web application IDs are the web application IDs being deployed in space instances, and a web should With corresponding one or more web application operation copies, and provided by web application operations copy and specifically handled;Scheduling rule is The processing rule of task scheduling;Used address when web application operation copies address is addressing space exemplary application;Web should It it is renewal time nearest when space instances are applied with the operation Replica updating time;
Processing is as follows:
After the success of cluster engine start, cluster engine start success message is issued to main control module;
Group space instantiating unit intercepts cluster engine start success message, after receiving message, group space example Change the specifying information that unit timing sends the web application operation copies of the machine operation;
After cluster engine receives the message of group space instantiating unit, web application IDs, web application operations are parsed Copy address and port;
If had existed in the addressing list that the web application operation copy addresses are safeguarded in cluster engine memory, Update the recent renewal time of web application operation copies.
If be not present in the addressing list that the web application operation copy addresses are safeguarded in memory in cluster engine, A record is increased newly in the addressing list that colony dispatching is safeguarded in memory;
According to Address requests, cluster engine parses the web application IDs of access;It is set according to the web application IDs of access Scheduling rule, select suitable web application operations copy and handled;The web that access request is redirected to selection should With operation copy;
Web application operations replica processes are asked, and complete specific calling, and handling result will be called to return to cluster engine; Call result is returned into mobile terminal by cluster engine;
Cluster is carried out space instances by group space instantiating unit, and carries out pool volume to all space instances Row, records and safeguards the application run in current platform and web application operation copy lists, and main control module receives data information simultaneously Maintenance application and web application operation copies list, the monitoring and state for feeding back web application operation copies;
Wherein, group space instantiating unit is transmitted to after the control data for receiving main control module forwarding at response Reason, the control data include obtaining web list of application, structure web applications, delete web applications, update copy amount;
Operation is deployed in cloud cluster in group space instantiating unit, and operation is built according to the message content that server-side forwards Copy, deletion operation copy, the operating status for monitoring operation copy, meanwhile, the fresh information of back-to-back running copy, feedback place The resource status of cluster is run, is server-side processes acquisition web list of application, structure application, deletes and apply, update application Copy amount provides support.
It is as follows specifically, obtaining web list of application:
1. group space instantiating unit accesses database table and obtains application ID, application state, corresponding operation copy;
2. the unidirectional amount organization data of group space instantiation returns to mobile terminal;
Structure application is as follows:
1. group space instantiating unit sends the message of structure application resource request;
2. group space instantiating unit intercepts the message, the operation number of copies that this cluster can be built is obtained by calculation Amount;
3. setting time-out time, the Response List in the range of certain time is obtained, according to the operation number of copies that can be built, Proportionally distribute the number of copies for asking structure to each clustered node;Wherein, the operation pair that can be built for clustered node distribution This number is as follows:
I, record is every time to the structure number of copies of clustered node distribution;
Ii, if the sum of number of copies having been built up add will distribute that operation number of copies summation is more than to clustered node should The operation number of copies built with needs, then the number of copies to clustered node distribution structure is equal to applies using the web for needing to build Operation number of copies subtracts the number of copies of the allocated structure.
4. the web application operation number of copies for needing to build is sent to the clustered node specified;
5. clustered node obtains image file structure operation copy, structure notice server end, and in cluster tune after the completion The access path of web application operation copies is registered in degree;
6. information in record tables of data is changed according to feedback, after the completion of the required operation number of copies of application is all built, The state of modification application is starts.
Wherein, application is deleted to be as follows:
1. space instances engine analysis goes out the web application IDs to be deleted;
2. space instances engine sends the message for deleting application;
Whether 3. clustered node intercepts the message for deleting application, receiving the cluster where judging itself after message has and should answer Operation copy, if the not operation copy of the application, terminates;If there is the operation copy of the application, deleting should answer Operation copy.
Wherein, update web application operation copy amounts are as follows:
1. space instances engine calculate web application IDs, the operation copy amount of change, change operation type (increase or Person is reduced);
2. if action type is to increase operation copy, build using copy;
3. if action type is to reduce operation copy, concrete operations are as follows:
I, current operation copy list is obtained from record sheet;
Ii, the operation copy to be deleted is randomly choosed out;
Iii, transmission will delete the message of web application operation copies;
Iv, space instances engine cluster node intercept the message, and receiving the cluster where judging itself after message is It is no to have the operation copy, if the not operation copy, without any operation;If there is the operation copy, the operation is deleted Copy.
Wherein, during the access request that cloud platform is collected into is dispatched to the target clustered node of cloud platform, first The service performance of current whole clustered nodes is calculated according to the fitness function of evaluation performance cluster, according to terminal request Affairs amount carries out condition filter to the clustered node inside cloud platform, and clustered node remaining space amount is more than access request set The clustered node of gross space amount form a set, which is to the constraint of the entirety of cloud platform.By k in clustered node set Platform clustered node is abstracted into k cluster point and is clustered respectively with clustered nodes whole in cloud platform, according to clustered node Two spaces amount attribute computing cluster node between similarity, a threshold value is then given by similarity, by clustered node Between clustered node of the similarity in threshold value be added to a new set.When the element in set no longer changes, this A set is exactly the final result clustered.Finally, by the clustered node in pending transaction scheduling to final set.
1:Assuming that forming a set H by n platform clustered nodes, whole clustered nodes are carried out with a constraints limitation, By the remaining space amount L of clustered nodeiAs module, LiIt is defined as follows:
Li=α Lc+βLm
Wherein alpha+beta=1
LcIt is measured for web application spaces;LmTo have verified that application space is measured;α and β is respectively the two weight, and the determining of value is adopted Learn to obtain with BP neural network, according to the fitness function of performance cluster, obtain clustered node in entire private clound Properties monitoring data calculates the remaining space amount of n platforms clustered node in current cloud platform.Binding occurrence is defined as:It is special The gross space amount of the access request set received in section of fixing time, i.e.,:
Wherein, LR is expressed as the gross space amount of access request set,It is expressed as i-th of affairs in access request set Amount of space.An empty set Φ is defined, the gross space amount LR of access request set is calculated, works as Li>During LR, by i clustered nodes It is dispatched in set Φ, otherwise continually looks for, when the set Φ that n platforms clustered node and binding occurrence relatively obtain after the completion, set Φ={ s1,s2,s3....,sm, as cluster set a little, m < n.
Step 2:The performance number of each clustered node is obtained according to the fitness function of performance cluster, by and constraint The relatively good clustered node of performance is dispatched in set Φ by the restriction of value.If Φ={ s1,s2,s3....,smCollect for m The set of group node composition carries out descending sort, it is assumed that s to the web application spaces residue of the clustered node in set ΦjFor The remaining maximum clustered node in web application spaces, by sjAs cluster point, then the formula for calculating similarity is:
s(si,sj)=1/d (si,sj)
For k-th of attribute of clustered node j, the similarity s between clustered node j and clustered node i is thus calculated (si,sj):
Step 3:With sjTo cluster point, s is calculatedjWith the similarity value between element each in set H.It is given according to similarity If similarity is more than threshold value U, which is added in new set Φ ' by a fixed threshold value U.Then set Φ is according to cluster The remaining descending of modal processor selects cluster point successively, calculates the similarity with element in set H respectively, and threshold value is more than U Element be dispatched in set Φ ', when element no longer changes in the set Φ ', then iteration terminates, and set Φ ' is final gathers Class is as a result, i.e. Φ '={ s1', s2'...sq', wherein q < m < n.
Step 4:The access request of reception is dispatched to the clustered node in set Φ ', then the cluster section in set Φ ' The affairs set of point processing request, user is returned result to after the completion of processing.The clustered node beginning director from set Φ ' It is engaged in processing completing, using the access request number received in this period as next time pending affairs.
The permission control node of the main control module allows web to apply by calling management interface to having verified that using sending The privately owned access request of data.For credible performing environment is enable to be carried out in web application transmission data access requests to its process Safety detection, permission control node provide the finger print information of web applications as test criterion, and specific implementation step is:
(1) web application binary fileinfos are read, obtain code segment size Sizecode
HASH operations are carried out to web application code sections binary message using HASH algorithms, generate code segment HASH values Hcode=Hash (Code), wherein Code represent web application code sections;
By code segment size SizecodeWith code segment HASH values HcodeFinger print information Fpr as web applicationsapp= (Sizecode||Hcode);
(2) using the finger print information Fpr of credible license signature web applicationsapp, generation finger print information signature Sgapp=Sg (Sizecode||Hcode);
(3) finger print information is signed SgappIt stores and has verified that in the particular piece of data of application.It is described to have verified that application is Receive the request of web application data access has verified that application.
When web is applied to when having verified that using transmission data access request, the process exception that clustered node applies web is believed Breath is sent to the credible isolated area monitoring process of credible performing environment;Credible isolated area monitoring process captures process exception information Afterwards, the process exception information of web applications is detected, specific implementation step is as follows:
(1) obtain web application process exception information (including interface call data address, process code segment base address, into Range code section size and have verified that application ID), and according to having verified that application ID from the corresponding particular piece of data for having verified that application Load web employing fingerprint Information Signature Sgapp
(2) HASH is carried out to the code segment data between process code section size to proceeding internal memory address using HASH algorithms Operation calculates the code segment HASH values H' of web application processescode=Hash (Code) obtains the process finger print information of web applications Fpr'app=(CodeSize||H'code);Wherein Code table shows the code segment of web application processes;
(3) using credible license public key to finger print information signature SgappIt is verified, obtains the finger print information of web applications Fprapp=(Sizecode||Hcode);
(4) compare finger print information FprappAnd Fpr'appIt is whether equal.If equal, judge that current web application process is Legal, and will detection Status Flag position 1;Otherwise judgement current web application process is illegal, then will detect Status Flag Position 0;
Wherein whether detection state flag bit represents current web application process by safety detection, if detection flag bit It is 1, then it represents that pass through detection;Otherwise it represents not passing through detection.
After safety detection is completed, following permission control node, which is realized, applies data processing and key management, further Including:
A) have verified that, using the far call for initiating data storage operations, required parameter includes having verified that application ID, treat The private data Data of processingpvWith cryptographic algorithm Typeen
B) it receives after having verified that the data access request of application, state flag bit is detected by judgement to determine remotely to adjust With whether being handled by receiving.If it is 0 to detect state flag bit, refuse far call;If it is 1 to detect state flag bit, Then handle far call;
C) safety detection is by rear, according to cryptographic algorithm TypeenInitiate key generation request;
D) after receiving key generation request, first according to cryptographic algorithm TypeenCall key generator generation symmetric cryptography Random key KEY=KeyGenerator (the IDType of algorithmen);
Secondly loading has verified that the license public key PK of applicationpyTo cryptographic algorithm TypeenIt is encrypted with random key KEY, generation Encrypted data EPKpy=RSA (PKpy, (ID | | KEY));
Then loading has verified that the license private key PPK of applicationpyTo encrypted data EPKpySignature generates key signature Data SPKpy=Sg (PPKpy, EPKpy);
Finally to have verified that application ID is index by encrypted data EPKpyWith key signature data SPKpyAccording to specific In organizational form storage to the nonvolatile memory in credible performing environment, and return to the random key KEY of generation.
Wherein, KeyGenerator is Symmetric key generation device algorithm;RSA is public key encryption algorithm;Sg is public key signature Algorithm;
E) after key is successfully generated, according to cryptographic algorithm TypeenCall corresponding symmetric password encryption algorithm and use with Secret key KEY is to private data DatapvIt is encrypted, generation encryption data EDatapv=SymEn (KEY, Datapv);
Secondly using HASH algorithms to computing with encrypted data HASH values HDatapv=Hash (EDatapv);
Then using the license private key PPK for having verified that applicationpyIt signs to HASH values, generation signed data SDatapv=Sg (PPKpy, HDatapv);
Final data processing module 103 is to have verified that application ID is index by encryption data EDatapvAnd signed data SDatapvAccording to the storage of specific organizational form on the nonvolatile memory in credible performing environment, and to having verified that application Returned data storage result.
Wherein, SymEn is symmetric encipherment algorithm;Sg is public key signature algorithm.
The permission control node of the main control module also controls the authentication information of access address to verify, provides management interface, Including obtaining web list of application, structure application, deleting application, update web application operation copy amounts, it is as follows:
Main control module maintenance application authentication information table, the weight discriminating information table include web application IDs and authentication information;
Receive authentication information;The authentication information includes following features:128 bit lengths, have uniqueness, correspond to unique Using having time response, have verifying function to authentication information;
Corresponding weight discriminating information has been looked for whether in weight discriminating information table;
If finding the authentication information of application, return successfully;If not finding the authentication information of application, failure is returned;
Parse address required parameter, the interface of analysis operation;If action type obtains web list of application, structure is applied, Application, update web application operation copy amounts are deleted, then Address requests are forwarded to group space instantiation engine;
Group space instantiation engine is specifically operated, and handling result is fed back to the management control of master controller Node;
Call result is returned into mobile terminal by master controller.
In addition, if finding that the operating status of application and preset state are inconsistent, then space instances unit is notified to carry out Processing, step are as follows:
Start two threads, intercepting thread intercepts the new information of space instances engine publication, and for that will update letter Breath message is stored in key-value pair system, it is found that thread the preset state of application and operating status is compared, and notify space Instantiate engine processing state difference;
Intercepting thread intercepts messaging bus always, after receiving fresh information message, analyzes web application IDs, web applications The state of copy access address, web application operation copies is run, is stored in the form of key-value pair in key-value pair system;
It was found that thread timing obtains the preset state of current application and preset operation copy from space instances engine, and The actual motion state for obtaining current application from key-value pair system simultaneously is compared, and judges the difference with preset state, And notify that space instances engine is handled, it is as follows:
It was found that thread timing is obtained from key-value pair system using actual motion state, each operating status got Moment is as a snapshot;
Record applies nearest N number of snapshot of actual motion state, and N number of snapshot is compared, if N number of snapshot state It is inconsistent, it is judged as that current network is unstable or is carrying out failure transfer and causes, in this case without processing;
If N number of snapshot state is consistent, start to judge whether are web application operations copy actual motion state and preset state Unanimously, after the completion of judgement, judge whether the copy amount of application is consistent with preset quantity.
Wherein, it is described to check operation copy actual motion state and whether preset state is consistent is as follows:
The web application operation copy lists that i is provided according to space instances engine, one by one with recorded in key-value pair system into Row compares, if the operation copy state of the two record is inconsistent, calls the management interface completion status of space instances engine Change;
Ii only compares the web application operation copies in operation and halted state, to be in the application of intermediate state not into Row processing;
Situation 1:Transcript in space instances engine does not have in key-value pair system, finds thread notice space Instantiate engine newly one copy of structure;
Situation 2:Transcript state in key-value pair system is inconsistent in space instances engine, finds thread notice Space instances engine changes copy state;
Situation 3:It is not recorded in space instances engine, but has fresh information in key-value pair system, find thread notice Space instances engine removes the copy;
Whether the copy amount for judging application is consistent with preset quantity to be as follows:
I obtains the desired value of the application operation quantity recorded in space instances unit and the pair of key-value pair system record This fresh information quantity is compared;
Ii only compares the application in operation and halted state, other states are not handled.
The two is compared existing possible situation and includes:
Situation 1:If space instances engine transcript preset quantity is more than key-value pair system transcript number Amount, notice space instances engine reduce operation copy;
Situation 2:If space instances engine transcript preset quantity is less than key-value pair system transcript number Amount, notice space instances engine increase operation copy.
After the verification label generation of application operation copy data, for each copy RjEstablish Hash tree TREEj, TREEjLeaf Child node is orderly vectorial HASH value sets { h (H (r in major keyij)), tree root hRj
Utilize the root node HASH values { h of all copy Hash tree TREERj1≤j≤m generation signatures Sg1=(IDR|hR)α。 The verification tag set of same data copy is collectively stored in cloud with application operation copy Hash tree with application operation copy data In middle same cluster node.
Web applications simultaneously send out clustered node data copy sample request, carry out integrity verification.The stream of sample examination Journey includes:
(1) trusted third party's verification node of web applications commission determines number of vectors c, 1≤c≤N to be sampled and random Generate permutation function πkeyThe key k of ()1With random mapping function ψkeyThe key k of ()2.Verify node using it is identical with Machine permutation function and random mapping function, and according to identical key k1, k2Generation challenge value set C={ (i, vi), C is represented The vectorial key value i ∈ [1, N] verified and corresponding random value vi.Wherein { i }=πkey(k) 1≤k≤c, { vi }=ψkey(k)1≤k≤c.Verify node by sample information (C, k1, k2) it is sent to clustered node.
(2) after clustered node receives the sample information that verification node is sent out, experimental evidence P is generated to prove each cluster section It has put correct and has stored the copy data that web is applied.Generation experimental evidence P=σ, μ,<H(r)ij), Iij>(i, *) ∈ C, 1≤j≤m, S }, Wherein:
1. σ is the aggregate label value of vector of samples, σ=Π(i, vi) ∈ Cσi viLabel aggregation value is verified for sampling copy vector, Wherein σij∈[1,m]σij, the aggregate label of the homomorphism label of multiple data copies for the same vector of correspondence, σ ∈ G;
2. μ is the verification information for the sample data vectors for being able to demonstrate that clustered node storage web applications, applied for web All data copy μ={ μj}1≤j≤m, wherein vector data calculating process is μ in each copyj=∑(i, vi) ∈ Cvi·rij
③IijAuxiliary to correspond to each data copy vector of samples on Hash tree TREE verifies routing information, information note All brotgher of node information from TREE root node to sample data vectors on corresponding leaf node path and position are recorded Confidence ceases.
(3) after verification node receives the validation value P of clustered node return, the correctness of P is verified:
1. basis<H(r)ij), Iij>(i, *) ∈ C, 1≤j≤mWith application operation copy number information, V=ID is reconstructedR|hR
2. determining whether the information of check value that web applications return is correct, check whether equation is true:
E () is bilinear map, if the verification passes, then returns to true, otherwise returns to false.
In conclusion the present invention is proposed under a kind of cloud computing platform to the access method of shared storage information, cloud is put down The basic cluster environment of platform carries out space instances, more fully using the system resource of cluster, solves and utilizes virtual machine Private clound caused by take problem.Both it ensure that private data was isolated with clustered node, and also ensured private data Isolation between verification application, ensures the safety of privately owned storage.
It obviously, can be with general it should be appreciated by those skilled in the art each module or each step of, the above-mentioned present invention Computing system realize that they can concentrate in single computing system or be distributed in multiple computing systems and be formed Network on, optionally, they can be realized with the program code that computing system can perform, it is thus possible to which they are stored It is performed within the storage system by computing system.It to be combined in this way, the present invention is not limited to any specific hardware and softwares.
It should be understood that the above-mentioned specific embodiment of the present invention is used only for exemplary illustration or explains the present invention's Principle, without being construed as limiting the invention.Therefore, that is done without departing from the spirit and scope of the present invention is any Modification, equivalent replacement, improvement etc., should all be included in the protection scope of the present invention.In addition, appended claims purport of the present invention Covering the whole variations fallen into scope and boundary or this range and the equivalent form on boundary and repairing Change example.

Claims (8)

1. to the access method of shared storage information under a kind of cloud computing platform, which is characterized in that including:
Terminal access address is parsed, obtains the authentication information of access;
The type of access data is judged according to the authentication information,
If the type is control data, the processing of control data is carried out by the main control module of private clound;
Address requests are transmitted to the cluster engine of private clound if the type is Transaction Information, by cluster engine into behaviour The processing for data of being engaged in.
2. according to the method described in claim 1, it is characterized in that, it is described by cluster engine carry out Transaction Information processing, into One step includes:
Access request is forwarded to specific space instances by cluster engine, is returned after carrying out issued transaction by specific space instances Give cluster engine.
3. according to the method described in claim 1, it is characterized in that, after the processing for completing Transaction Information, further include:
Handling result is directly returned to mobile terminal by cluster engine.
4. according to the method described in claim 1, it is characterized in that, the cluster engine maintenance addresses list, the addressed column Table includes web application IDs, scheduling rule, web application operation copy addresses and recent renewal time.
5. according to the method described in claim 4, it is characterized in that, the web application IDs are the web being deployed in space instances Application ID, a corresponding one or more web application operation copy of web applications, and provided specifically by web application operations copy Processing.
6. according to the method described in claim 4, it is characterized in that, processing rule of the scheduling rule for task scheduling.
7. according to the method described in claim 4, it is characterized in that, the web application operations copy address is addressing space reality Used address during example application.
8. according to the method described in claim 4, it is characterized in that, the web application operations Replica updating time is space reality Nearest renewal time during example application.
CN201810061041.XA 2018-01-22 2018-01-22 Method for accessing shared storage information under cloud computing platform Active CN108156175B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810061041.XA CN108156175B (en) 2018-01-22 2018-01-22 Method for accessing shared storage information under cloud computing platform

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810061041.XA CN108156175B (en) 2018-01-22 2018-01-22 Method for accessing shared storage information under cloud computing platform

Publications (2)

Publication Number Publication Date
CN108156175A true CN108156175A (en) 2018-06-12
CN108156175B CN108156175B (en) 2021-05-14

Family

ID=62461838

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810061041.XA Active CN108156175B (en) 2018-01-22 2018-01-22 Method for accessing shared storage information under cloud computing platform

Country Status (1)

Country Link
CN (1) CN108156175B (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109918907A (en) * 2019-01-30 2019-06-21 国家计算机网络与信息安全管理中心 Linux platform proceeding internal memory malicious code evidence collecting method, controller and medium
CN111324588A (en) * 2018-12-17 2020-06-23 中兴通讯股份有限公司 File sharing method and device
CN111953637A (en) * 2019-05-16 2020-11-17 阿里巴巴集团控股有限公司 Application service method and device
CN112888915A (en) * 2018-08-31 2021-06-01 伟摩有限责任公司 Verifying a road intersection
CN113419671A (en) * 2021-05-20 2021-09-21 佛山市禅城区政务服务数据管理局 Personal data space access control method and system
CN117097568A (en) * 2023-10-19 2023-11-21 睿至科技集团有限公司 Cloud platform and data management method thereof

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102202102A (en) * 2011-07-05 2011-09-28 施昊 Network service polymerization system and polymerization method thereof based on cloud computing configuration
CN102831156A (en) * 2012-06-29 2012-12-19 浙江大学 Distributed transaction processing method on cloud computing platform
CN104219318A (en) * 2014-09-15 2014-12-17 北京联创信安科技有限公司 Distributed file storage system and method thereof
CN104767813A (en) * 2015-04-08 2015-07-08 江苏国盾科技实业有限责任公司 Public bank big data service platform based on openstack
CN104901799A (en) * 2014-03-04 2015-09-09 中兴通讯股份有限公司 Method and device for achieving SDN certificate resource configuration
CN105282043A (en) * 2014-06-20 2016-01-27 中国电信股份有限公司 Global network load balancing system, device and method
CN106569895A (en) * 2016-10-24 2017-04-19 华南理工大学 Construction method of multi-tenant big data platform based on container
US20170142113A1 (en) * 2015-11-12 2017-05-18 Hubstor Inc. Methods and systems relating to network based storage
CN107426034A (en) * 2017-08-18 2017-12-01 国网山东省电力公司信息通信公司 A kind of extensive container scheduling system and method based on cloud platform

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102202102A (en) * 2011-07-05 2011-09-28 施昊 Network service polymerization system and polymerization method thereof based on cloud computing configuration
CN102831156A (en) * 2012-06-29 2012-12-19 浙江大学 Distributed transaction processing method on cloud computing platform
CN104901799A (en) * 2014-03-04 2015-09-09 中兴通讯股份有限公司 Method and device for achieving SDN certificate resource configuration
CN105282043A (en) * 2014-06-20 2016-01-27 中国电信股份有限公司 Global network load balancing system, device and method
CN104219318A (en) * 2014-09-15 2014-12-17 北京联创信安科技有限公司 Distributed file storage system and method thereof
CN104767813A (en) * 2015-04-08 2015-07-08 江苏国盾科技实业有限责任公司 Public bank big data service platform based on openstack
US20170142113A1 (en) * 2015-11-12 2017-05-18 Hubstor Inc. Methods and systems relating to network based storage
CN106569895A (en) * 2016-10-24 2017-04-19 华南理工大学 Construction method of multi-tenant big data platform based on container
CN107426034A (en) * 2017-08-18 2017-12-01 国网山东省电力公司信息通信公司 A kind of extensive container scheduling system and method based on cloud platform

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112888915A (en) * 2018-08-31 2021-06-01 伟摩有限责任公司 Verifying a road intersection
CN111324588A (en) * 2018-12-17 2020-06-23 中兴通讯股份有限公司 File sharing method and device
CN109918907A (en) * 2019-01-30 2019-06-21 国家计算机网络与信息安全管理中心 Linux platform proceeding internal memory malicious code evidence collecting method, controller and medium
CN111953637A (en) * 2019-05-16 2020-11-17 阿里巴巴集团控股有限公司 Application service method and device
CN111953637B (en) * 2019-05-16 2022-08-26 阿里巴巴集团控股有限公司 Application service method and device
CN113419671A (en) * 2021-05-20 2021-09-21 佛山市禅城区政务服务数据管理局 Personal data space access control method and system
CN113419671B (en) * 2021-05-20 2022-02-18 佛山市禅城区政务服务数据管理局 Personal data space access control method
CN117097568A (en) * 2023-10-19 2023-11-21 睿至科技集团有限公司 Cloud platform and data management method thereof
CN117097568B (en) * 2023-10-19 2024-01-26 睿至科技集团有限公司 Cloud platform and data management method thereof

Also Published As

Publication number Publication date
CN108156175B (en) 2021-05-14

Similar Documents

Publication Publication Date Title
CN108156175A (en) To the access method of shared storage information under cloud computing platform
JP6703539B2 (en) Device verification method and device
JP5522307B2 (en) System and method for remote maintenance of client systems in electronic networks using software testing with virtual machines
US7487348B2 (en) System for authenticating and screening grid jobs on a computing grid
US11658982B2 (en) Efficient authentication in a file system with multiple security groups
US11121876B2 (en) Distributed access control
CN114363352B (en) Cross-chain interaction method of Internet of things system based on block chain
CN110290150A (en) A kind of login validation method and login authentication device of Virtual Private Network VPN
CN108600149A (en) Cloud computing high availability cluster method for managing resource
US10158623B2 (en) Data theft deterrence
CN113922975B (en) Security control method, server, terminal, system and storage medium
CN106529216B (en) Software authorization system and software authorization method based on public storage platform
CN116260595B (en) Cloud password detection method and system
CN108270865A (en) The job scheduling method of high-performance cloud computing platform
JP3756397B2 (en) ACCESS CONTROL METHOD, ACCESS CONTROL DEVICE, AND RECORDING MEDIUM
CN116170199A (en) Equipment access verification system based on gateway of Internet of things
CN1760914A (en) Network gridding service system of national geolopy spatial data
CN107770200A (en) A kind of storage system process access safety guard method and system
CN110572371B (en) Identity uniqueness check control method based on HTML5 local storage mechanism
Konoplev et al. Access control method in distributed grid computing networks
CN111917801A (en) Petri network-based user behavior authentication method in private cloud environment
CN112765588A (en) Identity recognition method and device, electronic equipment and storage medium
CN112118290A (en) Program analysis-based data resource management and control method
KR102521684B1 (en) metaverse platform system of transactions authentication associated with biometrics certification
CN117040930B (en) Resource processing method, device, product, equipment and medium of block chain network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20210428

Address after: 3 / F, Sunshine Golf building, 7008 Shennan Avenue, Futian District, Shenzhen, Guangdong 518000

Applicant after: China Securities PENGYUAN credit rating Co.,Ltd.

Address before: 610000 Sichuan city of Chengdu province high tech Zone Kyrgyzstan Road No. 666 Building 2 floor 13 No. 2

Applicant before: CHENGDU HUIZHI YUANJING TECHNOLOGY Co.,Ltd.

GR01 Patent grant
GR01 Patent grant