KR20140088962A - System and method for storing data in a cloud environment - Google Patents
System and method for storing data in a cloud environment Download PDFInfo
- Publication number
- KR20140088962A KR20140088962A KR1020120158096A KR20120158096A KR20140088962A KR 20140088962 A KR20140088962 A KR 20140088962A KR 1020120158096 A KR1020120158096 A KR 1020120158096A KR 20120158096 A KR20120158096 A KR 20120158096A KR 20140088962 A KR20140088962 A KR 20140088962A
- Authority
- KR
- South Korea
- Prior art keywords
- data
- original data
- metadata
- fragmented
- information
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Storage Device Security (AREA)
Abstract
Description
The present invention relates to a data storage system and method in a cloud environment, and more particularly, to a data storage system and method in a cloud environment capable of safely and efficiently protecting data stored in a cloud server in a cloud computing environment .
The existing computing environment, which relies on the independent hardware performance of each terminal according to the technological development of the computer network, is a form of cloud computing in which the service is provided according to the request of the terminal utilizing all the computing resources on the network It is evolving.
Cloud computing services can be defined as 'on-demand outsourcing services of computing resources' through information networks such as the Internet. In a cloud computing environment, service providers consolidate data centers distributed across multiple locations into virtualization technologies to provide services that users need. Service users are not required to install and use necessary computing resources such as application, storage, operating system, OS, and security in each user's own terminal, The service in the virtual space can be selected and used as desired. The user does not pay for the purchase of each computing resource, but instead pays the price based on usage.
According to the cloud computing service, users can access a cloud network through a terminal that performs network connection and basic computation functions at any place, perform tasks requiring a large-capacity storage device and a high-performance computing resource, and provide advanced services There is an advantage to receive.
However, in the cloud computing environment, due to its technical characteristics, the user's data is often stored in the cloud server instead of the local computer. In this case, it is also true that the stored user's personal data is leaked by a malicious attacker, which causes a lot of damage.
The present invention has been made to solve the above problems and it is an object of the present invention to provide a data storage system and method in a cloud environment that can safely and efficiently protect data stored in a cloud server in a cloud computing environment.
According to an aspect of the present invention, there is provided a method of dividing source data into a plurality of fragmented files based on file size, distributing and storing each fragmented file, and extracting metadata including information on the original data and position information of the fragmented file And encrypting the encrypted data.
Preferably, the data dividing unit divides the original data to be stored in the system into a plurality of fragmented files on a file size basis; An original data storage unit in which divided original data is divided and stored for each piece and a storage space is divided on the basis of a file size; A metadata generation unit for generating metadata including information on the original data and location information of the fragmented file; And a metadata storage unit for storing the metadata generated by the metadata generation unit. And a control unit.
Preferably, the hash table records and manages the hash information for data retrieval with respect to the metadata. Further comprising:
According to another aspect of the present invention, there is provided a method of dividing original data into a plurality of fragmented files on the basis of file size, distributing and storing the fragmented files, extracting metadata including information on original data, And encrypting the encrypted data.
Preferably, the data input step of receiving the original data; A data dividing step of dividing original data to be stored in a system among a plurality of pieces of input data into a plurality of fragmented files on the basis of a file size; An original data storage step of distributing fragmented files of fragmented original data on a file size basis; A location information encryption step of encrypting the fragmented file location of the distributed original data; And a metadata generation step of generating and storing metadata including information on the original data and location information of the fragmented file, And a control unit.
The method may further include: a hash table creation step of, after the metadata creation step, recording and managing hash information for data retrieval of metadata; Is further included.
Preferably, the step of checking the storage area and the position of the original data storage unit before the original data storage step is further included.
According to the present invention, even if a malicious attacker approaches a data stored in a cloud server in a cloud computing environment, the data can not be accessed.
In particular, the feature of the present invention is not to encrypt the file itself to be stored, but to save only the contents of the file location information, thereby shortening the time required for the encryption. This will perform better in large data environments where large files such as images and images are used.
In addition, by dividing and distributing the contents of a file, it is possible to apply a technique of reading and writing in parallel, thereby improving the speed of file access. The present invention can be virtualized so that it can be implemented in the upper layer regardless of the file system used in the operating system. It is also possible to build a direct file system in the form of the invention at the cloud operating system level.
1 is a block diagram for explaining a data storage system in a cloud environment according to the present invention;
2 is a flowchart illustrating a method of storing data in a cloud environment according to the present invention.
3 is a diagram for explaining a process of dividing and storing original data according to the present invention;
4 is a view showing an example of metadata according to the present invention;
5 is a diagram for explaining a hash table connection process according to the present invention.
Hereinafter, a data storage system and method in a cloud environment according to the present invention will be described in detail with reference to the accompanying drawings.
First, a block diagram of a data storage system in a cloud environment according to the present invention is shown in FIG.
Referring to FIG. 1, a data storage system according to the present invention includes a data input /
Next, FIG. 2 is a flowchart illustrating a method of storing data in a cloud environment according to the present invention.
Referring to FIG. 2, a method of storing data according to the present invention includes a data input step (S10) of receiving data input from a user computer in a cloud computing environment, a step of inputting a file size (S12) of dividing the fragmented original data into a plurality of fragments on the basis of the original data, a original data storing step (S14) (S20) of generating and storing metadata using information on the original data and the location information of the fragmented file, and a step (S20) of searching for metadata And a hash table creation step (S22) for managing the hash information recording and management.
Here, the location information encrypting step and the metadata generating step in steps S18 and S20 may be performed prior to the divided storage of the original data.
In step S14, prior to the original data storage step, the checking of the storable area and the position of the original data storage unit 40 may be performed.
The process of dividing and storing original data will now be described with reference to FIG.
Referring to FIG. 3, at the time of data storage, original data is divided into several pieces of a predetermined size and stored in different areas.
For example, in the data storage system, the original data file of 3.3 KByte size is divided into three fragmented files (A, B, and C) in 1 KByte units and one fragmented file (D) of 300 bytes in size And stores the four pieces of fragmented files A, B, C, and D in different areas of the original data storage unit 40. Each piece file at the time of storage will have a different storage space according to the file size as illustrated in FIG.
Here, since the original data is divided into several pieces and stored, it is necessary to separately write information about each storage location.
FIG. 4 is a data structure of metadata (storeInfoEntry) indicating information about the size and position of the original data. This metadata (storeInfoEntry) data structure is meta information about original data and contains all information about actual data storage.
In the data structure contents, the "keyed_digest" member has a digest value indicating that the metadata (storeInfoEntry) information itself is unchanged and is defect-free. The location information (data_location) of each piece of important information is encrypted and stored. The key used for encryption uses a key previously shared in the user authentication process. At this time, this encryption can be selected and applied among various public key sharing methods. The metadata (storeInfoEntry) may further include combining information for combining pieces of fragmented files.
When a user tries to save a file called / home / green / test / img1, the system first creates a metadata (storeInfoEntry) data structure for this file and writes the necessary information. The data storage location, which is important information, is divided into a certain size according to the size of the file and the location information is encrypted. At this time, the encryption key can use the shared key in the user login (authentication) process. Finally, the final metadata is stored in the storeInfoEntry data structure by message digest with the shared key. This will complete the metadata (storeInfoEntry) data structure.
5, the / home / green / test / img1 file is hashed using a user account, an account creation time, a file name, and the like, and is linked to a hash table, (storeInfoEntry) It is possible to increase the speed of retrieving data information from the system.
As described above, an optimal embodiment has been disclosed in the drawings and specification. Although specific terms have been employed herein, they are used for purposes of illustration only and are not intended to limit the scope of the invention as defined in the claims or the claims. Therefore, those skilled in the art will appreciate that various modifications and equivalent embodiments are possible without departing from the scope of the present invention. Accordingly, the true scope of the present invention should be determined by the technical idea of the appended claims.
10: Data input / output unit 20: Control unit
30: Data division unit 40: Original data storage unit
50: Metadata generation unit 60: Metadata storage unit
70: hash table
Claims (7)
A data division unit for dividing the original data to be stored in the system into a plurality of fragmented files on the basis of a file size;
An original data storage unit in which divided original data is divided and stored for each piece and a storage space is divided on the basis of a file size;
A metadata generating unit for generating metadata including information on the original data and location information of the fragmented file; And
A metadata storage unit for storing the metadata generated by the metadata generation unit; The data storage system comprising:
A hash table for recording and managing hash information for data retrieval with respect to the metadata; The data storage system further comprising:
A data input step of receiving original data;
A data dividing step of dividing original data to be stored in a system among a plurality of pieces of input data into a plurality of fragmented files on the basis of a file size;
An original data storage step of distributing fragmented files of fragmented original data on a file size basis;
A location information encryption step of encrypting the fragmented file location of the distributed original data; And
A metadata generation step of generating and storing metadata including information on the original data and position information of the fragmented file; And storing the data.
After the metadata generation step,
A hash table creation step of recording and managing hash information for data retrieval with respect to the metadata; Further comprising the steps < RTI ID = 0.0 > of: < / RTI >
Before the original data storage step,
And a checking step of a storage area and a position of the original data storage unit.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020120158096A KR20140088962A (en) | 2012-12-31 | 2012-12-31 | System and method for storing data in a cloud environment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020120158096A KR20140088962A (en) | 2012-12-31 | 2012-12-31 | System and method for storing data in a cloud environment |
Publications (1)
Publication Number | Publication Date |
---|---|
KR20140088962A true KR20140088962A (en) | 2014-07-14 |
Family
ID=51737266
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020120158096A KR20140088962A (en) | 2012-12-31 | 2012-12-31 | System and method for storing data in a cloud environment |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR20140088962A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101675134B1 (en) * | 2015-05-08 | 2016-11-22 | 김의준 | Data storage system and method for storing information distributed |
CN113378202A (en) * | 2021-06-29 | 2021-09-10 | 湖南盈聚信息技术有限公司 | Multi-dimensional data security storage system based on big data |
KR20220074199A (en) * | 2020-11-27 | 2022-06-03 | 주식회사 테르텐 | Computer program for dividing original file into multiple pieces, encrypting divided files and restoring original file by decrypting encrypted files, and method thereof |
-
2012
- 2012-12-31 KR KR1020120158096A patent/KR20140088962A/en not_active Application Discontinuation
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101675134B1 (en) * | 2015-05-08 | 2016-11-22 | 김의준 | Data storage system and method for storing information distributed |
KR20220074199A (en) * | 2020-11-27 | 2022-06-03 | 주식회사 테르텐 | Computer program for dividing original file into multiple pieces, encrypting divided files and restoring original file by decrypting encrypted files, and method thereof |
CN113378202A (en) * | 2021-06-29 | 2021-09-10 | 湖南盈聚信息技术有限公司 | Multi-dimensional data security storage system based on big data |
CN113378202B (en) * | 2021-06-29 | 2022-05-03 | 湖南盈聚信息技术有限公司 | Multi-dimensional data security storage system based on big data |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9077541B2 (en) | Methods and systems for storage of large data objects | |
US9262643B2 (en) | Encrypting files within a cloud computing environment | |
CN102075542B (en) | Cloud computing data security supporting platform | |
US8914632B1 (en) | Use of access control lists in the automated management of encryption keys | |
US9749132B1 (en) | System and method for secure deletion of data | |
US20140019498A1 (en) | System, method and computer readable medium for file management | |
US20140019497A1 (en) | Modification of files within a cloud computing environment | |
US11489660B2 (en) | Re-encrypting data on a hash chain | |
JP2022520703A (en) | Creating and running a secure container | |
US20160078244A1 (en) | Secured file system management | |
US9639708B2 (en) | Methods and systems of encrypting file system directories | |
US9514325B2 (en) | Secured file system management | |
US10536276B2 (en) | Associating identical fields encrypted with different keys | |
US20150205973A1 (en) | Method and apparatus for providing data sharing | |
TWI786373B (en) | Computer implement method, computer system and computer program product of secure execution guest owner controls for secure interface control | |
KR20140088962A (en) | System and method for storing data in a cloud environment | |
CN108920971A (en) | The method of data encryption, the method for verification, the device of encryption and verification device | |
US11277262B2 (en) | System generated data set encryption key | |
EP4304156A2 (en) | Virtualization for privacy control | |
US11165760B2 (en) | Increasing security of objects in cloud environments by using a two-part encryption scheme | |
KR101469803B1 (en) | Security Apparatus for Data, Terminal having the Same and Security Method for Data, and Computer Readable Record Medium | |
Dinesh et al. | Dynamic auditing and deduplication with secure data deletion in Cloud | |
US20130036474A1 (en) | Method and Apparatus for Secure Data Representation Allowing Efficient Collection, Search and Retrieval | |
CN105512575A (en) | Cloud platform virtual disk encryption method and system | |
Zhou et al. | A secure virtual data center based on data labeled cloud-agent |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WITN | Withdrawal due to no request for examination |