KR20140088962A - System and method for storing data in a cloud environment - Google Patents

System and method for storing data in a cloud environment Download PDF

Info

Publication number
KR20140088962A
KR20140088962A KR1020120158096A KR20120158096A KR20140088962A KR 20140088962 A KR20140088962 A KR 20140088962A KR 1020120158096 A KR1020120158096 A KR 1020120158096A KR 20120158096 A KR20120158096 A KR 20120158096A KR 20140088962 A KR20140088962 A KR 20140088962A
Authority
KR
South Korea
Prior art keywords
data
original data
metadata
fragmented
information
Prior art date
Application number
KR1020120158096A
Other languages
Korean (ko)
Inventor
이대성
Original Assignee
부산가톨릭대학교 산학협력단
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 부산가톨릭대학교 산학협력단 filed Critical 부산가톨릭대학교 산학협력단
Priority to KR1020120158096A priority Critical patent/KR20140088962A/en
Publication of KR20140088962A publication Critical patent/KR20140088962A/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention relates to a data storage system in a cloud environment and a method capable of safely and efficiently protecting data stored in a cloud server in the cloud environment. Original data is divided into multiple slice files based on a file size, each slice file is distributed and stored, and the data is encoded by generating metadata including position information of the divided slice files and information about the original data.

Description

SYSTEM AND METHOD FOR STORING DATA IN A CLOUD

The present invention relates to a data storage system and method in a cloud environment, and more particularly, to a data storage system and method in a cloud environment capable of safely and efficiently protecting data stored in a cloud server in a cloud computing environment .

The existing computing environment, which relies on the independent hardware performance of each terminal according to the technological development of the computer network, is a form of cloud computing in which the service is provided according to the request of the terminal utilizing all the computing resources on the network It is evolving.

Cloud computing services can be defined as 'on-demand outsourcing services of computing resources' through information networks such as the Internet. In a cloud computing environment, service providers consolidate data centers distributed across multiple locations into virtualization technologies to provide services that users need. Service users are not required to install and use necessary computing resources such as application, storage, operating system, OS, and security in each user's own terminal, The service in the virtual space can be selected and used as desired. The user does not pay for the purchase of each computing resource, but instead pays the price based on usage.

According to the cloud computing service, users can access a cloud network through a terminal that performs network connection and basic computation functions at any place, perform tasks requiring a large-capacity storage device and a high-performance computing resource, and provide advanced services There is an advantage to receive.

However, in the cloud computing environment, due to its technical characteristics, the user's data is often stored in the cloud server instead of the local computer. In this case, it is also true that the stored user's personal data is leaked by a malicious attacker, which causes a lot of damage.

The present invention has been made to solve the above problems and it is an object of the present invention to provide a data storage system and method in a cloud environment that can safely and efficiently protect data stored in a cloud server in a cloud computing environment.

According to an aspect of the present invention, there is provided a method of dividing source data into a plurality of fragmented files based on file size, distributing and storing each fragmented file, and extracting metadata including information on the original data and position information of the fragmented file And encrypting the encrypted data.

Preferably, the data dividing unit divides the original data to be stored in the system into a plurality of fragmented files on a file size basis; An original data storage unit in which divided original data is divided and stored for each piece and a storage space is divided on the basis of a file size; A metadata generation unit for generating metadata including information on the original data and location information of the fragmented file; And a metadata storage unit for storing the metadata generated by the metadata generation unit. And a control unit.

Preferably, the hash table records and manages the hash information for data retrieval with respect to the metadata. Further comprising:

According to another aspect of the present invention, there is provided a method of dividing original data into a plurality of fragmented files on the basis of file size, distributing and storing the fragmented files, extracting metadata including information on original data, And encrypting the encrypted data.

Preferably, the data input step of receiving the original data; A data dividing step of dividing original data to be stored in a system among a plurality of pieces of input data into a plurality of fragmented files on the basis of a file size; An original data storage step of distributing fragmented files of fragmented original data on a file size basis; A location information encryption step of encrypting the fragmented file location of the distributed original data; And a metadata generation step of generating and storing metadata including information on the original data and location information of the fragmented file, And a control unit.

The method may further include: a hash table creation step of, after the metadata creation step, recording and managing hash information for data retrieval of metadata; Is further included.

Preferably, the step of checking the storage area and the position of the original data storage unit before the original data storage step is further included.

According to the present invention, even if a malicious attacker approaches a data stored in a cloud server in a cloud computing environment, the data can not be accessed.

In particular, the feature of the present invention is not to encrypt the file itself to be stored, but to save only the contents of the file location information, thereby shortening the time required for the encryption. This will perform better in large data environments where large files such as images and images are used.

In addition, by dividing and distributing the contents of a file, it is possible to apply a technique of reading and writing in parallel, thereby improving the speed of file access. The present invention can be virtualized so that it can be implemented in the upper layer regardless of the file system used in the operating system. It is also possible to build a direct file system in the form of the invention at the cloud operating system level.

1 is a block diagram for explaining a data storage system in a cloud environment according to the present invention;
2 is a flowchart illustrating a method of storing data in a cloud environment according to the present invention.
3 is a diagram for explaining a process of dividing and storing original data according to the present invention;
4 is a view showing an example of metadata according to the present invention;
5 is a diagram for explaining a hash table connection process according to the present invention.

Hereinafter, a data storage system and method in a cloud environment according to the present invention will be described in detail with reference to the accompanying drawings.

First, a block diagram of a data storage system in a cloud environment according to the present invention is shown in FIG.

Referring to FIG. 1, a data storage system according to the present invention includes a data input / output unit 10 for receiving data input from a user computer in a cloud computing environment and transmitting data requested by a user, A data division unit 30 for dividing the original data to be stored into a plurality of pieces on the basis of a file size, and a storage unit 30 for storing the original data divided by the data division unit 30 by pieces, A metadata generation unit 50 for generating metadata using information about the original data and the positional information of the fragmented file divided; A metadata storage unit 60 for storing metadata generated from the metadata, The hash table 70 for managing writing information, and is configured to include a control unit 20 for controlling the above-mentioned respective structures.

Next, FIG. 2 is a flowchart illustrating a method of storing data in a cloud environment according to the present invention.

Referring to FIG. 2, a method of storing data according to the present invention includes a data input step (S10) of receiving data input from a user computer in a cloud computing environment, a step of inputting a file size (S12) of dividing the fragmented original data into a plurality of fragments on the basis of the original data, a original data storing step (S14) (S20) of generating and storing metadata using information on the original data and the location information of the fragmented file, and a step (S20) of searching for metadata And a hash table creation step (S22) for managing the hash information recording and management.

Here, the location information encrypting step and the metadata generating step in steps S18 and S20 may be performed prior to the divided storage of the original data.

In step S14, prior to the original data storage step, the checking of the storable area and the position of the original data storage unit 40 may be performed.

The process of dividing and storing original data will now be described with reference to FIG.

Referring to FIG. 3, at the time of data storage, original data is divided into several pieces of a predetermined size and stored in different areas.

For example, in the data storage system, the original data file of 3.3 KByte size is divided into three fragmented files (A, B, and C) in 1 KByte units and one fragmented file (D) of 300 bytes in size And stores the four pieces of fragmented files A, B, C, and D in different areas of the original data storage unit 40. Each piece file at the time of storage will have a different storage space according to the file size as illustrated in FIG.

Here, since the original data is divided into several pieces and stored, it is necessary to separately write information about each storage location.

FIG. 4 is a data structure of metadata (storeInfoEntry) indicating information about the size and position of the original data. This metadata (storeInfoEntry) data structure is meta information about original data and contains all information about actual data storage.

In the data structure contents, the "keyed_digest" member has a digest value indicating that the metadata (storeInfoEntry) information itself is unchanged and is defect-free. The location information (data_location) of each piece of important information is encrypted and stored. The key used for encryption uses a key previously shared in the user authentication process. At this time, this encryption can be selected and applied among various public key sharing methods. The metadata (storeInfoEntry) may further include combining information for combining pieces of fragmented files.

When a user tries to save a file called / home / green / test / img1, the system first creates a metadata (storeInfoEntry) data structure for this file and writes the necessary information. The data storage location, which is important information, is divided into a certain size according to the size of the file and the location information is encrypted. At this time, the encryption key can use the shared key in the user login (authentication) process. Finally, the final metadata is stored in the storeInfoEntry data structure by message digest with the shared key. This will complete the metadata (storeInfoEntry) data structure.

5, the / home / green / test / img1 file is hashed using a user account, an account creation time, a file name, and the like, and is linked to a hash table, (storeInfoEntry) It is possible to increase the speed of retrieving data information from the system.

As described above, an optimal embodiment has been disclosed in the drawings and specification. Although specific terms have been employed herein, they are used for purposes of illustration only and are not intended to limit the scope of the invention as defined in the claims or the claims. Therefore, those skilled in the art will appreciate that various modifications and equivalent embodiments are possible without departing from the scope of the present invention. Accordingly, the true scope of the present invention should be determined by the technical idea of the appended claims.

10: Data input / output unit 20: Control unit
30: Data division unit 40: Original data storage unit
50: Metadata generation unit 60: Metadata storage unit
70: hash table

Claims (7)

The original data is divided into a plurality of fragmented files on the basis of the file size, the fragmented files are distributed and stored, and the metadata including the information on the original data and the location information of the fragmented fragmented files are generated and encrypted Data storage system.
The method according to claim 1,
A data division unit for dividing the original data to be stored in the system into a plurality of fragmented files on the basis of a file size;
An original data storage unit in which divided original data is divided and stored for each piece and a storage space is divided on the basis of a file size;
A metadata generating unit for generating metadata including information on the original data and location information of the fragmented file; And
A metadata storage unit for storing the metadata generated by the metadata generation unit; The data storage system comprising:
3. The method of claim 2,
A hash table for recording and managing hash information for data retrieval with respect to the metadata; The data storage system further comprising:
The original data is divided into a plurality of fragmented files on the basis of the file size, the fragmented files are distributed and stored, and the metadata including the information on the original data and the location information of the fragmented fragmented files are generated and encrypted How to store data.
5. The method of claim 4,
A data input step of receiving original data;
A data dividing step of dividing original data to be stored in a system among a plurality of pieces of input data into a plurality of fragmented files on the basis of a file size;
An original data storage step of distributing fragmented files of fragmented original data on a file size basis;
A location information encryption step of encrypting the fragmented file location of the distributed original data; And
A metadata generation step of generating and storing metadata including information on the original data and position information of the fragmented file; And storing the data.
6. The method of claim 5,
After the metadata generation step,
A hash table creation step of recording and managing hash information for data retrieval with respect to the metadata; Further comprising the steps < RTI ID = 0.0 > of: < / RTI >
6. The method of claim 5,
Before the original data storage step,
And a checking step of a storage area and a position of the original data storage unit.
KR1020120158096A 2012-12-31 2012-12-31 System and method for storing data in a cloud environment KR20140088962A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020120158096A KR20140088962A (en) 2012-12-31 2012-12-31 System and method for storing data in a cloud environment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020120158096A KR20140088962A (en) 2012-12-31 2012-12-31 System and method for storing data in a cloud environment

Publications (1)

Publication Number Publication Date
KR20140088962A true KR20140088962A (en) 2014-07-14

Family

ID=51737266

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020120158096A KR20140088962A (en) 2012-12-31 2012-12-31 System and method for storing data in a cloud environment

Country Status (1)

Country Link
KR (1) KR20140088962A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101675134B1 (en) * 2015-05-08 2016-11-22 김의준 Data storage system and method for storing information distributed
CN113378202A (en) * 2021-06-29 2021-09-10 湖南盈聚信息技术有限公司 Multi-dimensional data security storage system based on big data
KR20220074199A (en) * 2020-11-27 2022-06-03 주식회사 테르텐 Computer program for dividing original file into multiple pieces, encrypting divided files and restoring original file by decrypting encrypted files, and method thereof

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101675134B1 (en) * 2015-05-08 2016-11-22 김의준 Data storage system and method for storing information distributed
KR20220074199A (en) * 2020-11-27 2022-06-03 주식회사 테르텐 Computer program for dividing original file into multiple pieces, encrypting divided files and restoring original file by decrypting encrypted files, and method thereof
CN113378202A (en) * 2021-06-29 2021-09-10 湖南盈聚信息技术有限公司 Multi-dimensional data security storage system based on big data
CN113378202B (en) * 2021-06-29 2022-05-03 湖南盈聚信息技术有限公司 Multi-dimensional data security storage system based on big data

Similar Documents

Publication Publication Date Title
US9077541B2 (en) Methods and systems for storage of large data objects
US9262643B2 (en) Encrypting files within a cloud computing environment
CN102075542B (en) Cloud computing data security supporting platform
US8914632B1 (en) Use of access control lists in the automated management of encryption keys
US9749132B1 (en) System and method for secure deletion of data
US20140019498A1 (en) System, method and computer readable medium for file management
US20140019497A1 (en) Modification of files within a cloud computing environment
US11489660B2 (en) Re-encrypting data on a hash chain
JP2022520703A (en) Creating and running a secure container
US20160078244A1 (en) Secured file system management
US9639708B2 (en) Methods and systems of encrypting file system directories
US9514325B2 (en) Secured file system management
US10536276B2 (en) Associating identical fields encrypted with different keys
US20150205973A1 (en) Method and apparatus for providing data sharing
TWI786373B (en) Computer implement method, computer system and computer program product of secure execution guest owner controls for secure interface control
KR20140088962A (en) System and method for storing data in a cloud environment
CN108920971A (en) The method of data encryption, the method for verification, the device of encryption and verification device
US11277262B2 (en) System generated data set encryption key
EP4304156A2 (en) Virtualization for privacy control
US11165760B2 (en) Increasing security of objects in cloud environments by using a two-part encryption scheme
KR101469803B1 (en) Security Apparatus for Data, Terminal having the Same and Security Method for Data, and Computer Readable Record Medium
Dinesh et al. Dynamic auditing and deduplication with secure data deletion in Cloud
US20130036474A1 (en) Method and Apparatus for Secure Data Representation Allowing Efficient Collection, Search and Retrieval
CN105512575A (en) Cloud platform virtual disk encryption method and system
Zhou et al. A secure virtual data center based on data labeled cloud-agent

Legal Events

Date Code Title Description
WITN Withdrawal due to no request for examination