Volume 17, Issue 4, pp 488-505
Publication Date: 2017-10-19
Ming Zhang - School of Information Engineering, Wuhan University of Technology, Wuhan 430070, China
Wei Chen - School of Information Engineering, Wuhan University of Technology, Wuhan 430070, China
Yunpeng Cao - School of Information Science and Engineering, Linyi University, Linyi 276000, China
With the development of large-scale data, the increasingly users need to store the data in the distributed storage system due to the fact that the signal computer can not hold the massive data. However, the users can not control the data access rules. So the transparent security management of Large-scale data in distributed networks is a challenge. To solve this issue, a distributed security storage model is proposed. This security storage model can deal with the high concurrency and the complexity of large-scale data management in the distributed environment. The detailed designed of the transparent security storage system is provided based on the security storage model. This system allows the users manage their data and provides confidentiality protection, integrity protection, and access permission control. Experiments exhibit that the distributed storage model can improve the data security with I/O performance loss less than 5%.
Distributed storage system, transparent encryption, confidentiality, integrity control model.
 A. Adya, W. J. Bolosky, M. Castro, G. Cermak, R. Chaiken, J. R. Douceur, J. Howell, J. R. Lorch, M. Theimer, R. P. Wattenhofer, FARSITE: Federated, available, and reliable storage for an incompletely trusted environment, Proceedings of the 5th Symposium on Operating Systems Design and Implementation, San Francisco, USA, 36 (2002), 1–14.
 M. Blaze, A cryptographic file system for UNIX, 1st ACM Conference on Computer and Communications Security, ACM Press, (1993), 9–16.
 P. D. Bovet, M. Cesati, Understanding the Linux Kernel: from I/O ports to process management, O’Reilly Media, Inc., (2005).
 G. Cattaneo, L. Catuogno, A. Del Sorbo, P. Persiano, The design and implementation of a transparent cryptographic file system for Unix, Proc. USENIX Annual Technical Conference, Boston, USA, (2001), 199–212.
 K. E. Fu, Group sharing and random access in cryptographic storage file systems, Master’s thesis, Massachusetts Institute of Technology, Tech. Rep., Boston, USA, (1999).
 E. Geron, A. Wool, CRUST: cryptographic remote untrusted storage without public keys, Int. J. Inf. Secur., 8 (2007), 357–377.
 E.-J. Goh, H. Shacham, N. Modadugu, D. Boneh, SiRiUS: Securing remote untrusted storage, Proceedings of the 10th Network and Distributed Systems Security Symposium, San Diego, USA, 3 (2003), 131–145.
 R. Hasan, S. Myagmar, A. J. Lee, W. Yurcik, Toward a threat model for storage systems, Toward a threat model for storage systems, FairFax, VA, USA, (2005), 94–102.
 M. Kallahalla, E. Riedel, R. Swaminathan, Q. Wang, K. Fu, Plutus: Scalable secure file sharing on untrusted storage, Proceedings of the 2nd USENIX File and StorageTechnologies, FairFax, VA, USA, 3 (2003), 29–42.
 R. C. Merkle, A digital signature based on a conventional encryption function, Conference on the Theory and Application of Cryptographic Techniques, Springer, Berlin, Heidelberg, Santa Barbara, USA, (1987), 369–378.
 E. L. Miler, D. D. Long, W. E. Freeman, B. Reed, Strong security for network-attached storage, Proceedings of the 1st USENIX File and Storage Technologies, Monterey, USA, (2002), 1–13.
 D. P. O’Shanahan, CryptosFS: Fast cryptographic secure NFS, Master’s Thesis, The University of Dublin, Ireland, (2000).
 E. Riedel, M. Kalahala, R. Swaminathan, A framework for evaluating storage system security, Proceedings of the USENIX Conference on File and Storage Technology, Monterey, USA, 2 (2002), 15–30.
 A. Traeger, K. Thangavelu, E. Zadok, Round-trip privacy with NFSv4, Proceedings of the 2007 ACM workshop on Storage security and survivability, Alexandria, Virginia, USA, (2007), 1–6.
 L. Wang, B. Yang, A. Abraham, Distilling middle-age cement hydration kinetics from observed data using phased hybrid evolution, Soft Comput., 20 (2016), 3637–3656.
 L. Wang, B. Yang, Y.-H. Chen, X.-Q. Zhang, J. Orchard, Improving neural-network classifiers using nearest neighbor partitioning, IEEE Trans. Neural Netw. Learn. Syst., 28 (2016), 2255–2267.
 L. Wang, B. Yang, J. Orchard, Particle swarm optimization using dynamic tournament topology, Appl. Soft Comput., 48 (2016), 584–596.
 Z. Wilcox-O’Hearn, B. Warner, Tahoe: the least-authority filesystem, Proceedings of the 4th ACM International Workshop on Storage Security and Survivability, Alexandria, Virginia, USA, (2008), 21–26.
 C. P. Wright, M. C. Michael, E. Zadok, NCryptfs: A secure and convenient cryptographic file system, Proceedings of the USENIX Annual Technical Conference, San Antonio, USA, (2003), 197–210.
 F. Yingxun, L. Shengmei, S. Jiwu, A secure network disk system in cloud storage environment, J. Softw., 25 (2014), 1831–1843.
 E. Zadok, I. Badulescu, A. Shender, Cryptfs: A stackable vnode level encryption file system, Technical Report CUCS- 021-98, Computer Science Department, Columbia University, New York, (1998).
 T. Zhong, J.-Z. Geng, H. Xiong, Z.-G. Qin, The data integrity verification mechanism based on SBT in cloud storage, J. Univ. Electron. Sci. Technol. China, 6 (2014), 929–933.