A secure storage system over cloud storage environment

被引：0

作者：

Xue, Mao ^{[1
]}

Xue, Wei ^{[1
,2
]}

Shu, Ji-Wu ^{[1
,2
]}

Liu, Yang ^{[2
]}

机构：

[1] Department of Computer Science and Technology, Tsinghua University, Beijing

[2] Tsinghua National Laboratory for Information Science and Technology, Tsinghua University, Beijing

来源：

Jisuanji Xuebao/Chinese Journal of Computers | 2015年 / 38卷 / 05期

基金：

中国国家自然科学基金;

关键词：

Access control; Confidentiality; Cryptographic file systems; Integrity; Secure storage system;

D O I：

10.3724/SP.J.1016.2015.00987

中图分类号：

学科分类号：

摘要：

Nowadays, data has been increasingly shared among different users inside the cloud storage systems, instead of being owned by any single private user, which makes an ordinary user usually does not have the control permission over the whole system, thus hard to secure data storage or data sharing of his own files. To solve this problem, this paper proposes a new secure cloud storage system architecture. Based on this architecture, this paper designs and implements a secure cloud storage system called Corslet. Corslet can run directly on deployed underlying cloud storage systems without modification, while bringing end-to-end confidentiality and integrity as well as efficient access control for user data. For individual users, Corslet is easy to use, the only thing to keep locally is their certifications. The experiments and standard benchmark results show that Corslet over NFSv4 cluster brings acceptable I/O throughput reduction which is less than 5%, proving that Corslet can provide enhanced security for user data while maintaining acceptable performance. ©, 2015, Science Press. All right reserved.

引用

页码：987 / 998

页数：11

共 19 条

[1] Sandberg R., Goldberg D., Kleiman S., Et al., Design and implementation of the SUN network filesystem, Proceedings of the Summer USENIX Conference, pp. 119-130, (1985)
[2] Weil S., Brandt S., Miller E., Et al., Ceph: A scalable, high-performance distributed file system, Proceedings of the 7th Symposium on Operating Systems Design and Implementation, pp. 307-320, (2006)
[3] Hasan R., Myagmar S., Lee A.J., Yurcik W., Toward a threat model for storage systems, Proceedings of the 2005 ACM Workshop on Storage Security and Survivability, pp. 94-102, (2005)
[4] Kallahalla M., Riedel E., Swaminathan R., Et al., Plutus: Scalable secure file sharing on untrusted storage, Proceedings of the 2nd USENIX File and Storage Technologies, pp. 29-42, (2003)
[5] Riedel E., Kallahalla M., Swaminathan R., A framework for evaluating storage system security, Proceedings of the 1st USENIX File and Storage Technologies, pp. 15-30, (2002)
[6] Fu K., Group Sharing and Random Access in Cryptographic Storage File Systems, (1999)
[7] Merkle R., A digital signature based on a conventional encryption function, Proceedings of the Conference on the Theory and Applications of Cryptographic Techniques on Advances in Cryptology, pp. 369-378, (1987)
[8] Geron E., Wool A., CRUST: Cryptographic remote untrusted storage without public keys, Poceedings of the 4th International IEEE Security in Storage Workshop, pp. 3-14, (2007)
[9] Bovet A., Cesati M., Understanding the Linux Kernel, (2007)
[10] A cryptographic file system for Unix, Proceedings of the ACM Conference on Computer and Communications Security, pp. 9-16, (1993)

← 1 2 →