| Object-based Storage Systems use objects as storage interface, the entire system consists of the Metadata Server (MDS), clients and Object-based Storage Device (OSD). MDS is responsible for metadata management and datas are stored on OSD, which separates data storage and management. Clients can access data stored on OSD via the openly network, which causes OSD meet network threats and malicious attacks directly.Based on the OSD-2 standard, a solution has been designed for the security of OSD, which called the credential based access control mechanism. It includes two main aspects, on one hand; the credential validation processes not only guarantees that only legal credentials can access OSD, but also guarantees the integrality of sensitive data. On the other hand, key update process will updated keys regularly for ensure the effectiveness of keys. Both credential validation and key update work together for guarantee the safety of OSD effectively.A secure OSD prototype has been implimented with the credential based access control on the original OSD, which mainly includes credential validation module and key update module. The former consists of validate credential module, replay attack detection module and data integrality module. The latter consists of update master key module and update common key module. The analysis for the six security threats shows that our solution can protect OSD form network threats effectively.The test results show that the performance of the OSDs with credential validation decrease by less than 5% while the OSDs with the data integrity process suffer a higher performance penalty: the performance by a client decreases by 52% and by multiple client decreases by 30%. |
PDF Full Text Request