| Today new application demand is a challenge to the design of storage system. To solve the ubiquitous problems in storage security and storage management, this thesis focuses on disk arrays and makes detailed discussions from two aspects:storage security and multi-protocol support, then we design a multi-protocol encrypted disk array with well-designed security features.The rapid development in computer technology (including storage technology) and the appearance of various memory devices bring a problem:storage device compatibility, including the compatibility between old and new storage devices and the compatibility of different types of equipments. This thesis support uniformly accessing different types of storage devices using the way of multi-protocol, which is the design starting point of this thesis. In addition, the change from single-protocol to multi-protocol incurs some security issue because of the complexity of the multi-protocol case, especially when multi-user access the storage system using different protocol, the problem of potential data security becomes outstanding. So storage designers need to focus on security in storage systems. The two issues in the final analysis is multi-protocol support issues and data security issues, which belongs to "storage resources and data management" research field.From the perspective of data security, storage system need ensure not only the availability of data, but also the data confidentiality. For the disk array the data availability need not be considered, because the original design intention of disk array is out of considerations of data availability. Disk array contain several series-wound disks linked by a disk array controller, in particular disks of which redundancy parity data store. When a disk failure happened, the data can be recovered through data reconstruction approach, at the same time the upper operations continue. This thesis focuses on data confidentiality in disk-array. In order to achieve multi-protocol encryption disk array that supports both multi-protocol and data encryption, we make detailed discussions from two aspects:data access protocol and storage encryption, and analyze respectively encryption in I/O, encryption in disk array, and multi-protocol.Based on research in development of storage security and relevant laws and regulations, this thesis analyzes several existing storage security technologies (such as full-disk encryption technology, based on virtual disk and volume encryption, based on file and directory encryption technology), anatomize call flow and design principle of encrypted file system, and present a optimized I/O method in data encryption. Considering expending in encrypting data and convenience for use, we implement the optimized I/O method as a kernel encryption File System (EE-FS). At last, we test the expending of the encryption File System, and experimental results show that loading the in the encryption and decryption module in kernel mode lead to a smaller performance impact.In order to achieve a better balance between confidentiality and high performance, this thesis designs a disk array encryption scheme which divides the file to several segments, and only encrypts a part of data segments of the file. Then calculate the parities, and store non-encrypted segments and encrypted segments and parities to different hard drives. Encrypting data and calculating parity can be parallel. The scheme only encrypts a part of data segments, so it maintains a high I/O performance while increasing security for disks array. This thesis analyzes and elaborates call flow and details of important modules of encrypted disks array, and verifies the feasibility of encrypted disk array implementation.This thesis discusses the design of multi-protocol disks array supporting several different access protocols from two view points:protocol compatibility and protocol conversion, including the idea of multi-protocol disk array, the design of protocol adaptation module and the design of disk arrays start module and target device. And then add the research of encrypted disk array, and propose a disk array framework converging storage security and multi-protocol technology. By analyzing the encryption level, encryption algorithm, protocol adaptation layer, storage resource pool and other issues, design a multi-protocol encryption disk array prototype system based iSCSI. Using protocol adaptation module, this thesis manages different types of storage resources to integrate a large storage pool. Encrypting data modules execute the process of encrypting and decrypting the data, increasing data confidentiality. In response to different application demands, multi-protocol disk array support different access interfaces.Finally, we summarize the thesis, and make an expectation for the following work in multi-protocol encryption disk array.
|
PDF Full Text Request