| With the development of computer and technology of micro-electronics,the technology of software and chips has become the kernel technology of IT, which takes an important role in the information security and general power of a country. Network computer is a type of information-access terminal, which based on the environment of network computer, the development of network computer is very important for us to develop our own knowledge propertyright and to improve the kernel competition power of IT.NFS is a type of RPC service designed by SUN Microsystem, We can share files for the different operation systems through NFS. It is very important to the environment of network computer. NFS provides the ability of sources-sharing and supporting to the distributed application in the environment of network computer. Linux is the kernel software of the system of network computer, but at present, there are several hidden troubles of security in the implement of NFS in Linux. Pointing to these hidden troubles, this paper has done several reseaches:To begin with,the conventional NFS is based on the RPC. At present, the authentication of RPC is Unix method or DES method. The Unix method is not suit for the open environment of network. In essencial, the DES authentication uses the user/password method of users management, depends on the unsymmetical key management of NIS server. The DES authentication resists the replay-attack by the synchronization of time, and the figure of user maps to the UID/GID. So, to some extents, it is not enough for the need of users. We brought forward a file access-control and authentication method facing to the remote users to provide network filesystem a secure remote access-control mechanism in the cipher significance. Moreover,we brought forward a method based on the symmetrical cipher to process the datum. The method changed the datum's route of NFS in Linux, and processed the datum on the interface between the client and the server. It can improve the offline security and transmission security of NFS.Finally,We introduced ACL mechanism to NFS sever to enhance the security of NFS. The ACL mechanism has fined the access-control granularity of NFS and overcame the flaw of NFS that the access-control granularity of NFS is very coarse. We developed a system of secure network filesystem to enhance the security of the network computer environment. It has great significance to the popularization of network computer.
|
PDF Full Text Request