| With the rapid development of electronics and information technology, nowadays,information storage is becoming an important field of computer technology gradually.The global distributed storage system (GDSS) is a system which integrates all thescattered and distributed storage resources into unified logical storage view, providinglarge volume, high performance and high availability storage service. Under the support of National High-tech Research and Development Plan, Thecluster and grid computing key laboratory has taken on the research work about thevirtual storage and its file system. Through 2 years' hard work, we successfullydevelop the global distributed storage system version 1.0. This system is a highperformance storage system which integrates all the scattered and distributed storageresources in Internet into unified logical storage view. Data security is one of the key questions to be solved by GDSS. In the traditionalstorage mode, such as DAS (Direct Attached Storage), RAID (Redundant Array ofIndependent Disk) storage system, data belong to a certain host, so data security canbe guaranteed. But in the modern storage network pattern, with the advantages of highperformance, high availability and so on, the security of storage system is also descentin a certain extent. Therefore, it is great significant to research and design the secureinfrastructure of GDSS. During GDSS design, identity authentication, access control and securecommunication are three key issues, the most fundamental issue of which is identityauthentication. How to solve identity authentication is basic precondition andguarantee of access control and secure communication issues. GDSS-PKI system is a extend PKI model which combines the hierarchical CAstructure and the meshy CA structure. It is suitable to the global distributed storagesystem. The advantage of GDSS-PKI structure is to divide a lot of autonomy domainsinside PKI system, and each autonomy domain treats its own independent root CA asthe single trusting anchor. So it avoids the single root CA problems hold by thehierarchical CA structure and the single CA structure. Only adopting root CA insideeach autonomy domain as nodes in meshy PKI structure greatly reduces thecomplication of cross-domain certificate route. At the same time, we introduce thecross-domain certificate and its corresponding certificate routing algorithm to solve IIthe problems of complicated scalability and the difficulties to find for those certificateroutes in bidirectional meshy trust relationships condition.
|
PDF Full Text Request