| As the large scale and high performance storage system may service millions of clients and hold a large number of Sensitive data. How to secure such a storage system is a difficult problem. The existing large scale and high performance storage systems have considerate a little security. Most of them use the program of user direct access device and separate the data way and metadata way. When the system is large enough, this imposes an unacceptable overhead on MDS. Considering the security-specific metadata is updated frequently, the situation is worse.The identity based storage security access control model implement the identity certifity and the access control. Before get the data, the user gets his identity certificate from the trust center firstly. When the user get metadata from metadata server and get data from storage device, the user and server can all get certificated with IBE. Then the server gives the authorization base on the access control list. When the identity certificate is in its validity time, the user need not get its certificate, it can send request to storage device directly. The storage device user the user identity and the access control list to authorize the user. So the identity based access control model modify the efficiency, release the metadata server load.In this paper, described the identity based storage security access control model. Explain some function of the system. We implement the user identification with the identity based encryption, and design the access control list. We also implement a simple trust center, it can generate security key, identity certification for user. |
PDF Full Text Request