| As the storage technology has been kept improving and the computable ability of computers increased rapidly, storage system is improving to fit the needs of large scale and high concurrency. The massive growth in information storage has brought new requirement to ensure the security of information storage. Traditional security methods for storage systems are insufficient to satisfy current security requirement in a distributed storage system.Having analysed the security mechanism of some file-systems and their implementation, such as Plutus and SiRiUS, it is found that the implementation of these security mechanisms are restricted by their performance and scales, not enough high-performance for distributed storage system. And when all data are stored in the system, it is necessary to restrict the system administrator's priviledge.The large-scale, high concurrency and less sensitive data are the characteristics in a distributed storage system. A set of security mechanisms for a distributed storage system should allow the user encrypt data as they wish which prevents non-sensitive data from being encrypted, keep the user from being directly involved in the encryption/decryption and key management problems by using the security manager, and reduce the overhead of access control to the minimum by caching certificates which avoids impacts on the system's throughput. The Administrator's privileges can be restricted by separating the key and key number.Experiments show that in a distributed storage system which is deployed with the security mechanism described above, the I/O performance of encrypted files is limited by the current encryption and decryption speed; as for the non-encrypted files, the addition of encrypted storage and access control doesn't impact much on the system. This proposal not only maintains the system performance, but also provides a flexible encryption granularity and a friendly access mode. |
PDF Full Text Request