| With the fast development of the information technology, all kinds of network attackhas already been a very prevalent phenomenon. Data security and network security havebeen paid more attention by people, and how to offer perfect security services withensuring the performance becomes a hot problem.This paper studies distributed file system GlusterFS, affirms its advantage inextension and performation,but analyzes the problems of its secuirty mechanism, such asit doesn’t offer any authentication mechanism and access control mechanism and so on,and its encryption algorithm-rot13is cracked very easily. So,on the basis of distributedfile system GlusterFS, a new kind of security architecture is proposed. Namely, we add anew module--security manager based on the previous, and form a new tripartite structure.The system makes use of three different kinds of key. They not only make confidentialdata in system to be stored securely, but also lighten the burden that users manage keysgreatly and restrict the Administrator’s privileges. In addition, the system usesauthentication to avoid falsified, steal, fake and replay attack in the process ofcommunication. It uses access control mechanism to prevent users from unauthorizedaccessing during operation. The system also imports blacklist authenticated mechanism tomake the system more secure, and to hold back malicious users’ threat to system security.After describing the design and implementation method in detail, this paper illuminate thatthe security mechanism effects the performance of the system by test result. |
PDF Full Text Request