Research And Implementation Of Cloud Computing Security Based On HDFS

In recent years, cloud computing has been widely research and application, and quickly become the hottest topic in computer field. To the best level of integration of network resources, to achieve the efficiency and quality of optimization is the goal of cloud computing, the key factor which might affect the popularity or accepted by the public of cloud computing is the cloud computing security issue, so the research under the cloud computing security technology is a hotspot in the field of security research in recent years. HDFS is a subproject under the hadoop project, also is a open source distributed file system which is relatively popular in a variety of cloud computing platform, up to now there are many companies and large enterprises deployed services based on hadoop, research cloud computing security under the HDFS has important significance for better research of cloud computing security and the promotion of hadoop.This paper rely on the ministry of education of guangdong province industry-university-institute cooperation project, cloud computing file data management under HDFS and the corresponding security scheme design and implementation were put forward according to the requirements of the project. Design and implementation of cloud computing file management system based on HDFS, including such as upload and download data parallelism, user management, inventory management, and other functions, completed the basic function of file data management in cloud computing environment. Based on basis function of file management, according to security requirements of file management system, design and implement feasible solution. Concrete including user reviews, access authentication of the DataNode to Client which HDFS lacks of, security storage and transmission of file data, and integrity checking, monitoring user behavior or maintenance the log management of system running status, prevent users from unauthorized access, cause loss of data access control and other security technologies.The innovations of this paper as follows: (l)Designed access authentication security mechanism of DataNode to the Client under HDFS which based on IBE algorithm principle, to make up for the detects which Client access under the original HDFS architecture not certified by DataNode, make malicious or fake users cannot steal private data on the DataNode under the condition of not contact with NameNode, thus ensure the data security. At the same time, abandoned the third-party trusted institutions by using quasi IBE algorithm principle, the private key is generated by the Client, lessened the key management complexity for key generation, distribution and storage, and simplified the key management.(2)Design and implement security solutions of data transmission and storage in the cloud computing file management system based on HDFS, use symmetric encryption algorithm DES,3-DES and AES, etc in the Client to upload data block with encryption, and ensure the safety when Client transmit and store data to the cloud computing file management system. Specifically, it can through processing the summary of transmission data, to verify the integrity of data in the transmission or storage process.(3)Log management solution of monitoring user behavior and access control scheme of user access authority control is implemented. Log management is convenient for system management and data maintain, prevent data loss, also it can monitor the user’s behavior. Access control mainly control the public and privacy of file data, file is shared which in a shared list, and the rest only can be seem by the file owner as private data.