| It is well-known that a variety of cloud-based services come with the rising ofcloud computing. In the morden age of Internet, people are not restricted to surf onlineonly by computers. With faster and better mobile devices, it becomes more convenientfor them to connect the Internet wherever they are and whenever they want. More andmore organizations and people can easily communicate and share with each other. Buthere comes along a problem: how can these large scale data be stored? Cloud storagetechnology arises to solve this problem. However, latest research has shown that it stillneeds to cross a hurdle to make people completely trust the cloud storage and store theirpersonal privacy, company’s sensitive data in the cloud although it has broad applicationprospects. The hurdle is how the cloud provider can guarantee the confidentiality andintegrity of user’s data. Therefore, the security of cloud storage has received a warmconcern.This dissertation focuses on security policy of cloud storage whose architecture isbased on HDFS (Hadoop Distributed File System). The aim is to design and implementa security policy on the HDFS-based cloud storage, which is used for the secure accesscontrol of the platform. A policy is designed to solve the weakness of access control ofit after studying the architecture of HDFS. This policy is based on mandatory accesscontrol, combining the role of role-based access control, designs a security labelrespectively for the subject and object, and defines a set of rules for access control,which facilitates the data isolation of different organizations in the cloud. In themeantime, the introduction of role greatly improves the flexibility of the system. Themain contributions are as follows:First of all, a cloud storage service based on HDFS is constructed on the platformof Cloud Computing in the lab. Through research on a series of configurations andrelavant papers refered to, a complete analysis of the security design and architecture ofHDFS can be done.Then, a further study of the weakness of HDFS is needed. After the research oftraditional access control both in their theories and models, a final decision is made.Mandatary access control and role-based access control are combined in designing thesecurity policy. And the security labels for subject and object are also specificallydesigned. All these combined are used to guarantee the secure data isolation and accesscontrol in cloud.Last but not least, after the policy is coded, two client applications areimplemented on both PC and Android. The PC application is designed for filemanagement through a mapping from cloud to client, in which the security policy is embedded to make the operations secure, such as upload, download, delete. TheAndroid application is the mobile cloud storage. A specific architecture is designed forthis to overcome the difficulty that the HDFS APIs can not be called directly in Androidprogramming. |
PDF Full Text Request