Based HDFS Architecture Cloud Storage Access Control Mechanisms Research And Design

As a standalone application of cloud computing, cloud storage has gradually become ahotspot of commercial applications, but its safety has been the focus of users and serviceproviders’ fear and concern. An open cloud storage service system should have a high securityaccess control mechanisms need to meet the basic needs of the following five aspects: thelogic isolation of users data involved in the authentication and authorization access controlmechanisms; flexible user resource rights management, to achieve resource read, write andchange management; support mass user authentication management, need to support efficientapplication of more than ten million users; domain-based security management, access controlcan be realized within the inter-domain; prevent the cloud service providers to steal user theinformation stored in the cloud, that CSP is not entirely credible, to protect cloud data securitythrough encryption and other measures. Based on the above requirements, we researchedcloud storage system access control mechanisms of HDFS architecture, improve the designabout this question,and complete the verification deploy.Analyzed HDFS access control mechanism, pointed out the lack of authenticationmechanisms of access control and posing as a cluster node. For this, in this paper, engineeringsolutions are built through the introduction of the Kerberos authentication mechanism tostrengthen the HDFS cloud storage system security, based on the symmetric cryptosystemrobust certification, so as to effectively prevent node posing. The program is suitable for thesmall-scale private cloud storage system construction with light-weight agile.Kerberos authentications HDFS can only support small-scale users, can not supportdomain and access control in the inner domain. In this paper，based on the existing HDFSmechanism have designed a sub-domain management of role-based access control (SDMoR),have improved domain management, massive users authentication and rights management,satisfied the first four access control requirements of cloud storage. Plausible assumptions cloud storage services is trusted, the program is suitable for the medium-scale private cloudstorage system construction.The cipher-text access control mechanisms can solve that the cloud storage serviceprovider is not completely trusted. And directly use CP-ABE to design access controlmechanisms, we have three questions: resource owners need to know what each visitorattributes knowledge; resource owners and user are need to maintain a large number of theaccess key; covering the cloud storage system cipher-text data can not identify its writtenpermission legitimacy. This paper designed a trustee-based CP-ABE cloud storage accesscontrol(TBCCSAC), in which a trusted third party is introduced that manage users’ attributecertificates, resource access keys are generated dynamically, and an access control tokenmechanism is used. By analyzing TBCCSAC security and performance, performance impactwithin the acceptable range, and finally apply this mechanism to HDFS to meet all five accesscontrol requirements of cloud storage. The program is suitable for the large-scale privatecloud storage system construction.