Multi-tenant Access Control Module Design And Implementation Of Eole Platform Based On Kerberos

Cloud storage is a concept derived from the development of cloud computing,and gets attention because its' features such as low cost and easy to use.However,during the development of cloud storage,there are two kinds of safety problem increasingly prominent:1.As data could be theft or tampered by other tenants of the storage platform,the security of the data of the tenants can not be guaranteed.2.As data may be exposed by the operator,the security of the sensitive information of the tenants can not be guaranteed.Based on the background mentioned above,during the design and implementation of Eole system which is a cloud storage platform based on HDFS(Hadoop Distributed File System,hereinafter referred to as HDFS)architecture,focusing on two safety issues of cloud storage,a secure data storage mechanism and user access control mechanism for multi tenants has been designed.Combines with the actual needs of enterprises and Eole platform,it can provide secure,on-demand,real-time,scalable storage services to tenants.On the one hand,to solve the problem that the cloud data may be tampered by other tenants of the platform,a multi-tenant access control strategy based on Kerberos is promoted.The strategy can be customized according to the needs of enterprises and can apply flexible and effective access control policy to achieve different levels of data isolation between enterprises' departments and enterprises.On the other hand,to solve the problem of the user's sensitive information leakage,using cloud data encryption to protect the absolute security of user's sensitive information is considered as a good solution.Around the access control strategy and the strategy of data encryption,multi-tenant access control module design and implementation of Eole Platform based on Kerberos is completed.The module will enhance the security of Eole cloud storage platform,simplify the complexity of HDFS privilege management,and improve the interaction performance of cloud storage platform.In addition,some experiments aimed to measure the security,availability,performance and other aspects of the multi-tenant access control module have been done.From the test results,the access control strategy and data encrypt strategy proposed in this paper not only ensures the high efficiency of data operation,but also ensures the security of data access.Although it has not been tested on the P level data due to the limited test condition,the feasibility of the strategy is also proved in theory.