Research And Implementation Of Secure Network File System Based On FUSE

With the development of the Internet and the advent of the information age,file cloud storage technology has entered a rapid development period.More and more individuals and enterprises are storing,sharing and transfering data files through cloud storage systems.Cloud storage systems usually use their own client to access and manipulate files,which does not match the user's habbit that accessing and operating the files through the operating system file explorer.Meanwhile,extensive use of cloud storage system also increases the possibility of user information leakage,especially the unauthorized access to the file from the maintainers of cloud storage system.This not only the main issue that user is concerned about,but also a major obstacle of further development of cloud storage service.This thesis describes an implementation scheme of security network file system based on FUSE(Filesystem in Userspace).The system allows user to access and manipulate files in file system in a conventional method,achieving file sharing among authorized users,and preventing unauthorized access from the maintainers of the network file system.The system make use of Dokan file system driver to virtualize the shared directory in the network file servers to a local virtual disk.Users' operations on files and directories within the virtual disk(including file creation,write,delete,create a file directory,delete,etc.)will be converted to the operations on the file and file directory within the sever's sharing file directory,which conforms to the user's usage habit.Files have been encrypted in a hybrid way during the upload process and the decryption control strategy has been set up.To ensure the security of files,the file data is encrypted using AES block encryption algorithm with a randomly generated key,which is encrypted using IBE(Identity Based Encryption)according to the decryption control strategy.In this system the decryption control strategy includes individual and group decryption strategies.Individual decryption strategies are special for some certain individuals with higher operating authority,Group decryption strategies are for a group of users,some user roles or a user department,which be set some or all operation authorities.Combining two strategies will meet the various file-sharing case much better.The innovation of this thesis is using FUSE technology to solve the problem that traditional file cloud storage system requires users to operate network file through a special client,and allow users to operate the network files more conveniently.At the same time,the combining use of symmetric encryption and IBE encryption and setting the decryption control strategy by end users solved the insecurity of traditional cloud storage's file sharing,in particular,prevented the unauthorized access to the documents from the maintainers of cloud storage system.Finally,the test results demonstrate that the system can achieve a secure file storage and sharing authorization without changing user habits.