Design And Implementation Of A Role-based Access Control System Of Distributed Storage Systems On VxWorks

The distributed storage system has the characteristics of flexible and high efficiency,and it can deal with the expansion pressure brought by the exponential data growth.However,the existing distributed storage systems are designed for commercial server nodes,it doesn't apply to the aerospace field which with higher requirements of real-time and power,although in the field of aerospace is also facing the same pressure.In addition,the field of aerospace has a high demand of data security.In the above environment,it is very important to use distributed storage systems and ensure the security of the data.A kind of efficient role-based access control system is designed and implemented for distributed storage systems on VxWorks platform.The system has the following characteristics: 1)design the configuration information management function based on the encrypted file,for the management of users,roles,permissions and other key information of system,avoid the use of the third party database which take up a lot of system resources,it is suitable for the embedded system with limited resources and high real-time requirement;2)we design a fast and efficient data query method based on Hash list,in order to optimize the frequent access to information such as user tables,authorization tables and so on;3)The way of privilege management is designed based on the independent ACL,to achieve the same permissions subdirectories and files which under the same parent directory use the same permission table,avoid all the single directories and files set separate permissions table,It not only saves the metadata storage space,but also reduces the system resource occupation and error probability.The experiments are designed to verify the function and performance of the system.Test results show that the system can complete all the functional indicators effectively.For example: For "single role-multi object " batch rights modification,the execution efficiency of independent ACL is highest,the speed is more than 2 times of the memory copy;For the "multi role-Multi object" batch rights modification,the execution efficiency of independent ACL is highest too,and the speed is 5 times higher than the set of operations at the same time to modify the permissions of the 10 roles.