Data isolation method used in storage cloud

A technology for data isolation and cloud storage, which is applied in digital data protection, electronic digital data processing, instruments, etc., and can solve problems such as inability to access data beyond authority and inability to share data

Active Publication Date: 2012-01-04
PEKING UNIV
View PDF1 Cites 87 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Aiming at the special environment of cloud storage, this paper proposes a flexible access control strategy based on RBAC (Role based Access Control), combined with the logical combination of organizational labels and various security attributes. On the one hand, it can ensure that data between different enterprises in the cloud The strong isolation makes it impossible for enterprise users to exceed their authority to access the data of other enterprise users; on the other hand, this strategy can ensure the appropriate ...

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Data isolation method used in storage cloud
  • Data isolation method used in storage cloud
  • Data isolation method used in storage cloud

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0137] The invention develops a security mechanism for data isolation based on the Hadoop distributed file system (HDFS). Distributed file systems are widely used as the underlying infrastructure of cloud storage, and the underlying use of commercial cloud storage Cloudera is HDFS. The use of open source HDFS to develop a prototype of the security mechanism is conducive to the evaluation of the effect of the entire system.

[0138] Figure 5 Depicts the security architecture design based on HDFS architecture.

[0139] The core of the prototype system is the safety decision module. In order to determine whether the subject has permission to access the resource object, the security decision-making module needs to first obtain the information of the security label of the subject and object and the security policy of the current system. In HDFS, the meta-information of the file system is stored on the Namenode side of the master node, so security meta-information such as securi...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a data isolation method used in storage cloud, and belongs to the distributed storage field. The data isolation method comprises the following steps: (1) according to security demands of an organization, establishing security policy configuration of a tenant in master nodes of a storage cloud system; (2) establishing a user subject belonging to the organization and stamping role tags in a role model of the organization for the subject; (3) organizing an administrator to stamp the tags in the Tag model of the organization for an accessed resource object established by certain user in the organization; (4) according to role privileges of accessed resources, setting a security access policy of a role subject for the accessed resource object and storing the security access policy in the master nodes of the storage cloud system; and (5) according to the security access policy, judging whether the role subject passes the access to the accessed resource object by the master nodes, executing the access if yes and refusing the access if no. The data isolation method has the beneficial effects that the appropriate data isolation is ensured in a cloud-stored enterprise, and the adopted policy follows a universality principle, thus being applicable to public cloud, private cloud and mixed cloud.

Description

technical field [0001] The present invention proposes a method for providing isolation services for data stored on the cloud, and realizes a security mechanism for data isolation in a cloud storage environment based on HDFS (Hadoop Distributed File System). The technical field of the invention relates to mandatory access control, distributed storage. Background technique [0002] As an emerging technology and business application model, cloud computing has gained widespread attention and great promotion in recent years, both in the industry and in academia. Cloud computing presents a bright future for enterprise users. On the one hand, enterprises can entrust the management and maintenance of their IT infrastructure to professional cloud service providers, so as to focus more on the company's own business; on the other hand, it is more important that the services provided by cloud computing are their own. Adaptive, with flexible scalability. Enterprises can lease cloud se...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06H04L29/08G06F21/00G06F21/62
Inventor 沈晴霓杨雅辉禹熹张力哲吴尉泷王丹丹龙敏
Owner PEKING UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap