Data access control system and method for storage system

A data access control and storage system technology, applied in the field of information security, can solve problems such as risk reduction, data encryption and decryption are useless, performance impact, etc., to prevent attacks or bypass problems, avoid risks and vulnerabilities, and prevent illegal access. Effect

Active Publication Date: 2014-07-02
宁波谦川科技有限公司
View PDF6 Cites 19 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

For example, once the ACL control list is tampered with on the application layer or the VLAN-based security configuration rules are set unreasonably, it is easy to cause data security risks.
Especially when the storage system is becoming more and more open, this kind of application layer security problem poses a greater security threat to the storage system, and the existing technology does not specifically consider reducing the risk
Secondly, this type of technology is often used for device-level authentication and control, and it is difficult to implement fine-grained and stricter security control on the data itself. Identity authentication with switch devices, ACL is based on the network layer to control the access IP address to realize the isolation of network traffic, and does not r

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Data access control system and method for storage system
  • Data access control system and method for storage system
  • Data access control system and method for storage system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0057] It should be understood that the specific embodiments described here are only used to explain the present invention, not to limit the present invention.

[0058] The invention mainly implements the data security load at the transmission layer and the protocol layer of the data block of the storage system, and realizes fine-grained access control on the data block level. The invention generates security load information for accessing data blocks according to the security policy, transmits and stores the data security load, analyzes the protocol to obtain the security load, calculates and verifies the legitimacy of the access request according to the security load, and controls whether the access to the data is allowed or denied . The present invention provides a system and method flow for realizing the above functions.

[0059] The system designed by the present invention is a storage system data access control system, the system includes security policy server, applica...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a data access control system and method for a storage system. The data access control system for the storage system comprises four logical functional parts which include a security policy server, an application server and access security agent, a storage security gateway and a storage system. According to the data access control system and method for the storage system, security load information for data block access is generated according to a security policy, the security load of data is transmitted and stored, a protocol is analyzed so that the security load can be obtained, the legality of an access request is calculated and verified according to the security load, and whether data access is allowed or not is controlled. According to the data access control system for the storage system, due to the fact that the security load is added to a data access protocol layer of the storage system, the security load is analyzed through security agent software, data access control is conducted according to the security load, in this way, higher-intensity and higher fine security control over data access can be achieved in the true sense.

Description

technical field [0001] The invention relates to the field of information security in the information technology, in particular to the access control technology for data in the data storage system. Background technique [0002] In the cloud computing environment, the data storage system architecture has undergone great changes, facing more complex application and service scenarios, such as the application of storage virtualization technology and the emergence of cloud storage services, so that user data in the storage system often faces More threats from within the Internet and cloud computing systems. Traditional access control methods for data are mainly implemented at the application layer and service layer, which makes it difficult to resist the security threats brought by this open environment. [0003] The current security methods for data storage systems mainly include access control lists (ACLs), identity authentication, data encryption, and so on. There are some pr...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06H04L29/08
Inventor 郭伟董唯元陈幼雷
Owner 宁波谦川科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap