A protection method and system for HDFS access mode

Abstract

The invention relates to a protection method and system for HDFS access mode. This method decomposes the read and write operations on the data nodes of the HDFS cluster into two atomic operations that read first and then write to hide the operation type of the file; add obfuscated data blocks to the file before writing the file to the data node to hide the file The number of blocks; after each file is read, delete the file from the data node, and randomly select a file in the client's file buffer to write back to the data node to hide the location of the data node where the file is stored; through file storage Constant changes in location, frequency and order of access to hidden files. The invention provides the design and implementation of the HDFS access mode protection scheme based on the ORAM technology, which fills the blank of the HDFS access mode protection and enhances the security of the HDFS while bringing performance overhead within an acceptable range.

Description

technical field [0001] The invention relates to data protection of Hadoop distributed file system (HDFS), in particular to a protection method and system for HDFS access mode. Background technique [0002] HDFS (Hadoop Distributed File System) is the core distributed file system of Hadoop. HDFS is often used to store large files, similar to traditional distributed systems. When the size of a data set exceeds the storage limit of a computer, the data set is divided and stored on a large number of cheap servers. HDFS is currently widely used in industry and academia. In recent years, people have higher and higher requirements for data privacy protection, which undoubtedly brings greater challenges to the data privacy protection capabilities of HDFS. For the current version of the HDFS system, the system design focuses on data availability and data integrity in terms of data security, and there are relatively few strategies for protecting data confidentiality. For example, a...

AI Technical Summary

Problems solved by technology

ORAM can hide the data access mode and confuse each access, so that the attacker cannot distinguish whether the access is real or fake, so the attacker will not be able to obtain privacy information such as user data storage location, access frequency, and access sequence. It is also impossible to further infer information such as the content and importance of user data

[0004] The shortcomings and limitations of existing methods are: HDFS, as a distributed storage system widely used in industry and academia, cannot resist all types of attacks only by data encryption, and attackers can still infer privacy through user access patterns. Information, there is no relevant research to realize the protection scheme for HDFS user access mode, which undoubtedly creates a huge security risk for many companies and individual users who use HDFS for distributed storage

The number of nodes in the cluster may be large in magnitude. If an attacker cannot grasp the user's access frequency, he needs to attack tens of thousands of nodes. This is obviously unrealistic, so the leakage of access frequency greatly reduces the attack cost

Images