With the development of information technology, people's requirement of computing ability is also increasing, as the storage technology which is inseparable with computing, it is also accompanied with the upgrade of computing model, from the original stand-alone storage, networked storage, distributed storage to the current cloud storage. Cloud storage is a new concept that extends to the concept of cloud computing and is one of the most important components of the system architecture for cloud computing. Similar to cloud computing, cloud storage refers to the management and use of virtualized storage resources by combining many different types of storage devices in the network through virtualization software to work together to provide data storage and business access function through cluster application, grid technology or Distributed File system.
Although many research institutions believe that cloud computing provides a reliable and secure data storage center, security issues remain one of the major problems in cloud storage. From the user's point of view, the data is saved to the cloud storage provider, so the availability and security of data has become a prominent problem of cloud storage system. In the March 2010 Cloud Computing China Summit (the cloud Computing Chinese CONGRESS-CCCC 2010), it is pointed out that as cloud computing technology matures, cloud security issues will become increasingly prominent, cloud computing data security is becoming an important issue of concern.
At present, there are few researches on cloud storage security at home and abroad. Bowers and so on proposed the distributed encryption system, Cachin and so on solves the data integrity and the consistency problem by using the encryption tool, studies the data recoverability mechanism, the typical includes Weatherspoon antiquity and Kotla's Safesrore, Antiquity is the latest improved version of Oceanstore, which is designed for file system and backup application storage service systems. China's Tsinghua University, Hust, National Defense Science and Technology universities and other scientific research institutions are also beginning in the cloud storage technology related areas of basic research work. How to protect the privacy of data publishing and storage services in complex network environment, and realize the security and credibility of cloud storage to user data, is an urgent problem to be solved at present.
1 cloud storage System security threat analysis
1.1 Cloud Storage System Architecture
From the perspective of practical applications and services, cloud storage takes advantage of the network first, and second, it can be allocated on demand, and its virtualization is primarily used for storage and data management. Compared with traditional storage, cloud storage is not only a hardware, but also a complex system composed of network equipment, storage device, server, application software, public access interface, access network and client program. Each part takes the storage device as the core, through the application software to provide the data storage and the business access service externally. The system architecture of the cloud storage System has the following 4 layers, as shown in Figure 1.
Figure 1 Cloud Storage System architecture
(1) The storage layer is the most basic part of cloud storage, which consists of a variety of storage devices and network devices. At the same time, there is a storage management system, responsible for the hardware equipment centralized management, state monitoring and maintenance upgrades.
(2) The basic management layer is the core part of cloud storage and the most complex part. The basic management layer has adopted the cluster management technology and the distributed storage System mature method, while realizing the good scalability, also satisfies the usability and the performance demand, it also is responsible for the data encryption, the backup and disaster-tolerant and so on the task.
(3) Application interface layer is a key part of application development using cloud storage resources. The cloud storage provider provides a unified protocol and programming interface to the customer through the application interface layer for application development. Typically, this protocol is a web-based cross-platform protocol.
(4) The access layer is the gateway to applications developed based on cloud storage. Any authorized user can log on to the cloud storage system through the standard common application interface and share the services provided by the cloud storage.
1.2 Cloud storage System security analysis
Flexibility, easy-to-use services, and easy sharing of infrastructure are the advantages of cloud computing, but data is transmitted and stored across tiers via the Internet, and users cannot directly control risk when accessing sensitive data. It can be said that the characteristics of the cloud storage itself determines that it has some security problems in the existing technology, the specific performance is as follows.
(1) The traditional security domain partition is invalid. Because the services in the cloud storage must be scalable and not transparent to the outside, it is not clear to define security boundaries and protection devices in the cloud storage, adding some difficulty to the implementation of specific protection measures.
(2) cloud storage transmits data through the network, including the network of malicious attacks, such as service interruption, data destruction, information theft and tampering, to achieve data security storage has a certain impact, data security communications, access authentication and confidentiality is also a problem to be solved.
(3) The security protection of data storage includes the storage location, data integrality, scattered storage between data and so on. In addition, even if the data is encrypted, it is only encrypted on the network, and the data needs to be protected when it is processed and stored.
(4) The reliability and usability of the data. Data in the storage system of fault tolerance, recoverability and integrity faced with some problems, how to avoid the disaster (power outages, earthquakes, floods, fires and so on) when the interruption of services and even the data media is directly damaged and so on.
(5) How to achieve logical volume management between data, storage virtualization management and Multilink redundancy management will be a huge problem, but also will be the entire cloud storage architecture performance bottlenecks, but also bring late capacity and performance expansion of a series of problems.
This shows that the security of data throughout the entire cloud architecture at all levels, it is meaningless to discuss the security of cloud storage in a single layer. In general, there are two ways to study this aspect:
① for reference to the C.I.A characteristics of information security (confidentiality, integrity, usability), for a specific application of special implementation ideas (such as enhancing the security of the file server, the client Encrypting File System, the total static encryption of disk tape, client direct access to the disk authentication mechanism, etc.), Porting to the storage system the measures that will be applied to information security, such as encryption technology and integrity technology;
② from the architecture of storage system, we look for safe and efficient network storage and security management mode. In order to solve the problem of data security in cloud storage and application process, this paper designs a distributed fragmented storage management.
123 NextStart building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
