Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Access control method for distributed storage under cloud environment

A distributed storage and access control technology, which is applied in the field of distributed storage access control, can solve the problem of single access control method, and achieve the effect of cloud data isolation and efficient access control management

Inactive Publication Date: 2017-12-15
SHANDONG UNIV
View PDF4 Cites 24 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, this access control method is single, and it is only for the permission setting of a traditional file and directory; relying solely on this access control cannot well meet the security requirements

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Access control method for distributed storage under cloud environment
  • Access control method for distributed storage under cloud environment
  • Access control method for distributed storage under cloud environment

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0046] Such as Figure 1-3 shown.

[0047] An access control method for distributed storage in a cloud environment, implemented based on the Ranger framework and Kerberos; the Ranger framework includes Ranger Admin components, Ranger plugin components and Ranger Usersync components; Kerberos components include KDC and auxiliary tool ks_tool; specific function implementation steps as follows:

[0048] A. User-based access control

[0049] A1. Deploy Hadoop clusters; Hadoop clusters include at least one Master node and 3 slave nodes; Hadoop clusters realize upload, download and access to HDFS; the implementation of access control based on Ranger adds the first step to the security of cloud storage " Authentication threshold", within the Hadoop cluster, including client and management nodes, management nodes and data nodes, and identity authentication between data nodes, is implemented by Kerberos.

[0050] The implementation of distributed storage access control mainly includ...

Embodiment 2

[0068] The access control method for distributed storage in the cloud environment as described in Embodiment 1, the difference is that the authenticator encrypted using the TGSsession key includes the name / ID and timestamp of the system user; the request for a specific service transmitted in plain text is http service.

Embodiment 3

[0070] As in the access control method for distributed storage in the cloud environment described in Embodiment 1, the difference is that the RangerAdmin component is the core interface of security management, through the centralized management and control platform, the visual operation of the user is realized, and the The visualization operation is applied to HDFS to finally realize access control; the visualization operation includes creating and updating users / groups, defining services and access policies, and viewing access logs;

[0071]The Ranger plugin component is a lightweight java program embedded in the HDFS component to work; the Ranger plugin component is responsible for linking HDFS with the Ranger admin component on the one hand; on the other hand, it loads the access policy defined in the Rangeradmin component Go to the host where HDFS is located, and upload the access log of the system user to the Ranger admin component for auditing;

[0072] The Ranger Usersy...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to an access control method for distributed storage under a cloud environment. The method adopts an HDFS distributed file system of a Hadoop cluster to serve as a basic cloud storage system, and a safe access control function is added on the basis of the basic cloud storage system. An access control technology in the cloud storage system is broken through via Ranger, and a fine-grained access control authorization system based on a role is built, so that the cloud storage system can reliably support operations of effective isolation and integrity protection on different levels or types of information of multiple users, and isolation of cloud data can be achieved. Access control to a specific data node in the cloud storage system is achieved via Kerberos, and an access control problem in the Hadoop cluster, and between a client and a management node, between the management node and the data node and between the data nodes is solved.

Description

technical field [0001] The invention relates to an access control method for distributed storage in a cloud environment, and belongs to the technical field of safe access in a cloud environment. Background technique [0002] Cloud Computing (Cloud Computing) is a mode of adding, using and delivering related services based on the Internet. It is a network computing technology gradually integrated and developed on the basis of parallel processing, distributed computing, grid computing and other technologies. Cloud computing was first formally proposed by Google in 2008. There are various definitions of cloud computing. The National Institute of Standards and Technology (NIST) defines cloud computing as a shared resource pool (such as : A computing mode of network, service, storage, application), which can reduce the user's interaction and management overhead with the service provider when quickly acquiring and releasing resources. In the cloud computing mode, the user termin...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06H04L29/08
CPCH04L63/0428H04L63/062H04L63/0807H04L63/0876H04L63/102H04L63/108H04L67/1097
Inventor 张卫品戴鸿君崔立真
Owner SHANDONG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com