摘要
针对当前分布式存储系统中漏洞后门威胁导致的数据安全问题,通过引入网络空间拟态防御理论及其相关安全机制,从结构角度出发增强系统的安全防护能力。对分布式存储系统面临的主要威胁和攻击途径进行分析,定位其核心薄弱点,结合防护的代价与有效性提出一种可行的系统安全构造方法。以大数据Hadoop分布式文件系统为目标对象,设计面向元数据服务的拟态化架构,利用搭建元数据服务的动态异构冗余结构保护系统核心信息和功能,通过对副本的异构化放置保护用户数据,并在此架构基础上设计基于反馈信息的裁决调度联动机制。测试结果表明,该方法能够有效提升分布式存储系统的安全性。
To address the data security problems caused by vulnerabilities and backdoors in existing distributed storage systems,this paper proposes a feasible security construction method for system by introducing the Cyberspace Mimic Defense(CMD)theory and its related security mechanism.The architecture aims at enhancing the security protection ability of the system.During the design process,the main threats and attack ways to distribute storage systems are analyzed to locate system’s core weakness,and the cost and effectiveness of protection are also considered.Taking the Hadoop Distributed File System(HDFS)for big data as the target object,the mimic architecture for metadata services is designed.This paper builds the Dynamic Heterogeneous Redundancy(DHR)structure of metadata services to protect the core information and functions of the system.Then the heterogeneous placement of copies is implemented to protect user data.On the basis of this architecture,a collaborative arbitration and scheduling mechanism based on feedback information is proposed.Test results show that the proposed method can effectively improve the security of distributed storage system.
作者
郭威
谢光伟
张帆
李敏
GUO Wei;XIE Guangwei;ZHANG Fan;LI Min(Institute of Information Technology,PLA Strategic Support Force Information Engineering University,Zhengzhou 450002,China;Teaching and Research Support Center,PLA Strategic Support Force Information Engineering University,Zhengzhou 450002,China;School of Computer Science,Fudan University,Shanghai 200203,China)
出处
《计算机工程》
CAS
CSCD
北大核心
2020年第6期12-19,共8页
Computer Engineering
基金
国家自然科学基金面上项目“网络空间拟态安全异构冗余机制研究”(61572520)
上海市信息化发展专项资金“拟态大数据一体机研制”(201701046)。
关键词
大数据
数据安全
网络空间拟态防御
分布式存储系统
裁决与调度机制
big data
data security
Cyberspace Mimic Defense(CMD)
distributed storage system
arbitration and scheduling mechanism
