基于对象存储设备的文件系统及安全机制的研究
摘要
基于对象存储(OBS)系统具有较好的安全性,能实现跨平台的数据共享,并具有高性能和可扩展性。基于对象存储设备(OSD)是OBS系统中智能化的网络存储节点,它能给用户提供一组基于对象的访问接口,并自主化地管理其内存储的对象。
基于对象的文件系统是OSD软件系统的核心,OSDFS是OSD中基于对象的文件系统的一种简单实现,它是在Linux的EXT2文件系统基础上实现的一种逻辑对象文件系统,通过将OSD中的对象映射为底层的EXT2文件来实现对象的存储管理。为了优化OSD中对象的存储,提出了一种用于OSD中的智能化的基于对象的文件系统—SOBFS,它能根据对象的属性使得基于不同应用的对象采用不同的存储管理机制。SOBFS是一个文件系统容器,可以包含多种基于不同应用的文件系统,目前包含了两种文件系统:通用对象文件系统和媒体对象文件系统,分别用于存储普通文档、网页等小对象和大的媒体对象。通过与OSDFS进行理论上的比较,SOBFS显示出了更好的性能。
基于OSD中对象存储的安全性需求,提出了一种用于OSD的安全机制,它采用的基于证书的访问控制机制保证了用户对OSD中对象的合法访问以及客户和OSD之间所交换的命令和数据的完整性,而基于对象的文件系统的安全性又保证了OSD中所存放的数据的保密性,而且系统仍然具有足够的灵活性实现用户之间数据的共享。另外,实验结果表明,安全开销给系统造成的性能损失也是比较小的。
Object-Based Storage (OBS) system is secure and flexable to implement data-sharing between different platforms, also it is of high performance and scalability. Object-based Storage Device (OSD) is intelligent network storage node in object-based storage system, it can provide users with object-based acccess interface, and implement autonomous storage management for objects in it.
Object-based file system is kernel of OSD software system, OSDFS is a simple implemention of it. OSDFS is a logical object file system based on ext2 file system of linux, it is in charge of mapping between objects and ext2 files to implement storage management of objects in OSD.
In order to optimize storage of objects in OSD, a smart object-based file system (SOBFS) is proposed for OSD, it can make objects for different applications adopt different storage management strategy according to their attributes. SOBFS is a file systems container, and it can contain several file systems for different applications. At present, it contains two file systems: general object file system and media object file system, one is for small objects such as general documents, webs and so on, and the other is for large media objects. Compared with OSDFS theoretically, SOBFS reveals better performance.
Considering security of objects in OSD, a security mechanism for OSD is proposed. The access control mechanism based on credential guarantees user’s legal access to objects in OSD and maintains integrity of commands and data between users and OSD. Also, the security of object-based file system assures privacy of data in OSD, and the system is still enough flexible to implement data share between users. In addition, experimental results show that the system does not impose much performance penalty for security overhead
基于对象的文件系统是OSD软件系统的核心,OSDFS是OSD中基于对象的文件系统的一种简单实现,它是在Linux的EXT2文件系统基础上实现的一种逻辑对象文件系统,通过将OSD中的对象映射为底层的EXT2文件来实现对象的存储管理。为了优化OSD中对象的存储,提出了一种用于OSD中的智能化的基于对象的文件系统—SOBFS,它能根据对象的属性使得基于不同应用的对象采用不同的存储管理机制。SOBFS是一个文件系统容器,可以包含多种基于不同应用的文件系统,目前包含了两种文件系统:通用对象文件系统和媒体对象文件系统,分别用于存储普通文档、网页等小对象和大的媒体对象。通过与OSDFS进行理论上的比较,SOBFS显示出了更好的性能。
基于OSD中对象存储的安全性需求,提出了一种用于OSD的安全机制,它采用的基于证书的访问控制机制保证了用户对OSD中对象的合法访问以及客户和OSD之间所交换的命令和数据的完整性,而基于对象的文件系统的安全性又保证了OSD中所存放的数据的保密性,而且系统仍然具有足够的灵活性实现用户之间数据的共享。另外,实验结果表明,安全开销给系统造成的性能损失也是比较小的。
Object-Based Storage (OBS) system is secure and flexable to implement data-sharing between different platforms, also it is of high performance and scalability. Object-based Storage Device (OSD) is intelligent network storage node in object-based storage system, it can provide users with object-based acccess interface, and implement autonomous storage management for objects in it.
Object-based file system is kernel of OSD software system, OSDFS is a simple implemention of it. OSDFS is a logical object file system based on ext2 file system of linux, it is in charge of mapping between objects and ext2 files to implement storage management of objects in OSD.
In order to optimize storage of objects in OSD, a smart object-based file system (SOBFS) is proposed for OSD, it can make objects for different applications adopt different storage management strategy according to their attributes. SOBFS is a file systems container, and it can contain several file systems for different applications. At present, it contains two file systems: general object file system and media object file system, one is for small objects such as general documents, webs and so on, and the other is for large media objects. Compared with OSDFS theoretically, SOBFS reveals better performance.
Considering security of objects in OSD, a security mechanism for OSD is proposed. The access control mechanism based on credential guarantees user’s legal access to objects in OSD and maintains integrity of commands and data between users and OSD. Also, the security of object-based file system assures privacy of data in OSD, and the system is still enough flexible to implement data share between users. In addition, experimental results show that the system does not impose much performance penalty for security overhead
引文
[1] 张江陵, 冯丹. 海量信息存储. 北京: 科学出版社, 2003. 95~122
[2] Gobson G A, Meter R V. Network attached storage architecture. Communications of the ACM, 2000, 43(11): 37~45
[3] Mike Mesnier, Cregory R Ganger, Erik Riedel. Object-Based Storage. IEEE Communications Magazine, 2003,41(8): 84~90
[4] Mesnier M, Ganger G, Riedel E.Object-based storage: push more functionality into storage.Potentials IEEE, 2005,24(2):31~34
[5] Saker K. An Analysis of Object Storage Architecture. IEEE Computer, 2003, 25(3):23~36
[6] Hospodor Andy D, Miller Ethan L. Interconnection Architectures for Petabyte-Scale High-Performance Storage Systems. In: MSST 2004. Proceedings of the 21st IEEE/12th NASA Goddard Conferrence on Mass Storage Systems and Technologies. New York, NY, USA :IEEE Computer Association, 2004. 273~281
[7] Nagle Dacid F, Ganger Gregory R, Butler Jeff, et al. Network Support for Network-Attached Storage. In: ACM SIGPLAN. Proceedings of the 1999 Hot Interconnects Symposium. New York, NY, USA :ACM Press,1999. 245~253
[8] 谢军, 焦振强, 唐瑞春等. VIA 及其设计与实现. 计算机工程, 2002, 28(10): 233~235, 263
[9] Howard Gobioff, Garth Gibson, Doug Tygar. Security for Network Attached Storage Devices. IEEE Computer, 1997,2(13):33~37
[10] Zeng Ling-Fang, Feng Dan, Qin Ling-Jun. SOSS: smart object-based storage System. In: ICMLC 2004. Proceedings of 2004 International Conference on Machine Learning and Cybernetics. New York, NY,USA: Institute of Electrical and Electronics Engineers Inc,2004. 3263~3266
[11] Gibson Garth A, Nagle David F, Khalil Amiri, et al. A case for Network Attached Secure Disks. Communications of the ACM,1996,4(25):14~21
[12] Gibson G, Nagle D, Amiri K, et al. A Cost-Effective, High-Bandwith Storage Architecture. In: ASPLOS 1998. Proceedings of 8th International Conference on Architecture Support for Programming Languages and Operating Systems. NewYork, NY, USA: Assocation for Computing Machinery,1998. 92~103
[13] Information technology-SCSI Object-Based Storage Devices Commands(OSD). http://www.t10.org/ftp/t10/drafts/osd/osd-r10.pdf
[14] Gibson Garth A, Nagle David F, Khalil Amiri, et al. File systems for Network-Attached storage secure Disks. ACM Transactions, 1997,5(13):25~33
[15] Wang Feng, Brandt Scott A, Miller Ethan L, et, al. OBFS: A file system for object-based storage devices. In: MSST 2004. Proceedings of the 21st IEEE/12th NASA Goddard Conference on Mass Storage Systems and Technologies. College Park, MD: IEEE Computer Association, 2004. 324~331.
[16] Brandt Scott A, Miller Etnan L, Darrell D E Long, et, al. Efficient metadata management in large distributed file systems. In: MSST 2003. Proceedings of the 20th IEEE/11th NASA Goddard Conferrence on Mass Storage Systems and Technogies. New York,NY,USA: IEEE Computer Association, 2003. 115~126
[17] The lustre Storage Architecture. http://www.lustre.org/documentation.html.
[18] Tang Hong, Aziz Gulbeden, Zhou Jingyu, et al. The Panasas ActiveScale Storage Cluster-Delivering Scalble High Bandwith Storage. In: Supercomputing 2004. Proceedings of the 2004 ACM/IEEE conference. New York,NY,USA: ACM Press, 2004. 53~63
[19] Ohad Rodeh, Uri Schonfeld, Avi Teperman. zFS -A Scalable Distributed File System using object disks. In: MSST 2003.Proceedings of 20th IEEE/11th NASA Goddard Conference on Mass Storage Systems and Technologies. San Diego, CA, United States: Institute of Electrical and Electronics Engineers Inc, 2003. 207~218
[20] Zeng Lingjiang, Feng Dan, Wang Fang, Zhou Ke. A Strategy of Load Balance in Object Storage System. In: Computer and Information Technology. Proceedings of the Fifth International Conference. New York, NY, USA: ACM Press, 2005. 310~314
[21] Jie Wei, Cai Wentong, Turner, S J. Dynamic load-balancing using prediction in a parallel object-oriented system. In: Parallel and Distributed Processing. Proceedings of the 15th International Sysposium. Piscataway, NJ, USA: Institute of Electrical and Electronics Engineers Computer Society, 2001. 234~242
[22] Zeng Ling-Fang, Feng Dan, Wang Fang, Zhou Ke. Object replication and migration policy based on OSS. In: Machine learning and Cybernetics. Proceedings of 2005 Internationl conference. Los Alamitos, CA, United States: IEEE Computer Society,2005. 45~49
[23] Kevin KleinOsowski, Tom Ruwart, Lilja David J. Communicating Quality of Service Requirements to an Object-Based Storage Devices. In: MSST 2005. Proceedings of the 22nd IEEE/13th NASA Goddard Conference on Mass Storage Systems and Technologies. New York, NY, USA: IEEE Computer Society, 2005. 224~231
[24] Lu Yingping, David H C Du, Tom Ruwart. QoS Provisioning Framework for an OSD-based Storage System. In: MSST 2005. Proceedings of the 22nd IEEE/13th NASA Goddard Conference on Mass Storage Systems and Technologies. New York, NY, USA: IEEE Computer Society, 2005. 28~35
[25] Tanenbaum Andrew S, Woodhull Albert S. 操作系统设计与实现(第二版). 王鹏, 尤晋元, 朱鹏等译. 北京: 电子工业出版社, 1998. 291~314
[26] 毛德操, 胡希明. Linux 内核源代码情景分析(上册). 杭州: 浙江大学出版社, 2001. 415~431
[27] Moshe Bar. Linux 文件系统. 天宏工作室译. 北京: 清华大学出版社, 2003.2~12
[28] Rusling David A. Linux 编程白皮书. 朱柯译. 北京: 机械工业出版社, 2004. 78~91
[29] 徐玉东. Linux 操作系统结构分析. 西安: 西安电子科技大学出版社, 2002. 323~404
[30] 李善平, 陈文智. 边干边学-Linux 内核指导. 杭州: 浙江大学出版社, 2002. 32~45
[31] 顾喜梅, 顾宝根. 基于 Linux 的文件系统机制的研究和实现方法. 计算机工程与设计, 2002, 23(7): 20~25
[32] 卢萍, 鲁春怀. 一种用于 OSD 中的智能化的对象文件系统-SOBFS. 小型微型计算机系统, 已录用
[33] 王光彩, 黄清华, 顾君忠. 基于 Linux 的文件系统对连续媒体的支持. 计算机工程, 2001, 3(27): 58~77
[34] 杨道良, 任海霞. Linux 下连续媒体文件系统研究. 计算机工程与应用, 2000, 25(4): 5~15
[35] Anderson David P, Ramesh Govindan. A File System for Continuous Media. ACM Transactions on Computer Systems, 1992,4(4):311~337
[36] Cuneyt Akinlar, Sarit Mukherjee. A Scalable Bandwith Guaranteed Distributed Continus Media File System Using Network Attached Autonomous Disks. IEEE Transactions on Multimedia, 2003,5(1): 71~96
[37] Wonjun Lee, Jaideep Srivastava. Experiences with Evaluating System QoS and channel Performance on Media-On-Demand Systems. In: Distributed Computing Systems Workshops. Proceedings of the 22nd International Conference. New York, NY, USA: IEEE Computer Society, 2002. 196~201
[38] Ethan Miller, Darrell Long, William Freeman, et al. Strong Security for Distributed File Systems. In: Performance, Computing and Communications. Proceedings of 2001 IEEE International Conferrence. New York, NY, USA: IEEE Computer Society, 2001. 34~40
[39] Zhu Yingwu, Hu Yiming. SNARE: A Strong Security Scheme for Network-Attached Storage. In: Reliable Distributed Systems. Proceedings of the 22nd International Sysposium. Piscataway, NJ, United States: Institute of Electrical and Electronics Engineers Computer Society, 2003. 250~259
[40] 周功业, 鲁春怀, 卢萍等. 基于对象存储系统中安全机制的研究. 小型微型计算机系统, 已录用
[41] Reed Benjamin C, Smith Mark A, Diklic Dejan. Security Considerations When Designing a Distributed File Sytem Using Object Storage Devices. In: Security in Storage Workshop. Proceedings of the First IEEE International conference. New York, NY, USA: ACM Press, 2002. 24~34
[42] Huang Jianzhong, Xie Changsheng, Cai Bin. Reasearch and Implement of an Encrypted File System Used to NAS. In: Security in Storage Workshop. Proceedings of the Second IEEE International conference. New York, NY, USA: IEEE Computer Society, 2003. 73~78
[2] Gobson G A, Meter R V. Network attached storage architecture. Communications of the ACM, 2000, 43(11): 37~45
[3] Mike Mesnier, Cregory R Ganger, Erik Riedel. Object-Based Storage. IEEE Communications Magazine, 2003,41(8): 84~90
[4] Mesnier M, Ganger G, Riedel E.Object-based storage: push more functionality into storage.Potentials IEEE, 2005,24(2):31~34
[5] Saker K. An Analysis of Object Storage Architecture. IEEE Computer, 2003, 25(3):23~36
[6] Hospodor Andy D, Miller Ethan L. Interconnection Architectures for Petabyte-Scale High-Performance Storage Systems. In: MSST 2004. Proceedings of the 21st IEEE/12th NASA Goddard Conferrence on Mass Storage Systems and Technologies. New York, NY, USA :IEEE Computer Association, 2004. 273~281
[7] Nagle Dacid F, Ganger Gregory R, Butler Jeff, et al. Network Support for Network-Attached Storage. In: ACM SIGPLAN. Proceedings of the 1999 Hot Interconnects Symposium. New York, NY, USA :ACM Press,1999. 245~253
[8] 谢军, 焦振强, 唐瑞春等. VIA 及其设计与实现. 计算机工程, 2002, 28(10): 233~235, 263
[9] Howard Gobioff, Garth Gibson, Doug Tygar. Security for Network Attached Storage Devices. IEEE Computer, 1997,2(13):33~37
[10] Zeng Ling-Fang, Feng Dan, Qin Ling-Jun. SOSS: smart object-based storage System. In: ICMLC 2004. Proceedings of 2004 International Conference on Machine Learning and Cybernetics. New York, NY,USA: Institute of Electrical and Electronics Engineers Inc,2004. 3263~3266
[11] Gibson Garth A, Nagle David F, Khalil Amiri, et al. A case for Network Attached Secure Disks. Communications of the ACM,1996,4(25):14~21
[12] Gibson G, Nagle D, Amiri K, et al. A Cost-Effective, High-Bandwith Storage Architecture. In: ASPLOS 1998. Proceedings of 8th International Conference on Architecture Support for Programming Languages and Operating Systems. NewYork, NY, USA: Assocation for Computing Machinery,1998. 92~103
[13] Information technology-SCSI Object-Based Storage Devices Commands(OSD). http://www.t10.org/ftp/t10/drafts/osd/osd-r10.pdf
[14] Gibson Garth A, Nagle David F, Khalil Amiri, et al. File systems for Network-Attached storage secure Disks. ACM Transactions, 1997,5(13):25~33
[15] Wang Feng, Brandt Scott A, Miller Ethan L, et, al. OBFS: A file system for object-based storage devices. In: MSST 2004. Proceedings of the 21st IEEE/12th NASA Goddard Conference on Mass Storage Systems and Technologies. College Park, MD: IEEE Computer Association, 2004. 324~331.
[16] Brandt Scott A, Miller Etnan L, Darrell D E Long, et, al. Efficient metadata management in large distributed file systems. In: MSST 2003. Proceedings of the 20th IEEE/11th NASA Goddard Conferrence on Mass Storage Systems and Technogies. New York,NY,USA: IEEE Computer Association, 2003. 115~126
[17] The lustre Storage Architecture. http://www.lustre.org/documentation.html.
[18] Tang Hong, Aziz Gulbeden, Zhou Jingyu, et al. The Panasas ActiveScale Storage Cluster-Delivering Scalble High Bandwith Storage. In: Supercomputing 2004. Proceedings of the 2004 ACM/IEEE conference. New York,NY,USA: ACM Press, 2004. 53~63
[19] Ohad Rodeh, Uri Schonfeld, Avi Teperman. zFS -A Scalable Distributed File System using object disks. In: MSST 2003.Proceedings of 20th IEEE/11th NASA Goddard Conference on Mass Storage Systems and Technologies. San Diego, CA, United States: Institute of Electrical and Electronics Engineers Inc, 2003. 207~218
[20] Zeng Lingjiang, Feng Dan, Wang Fang, Zhou Ke. A Strategy of Load Balance in Object Storage System. In: Computer and Information Technology. Proceedings of the Fifth International Conference. New York, NY, USA: ACM Press, 2005. 310~314
[21] Jie Wei, Cai Wentong, Turner, S J. Dynamic load-balancing using prediction in a parallel object-oriented system. In: Parallel and Distributed Processing. Proceedings of the 15th International Sysposium. Piscataway, NJ, USA: Institute of Electrical and Electronics Engineers Computer Society, 2001. 234~242
[22] Zeng Ling-Fang, Feng Dan, Wang Fang, Zhou Ke. Object replication and migration policy based on OSS. In: Machine learning and Cybernetics. Proceedings of 2005 Internationl conference. Los Alamitos, CA, United States: IEEE Computer Society,2005. 45~49
[23] Kevin KleinOsowski, Tom Ruwart, Lilja David J. Communicating Quality of Service Requirements to an Object-Based Storage Devices. In: MSST 2005. Proceedings of the 22nd IEEE/13th NASA Goddard Conference on Mass Storage Systems and Technologies. New York, NY, USA: IEEE Computer Society, 2005. 224~231
[24] Lu Yingping, David H C Du, Tom Ruwart. QoS Provisioning Framework for an OSD-based Storage System. In: MSST 2005. Proceedings of the 22nd IEEE/13th NASA Goddard Conference on Mass Storage Systems and Technologies. New York, NY, USA: IEEE Computer Society, 2005. 28~35
[25] Tanenbaum Andrew S, Woodhull Albert S. 操作系统设计与实现(第二版). 王鹏, 尤晋元, 朱鹏等译. 北京: 电子工业出版社, 1998. 291~314
[26] 毛德操, 胡希明. Linux 内核源代码情景分析(上册). 杭州: 浙江大学出版社, 2001. 415~431
[27] Moshe Bar. Linux 文件系统. 天宏工作室译. 北京: 清华大学出版社, 2003.2~12
[28] Rusling David A. Linux 编程白皮书. 朱柯译. 北京: 机械工业出版社, 2004. 78~91
[29] 徐玉东. Linux 操作系统结构分析. 西安: 西安电子科技大学出版社, 2002. 323~404
[30] 李善平, 陈文智. 边干边学-Linux 内核指导. 杭州: 浙江大学出版社, 2002. 32~45
[31] 顾喜梅, 顾宝根. 基于 Linux 的文件系统机制的研究和实现方法. 计算机工程与设计, 2002, 23(7): 20~25
[32] 卢萍, 鲁春怀. 一种用于 OSD 中的智能化的对象文件系统-SOBFS. 小型微型计算机系统, 已录用
[33] 王光彩, 黄清华, 顾君忠. 基于 Linux 的文件系统对连续媒体的支持. 计算机工程, 2001, 3(27): 58~77
[34] 杨道良, 任海霞. Linux 下连续媒体文件系统研究. 计算机工程与应用, 2000, 25(4): 5~15
[35] Anderson David P, Ramesh Govindan. A File System for Continuous Media. ACM Transactions on Computer Systems, 1992,4(4):311~337
[36] Cuneyt Akinlar, Sarit Mukherjee. A Scalable Bandwith Guaranteed Distributed Continus Media File System Using Network Attached Autonomous Disks. IEEE Transactions on Multimedia, 2003,5(1): 71~96
[37] Wonjun Lee, Jaideep Srivastava. Experiences with Evaluating System QoS and channel Performance on Media-On-Demand Systems. In: Distributed Computing Systems Workshops. Proceedings of the 22nd International Conference. New York, NY, USA: IEEE Computer Society, 2002. 196~201
[38] Ethan Miller, Darrell Long, William Freeman, et al. Strong Security for Distributed File Systems. In: Performance, Computing and Communications. Proceedings of 2001 IEEE International Conferrence. New York, NY, USA: IEEE Computer Society, 2001. 34~40
[39] Zhu Yingwu, Hu Yiming. SNARE: A Strong Security Scheme for Network-Attached Storage. In: Reliable Distributed Systems. Proceedings of the 22nd International Sysposium. Piscataway, NJ, United States: Institute of Electrical and Electronics Engineers Computer Society, 2003. 250~259
[40] 周功业, 鲁春怀, 卢萍等. 基于对象存储系统中安全机制的研究. 小型微型计算机系统, 已录用
[41] Reed Benjamin C, Smith Mark A, Diklic Dejan. Security Considerations When Designing a Distributed File Sytem Using Object Storage Devices. In: Security in Storage Workshop. Proceedings of the First IEEE International conference. New York, NY, USA: ACM Press, 2002. 24~34
[42] Huang Jianzhong, Xie Changsheng, Cai Bin. Reasearch and Implement of an Encrypted File System Used to NAS. In: Security in Storage Workshop. Proceedings of the Second IEEE International conference. New York, NY, USA: IEEE Computer Society, 2003. 73~78