作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2020, Vol. 46 ›› Issue (6): 12-19. doi: 10.19678/j.issn.1000-3428.0056660

• 热点与综述 • 上一篇    下一篇

一种分布式存储系统拟态化架构设计与实现

郭威1a, 谢光伟2, 张帆1a, 李敏1b   

  1. 1. 战略支援部队信息工程大学 a. 信息技术研究所;b. 教研保障中心, 郑州 450002;
    2. 复旦大学 计算机科学技术学院, 上海 200203
  • 收稿日期:2019-11-21 修回日期:2020-01-10 发布日期:2019-12-14
  • 作者简介:郭威(1990-),男,博士,主研方向为信息安全、分布式存储系统、大数据分析与处理;谢光伟,高级工程师、博士;张帆(通信作者),副研究员、博士;李敏,讲师、硕士。
  • 基金资助:
    国家自然科学基金面上项目“网络空间拟态安全异构冗余机制研究”(61572520);上海市信息化发展专项资金“拟态大数据一体机研制”(201701046)。

Design and Implementation of a Mimic Architecture for Distributed Storage System

GUO Wei1a, XIE Guangwei2, ZHANG Fan1a, LI Min1b   

  1. 1a. Institute of Information Technology;1b. Teaching and Research Support Center, PLA Strategic Support Force Information Engineering University, Zhengzhou 450002, China;
    2. School of Computer Science, Fudan University, Shanghai 200203, China
  • Received:2019-11-21 Revised:2020-01-10 Published:2019-12-14

摘要: 针对当前分布式存储系统中漏洞后门威胁导致的数据安全问题,通过引入网络空间拟态防御理论及其相关安全机制,从结构角度出发增强系统的安全防护能力。对分布式存储系统面临的主要威胁和攻击途径进行分析,定位其核心薄弱点,结合防护的代价与有效性提出一种可行的系统安全构造方法。以大数据Hadoop分布式文件系统为目标对象,设计面向元数据服务的拟态化架构,利用搭建元数据服务的动态异构冗余结构保护系统核心信息和功能,通过对副本的异构化放置保护用户数据,并在此架构基础上设计基于反馈信息的裁决调度联动机制。测试结果表明,该方法能够有效提升分布式存储系统的安全性。

关键词: 大数据, 数据安全, 网络空间拟态防御, 分布式存储系统, 裁决与调度机制

Abstract: To address the data security problems caused by vulnerabilities and backdoors in existing distributed storage systems,this paper proposes a feasible security construction method for system by introducing the Cyberspace Mimic Defense(CMD) theory and its related security mechanism.The architecture aims at enhancing the security protection ability of the system.During the design process,the main threats and attack ways to distribute storage systems are analyzed to locate system’s core weakness,and the cost and effectiveness of protection are also considered.Taking the Hadoop Distributed File System(HDFS) for big data as the target object,the mimic architecture for metadata services is designed.This paper builds the Dynamic Heterogeneous Redundancy(DHR) structure of metadata services to protect the core information and functions of the system.Then the heterogeneous placement of copies is implemented to protect user data.On the basis of this architecture,a collaborative arbitration and scheduling mechanism based on feedback information is proposed.Test results show that the proposed method can effectively improve the security of distributed storage system.

Key words: big data, data security, Cyberspace Mimic Defense(CMD), distributed storage system, arbitration and scheduling mechanism

中图分类号: