Towards a fast and secure design for enterprise-oriented cloud storage systems
Fang Dong
School of Computer Science and Engineering, Southeast University, Nanjing, China
Search for more papers by this authorPengcheng Zhou
School of Computer Science and Engineering, Southeast University, Nanjing, China
Search for more papers by this authorZijian Liu
School of Computer Science and Engineering, Southeast University, Nanjing, China
Search for more papers by this authorCorresponding Author
Dian Shen
School of Computer Science and Engineering, Southeast University, Nanjing, China
Correspondence
Dian Shen, School of Computer Science and Engineering, Southeast University, Nanjing, China.
Email: [email protected]
Search for more papers by this authorZhuqing Xu
School of Computer Science and Engineering, Southeast University, Nanjing, China
Search for more papers by this authorJunzhou Luo
School of Computer Science and Engineering, Southeast University, Nanjing, China
Search for more papers by this authorFang Dong
School of Computer Science and Engineering, Southeast University, Nanjing, China
Search for more papers by this authorPengcheng Zhou
School of Computer Science and Engineering, Southeast University, Nanjing, China
Search for more papers by this authorZijian Liu
School of Computer Science and Engineering, Southeast University, Nanjing, China
Search for more papers by this authorCorresponding Author
Dian Shen
School of Computer Science and Engineering, Southeast University, Nanjing, China
Correspondence
Dian Shen, School of Computer Science and Engineering, Southeast University, Nanjing, China.
Email: [email protected]
Search for more papers by this authorZhuqing Xu
School of Computer Science and Engineering, Southeast University, Nanjing, China
Search for more papers by this authorJunzhou Luo
School of Computer Science and Engineering, Southeast University, Nanjing, China
Search for more papers by this authorSummary
With the rapid development of information technology, enormous volumes of data are being generated by enterprises at all times. The management and storage of these large-scale data have always been challenging enterprises. As these data are usually shared among users in a collaborative manner, secure data access and access performance are 2 key concerns for data storage of enterprises. However, current solutions fail to meet the requirements of enterprises since they suffer from the following drawbacks: (1) they do not support fine-grained access control and cannot meet the strict secure data access requirements of enterprises, and (2) they suffer from the unpredictable access latency. Thus in this paper, we propose Frostor, an enterprise-oriented cloud storage system, which addresses the secure data access issue through a user account and IP-based fine-grained access control mechanism, and guarantees the access performance via a two-level performance optimization mechanism. We further implement Frostor and deploy it on the testbed environment in a real data center. Extensive evaluations have shown that Frostor implements fine-grained access control, while achieving a significant reduction (≥60%) on access latency.
REFERENCES
- 1Tian WD, Zhao YD. Optimized Cloud Resource Management and Scheduling: Theories and Practices. Morgan Kaufmann; 2014.
- 2Wu J, Ping L, Ge X, Wang Y, Fu J. Cloud storage as the infrastructure of cloud computing. In: Intelligent Computing and Cognitive Informatics (ICICCI), 2010 International Conference on, Kuala Lumpur, Malaysia: IEEE; 2010: 380-383.
- 3Cachin C, Keidar I, Shraer A. Trusting the cloud. Acm Sigact News. 2009; 40(2): 81-86.
10.1145/1556154.1556173 Google Scholar
- 4Weil SA, Brandt SA, Miller EL, Long DDE, Maltzahn Ca. Ceph: A scalable, high-performance distributed file system. In: Proceedings of the 7th Symposium on Operating Systems Design and Implementation USENIX Association, Seattle, Washington, USA; 2006: 307-320.
- 5Ghemawat S, Gobioff H, Leung S-T. The google file system. In: ACM SIGOPS Operating Systems Review, Vol. 37, no. 5 ACM; 2003: 29-43.
- 6Braam PJ, et al. The lustre storage architecture; 2004.
- 7Davies A, Orsaria A. Scale out with glusterfs. Linux J. 2013; 2013(235): 72-82.
- 8Wang C, Wang Q, Ren K, et al. Privacy-preserving public auditing for data storage security in cloud computing. In: INFOCOM, 2010 Proceedings IEEE, San Diego, CA; 2010: 1-9.
- 9Yang K, Jia X. Dac-macs: Effective data access control for multi-authority cloud storage systems. Security for Cloud Storage Systems. New York, USA: Springer; 2014: 59-83.
10.1007/978-1-4614-7873-7_4 Google Scholar
- 10Wang J, Varman P, Xie C. Avoiding performance fluctuation in cloud storage. In: High Performance Computing (Hipc), 2010 International Conference on IEEE. Goa, India; 2010: 1-9.
- 11Biardzki C, Ludwig T. Analyzing metadata performance in distributed file systems. International Conference on Parallel Computing Technologies. Novosibirsk, Russia; 2009: 8-18.
10.1007/978-3-642-03275-2_2 Google Scholar
- 12Brandt SA, Miller EL, Long DDE, Xue L. Efficient metadata management in large distributed storage systems. In: Mass Storage Systems and Technologies, 2003.(MSST 2003). Proceedings. 20th IEEE/11TH NASA Goddard Conference on IEEE, San Diego, CA, USA; 2003: 290-298.
- 13Ross RB, Thakur R, et al. Pvfs: A parallel file system for linux clusters. In: Proceedings of the 4th Annual Linux Showcase and Conference, Atlanta, Georgia, USA; 2000: 391-430.
- 14Tao X, Alei L. Small file access optimization based on glusterfs. In: Cloud Computing and Internet of Things (CCIOT), 2014 International Conference on IEEE, Changchun, China; 2014: 101-104.
- 15Noronha R, Panda DK. Imca: a high performance caching front-end for glusterfs on infiniband. In: Parallel Processing, 2008. ICPP'08. 37th International Conference on IEEE, Portland, OR, USA; 2008: 462-469.
- 16Liu Z, Dong F, Zhang J, Zhou P, Xu Z, Luo J. A client-side directory prefetching mechanism for glusterfs. In: Systems, Man, and Cybernetics (SMC), 2016 IEEE International Conference on IEEE, Budapest, Hungary; 2016: 003942-003947.
- 17Shvachko K, Kuang H, Radia S, Chansler R. The hadoop distributed file system. In: Mass Storage Systems and Technologies (MSST), 2010 IEEE 26th Symposium on IEEE, Incline Village, NV, USA; 2010: 1-10.
- 18 HDFS Architecture Guide. 2017. https://hadoop.apache.org/docs/r1.2.1/hdfs_design.html, Accessed May 16, 2017.
- 19Qiao X. The distributed file system about moose fs and application. Inspur. 2009; 5: 9-10.
- 20 Wikipedia. Filesystem in userspace. 2017. https://en.wikipedia.org/wiki/Filesystem_in_Userspace Accessed 2 January 2017.
- 21Shipman G, Dillow D, Oral S, Wang F. The spider center wide file system: From concept to reality. In: Proceedings, Cray User Group (CUG) Conference, Atlanta, GA, USA; 2009: 1-9.
- 22Yamakami T. An exploratory analysis on user behavior regularity in the mobile internet. International Conference on Knowledge-Based and Intelligent Information and Engineering Systems. Bournemouth, UK; 2006: 143-149.
10.1007/11893011_18 Google Scholar
- 23Bžoch P, Šafařínk J. Simulation of client-side caching policies for distributed file systems. In: EUROCON, 2013 IEEE. Zagreb, Croatia; 2013: 679-686.
- 24Sahni S. Approximate algorithms for the 0/1 knapsack problem. J ACM (JACM). 1975; 22(1): 115-124.
- 25Wang C, Chow SSM, Wang Q, Ren K, Lou W. Privacy-preserving public auditing for secure cloud storage. IEEE Trans Comput. 2013; 62(2): 362-375.
- 26Popa RA, Lorch JR, Molnar D, Wang HJ, Zhuang L. Enabling security in cloud storage slas with cloudproof. In: USENIX Annual Technical Conference, Vol. 242. Portland, OR, USA; 2011: 355-368.
- 27Khedkar SV, Gawande AD. Data partitioning technique to improve cloud data storage security. Int J Comput Sci Inform Tech. 2014; 5(3): 3347-50.
- 28Zhou L, Varadharajan V, Hitchens M. Achieving secure role-based access control on encrypted data in cloud storage. IEEE Trans Inf Forensic Secur. 2013; 8(12): 1947-1960.
- 29Ruj S, Stojmenovic M, Nayak A. Decentralized access control with anonymous authentication of data stored in clouds. IEEE Trans Parallel Distrib Syst. 2014; 25(2): 384-394.
- 30Chu CK, Chow SSM, Tzeng W-G, Zhou J, Deng RH. Key-aggregate cryptosystem for scalable data sharing in cloud storage. IEEE Trans Parallel Distrib Syst. 2014; 25(2): 468-477.
- 31Weiping W, Junfeng Z, Jianxin W. Data integrity check based on null space for network coding based cloud storage. J Tsinghua Univ (Sci Tech). 2016; 56(1): 83-88.
- 32Dong X, Li R, He H, Zhou W, Xue Z, Wu H. Secure sensitive data sharing on a big data platform. Tsinghua Sci Tech. 2015; 20(1): 72-80.
- 33Stefanov E, Shi E. Oblivistore: High performance oblivious cloud storage. In: Security and Privacy (SP), 2013 IEEE Symposium on IEEE, Berkeley, CA, USA; 2013: 253-267.
- 34Wu T-Y, Lee W-T, Lin CF. Cloud storage performance enhancement by real-time feedback control and de-duplication. In: Wireless Telecommunications Symposium (WTS), 2012 IEEE, London, UK; 2012: 1-5.
- 35Shue D, Freedman MJ, Shaikh A. Performance isolation and fairness for multi-tenant cloud storage. In: OSDI, Vol. 12. Hollywood, CA, USA; 2012: 349-362.
