摘要
文章在对NFS协议进行分析的基础上,针对于Linux用户设计并实现了基于NFS协议的存储加密代理——NFSA,以实现企业文件数据在网络存储设备上的加密存储。NFSA完成对于Linux用户数据文件的安全共享与存储,并提供多种访问控制规则相结合的访问控制机制、权限分离的安全审计机制,保证文件数据在网络存储设备上的安全。最后通过实验测试NFSA的基本功能,保证了NFSA自身功能的可用。
Based on analyzing the NFS (Network File System) protocol, we design and implement a NFS- based storage encryption agent (NFSA) for Linux users in this paper, in order to realize the fact that all file data stored in network storage devices is in the form of ciphertext. NFSA is used to achieve the target of security sharing and storage and there are access control mechanism, which is composed of several different access control rules, and security audit mechanism in NFSA, which adopts privilege separation method, in order to ensure security of file data stored in network storage devices. Finally, NFSA is proved to be effective and efficient by experiments.
出处
《信息网络安全》
2011年第9期194-196,214,共4页
Netinfo Security
基金
国家科技支撑计划(2008BAH32B00/2008BAH32B04/2009BAH43B03)
