对象存储安全关键技术研究
|
摘要
近年来,计算机技术的发展趋势呈现明显的网络化、集群化方向。传统的由主机管理控制存储的系统无法应对网络集群系统大规模的数据访问和存储需求,成为网络集群系统的I/O瓶颈。跟随网络化的集群计算发展方向,存储架构也逐渐向网络化存储方向发展。网络存储技术的发展,使得存储不再是单纯的本地行为,它和网络密切地结合起来,成为了网络的一部分。由于网络系统的开放性,以及现有网络协议和软件系统的安全缺陷,网络系统都不可避免地存在一定的安全风险。而网络存储系统作为网络中的一员,也同样暴露于入侵者的行为之下。入侵者可以像入侵主机一样入侵数据存储设备,获得机密数据,对相关数据所有者产生难以估量的影响。与研究较为成熟的以主机和网络为重点的网络安全研究相比,以存储为重点的网络存储安全研究尚处在起步阶段。目前网络存储安全的研究成果主要来自美国等发达国家的研究机构和大企业,国内尚处于研究初期,没有自己的关键技术,因此,研究和开发具有自主知识产权的网络存储安全技术和产品,对我国的信息安全基础设施建设,具有重要的战略意义。
本文针对基于对象的存储安全问题进行了深入的研究,在解决对象存储主动防护、对象存储访问安全、数据加密机制等方面获得了一些研究成果。本论文的主要研究工作及成果如下:
一、研究了对象存储的主动防护机制。为了防止因主机系统被攻击,导致存储对象被窃取或破坏,本文提出了一种对象存储的主动防护方案。由于许多入侵行为会导致对存储的读写访问,如果存储系统中包含入侵检测功能,就可以发现这些入侵行为。在对象存储的环境下,入侵检测更可以在智能存储设备的支持下,根据需要直接抓取到数据和属性进行分析。本方案充分利用对象存储的特点和现有入侵检测技术,将入侵检测模块嵌入对象存储系统中,对应用程序操作访问存储设备的行为进行监控,保护对象存储系统免受入侵,从而提高对象存储系统的安全性。其中,入侵检测模块采用改进的无监督聚类支持向量机入侵检测算法,具有较高的检测准确率和检测效率,并能有效检测未知入侵行为;同时采用双层分布式检测结构和基于乘性递增线性递减的告警融合算法,降低了误警率。该方案实现简单,对系统性能影响较小,实用性较强。
二、研究了对象存储的访问安全机制。本文根据对象存储系统的特点,提出了一套新的基于椭圆曲线密码体制的双向认证密钥协商的对象存储访问安全机制。针对对象存储系统不同设备间的不同关系,设计了不同的认证协议。这些协议不需要基于安全通道,可保证密钥交换的安全性,而且可实现对双方身份的认证。经安全性分析,整套协议的各子协议具有抵抗抵抗中间人攻击等各类网络攻击的能力。同时,主要密钥均为随机生成,短暂有效,不需要专门保存和管理,因此,相比现有的对象存储访问安全机制,既提高了存储访问的安全性,也减轻了密钥管理难度,降低了数据通道对安全性的要求,协议的性能开销较小。
三、研究了对象存储的数据加密机制。访问控制、入侵检测机制主要用来防范从网络过来的攻击,而无法防范内部数据窃取或因存储设备被窃取带来的数据泄漏。为了更好地保护数据安全,对存储设备中的数据加密就成为一项必不可少的安全措施。传统共享加密文件系统由于对全部文件数据加密,且共享密钥暴露给多个共享用户,造成了加解密开销大、回收用户开销大等问题,一方面给系统性能带来损失,另一方面也给合法用户访问数据造成很大的不便。本文提出的新方案采用非连续加密方法,仅对文件敏感内容加密,降低了加解密开销;同时通过文件组所有者维护用户证书的有效性来实现用户回收,避免了回收用户带来的数据重加密和共享密钥重发布等大量开销,实现了规模用户的高效共享;另外,由分散的文件组所有者分别管理密钥和用户证书,分散了系统安全风险,降低了对服务器的可信要求。
提出的对象存储主动防护方法、基于椭圆曲线密码体制的双向认证密钥协商的对象存储访问安全机制,以及对象存储非连续加密方法,对构建高安全性对象存储具有一定的参考作用。
With the evolution of high performance computing from the traditional host to thenetworked cluster, the traditional host-based storage systems can not meet therequirements of the aggregate access and data storage of the cluster which with hundredsof servers, and becomes the I/O bottleneck. Following the networked clustering directionof the host, the traditional host-based storage architecture has gradually developed tonetworked storage. As the result of the developing of network storage technology, storingis no longer a purely local behavior. It is combined with the network closely, and becomesa part of network. Because the network is an open system, and there are security flawsexisting in the network protocols and software systems, so inevitably there are somesecurity risks in network systems. As a member of the network system, the networkstorage system is exposed to the intruder as well. Once the attacker successfully invades adata storage device, he can get confidential data, or even can hinder access of thelegitimate users, and lead to incalculable losses. Comparing to the mature study on thenetwork security, the research on the network storage security is still in the initial stage. Incurrent, the research results of the network storage security are mainly come from researchinstitutions and large enterprises of USA and the other developed countries. It is still at thebeginning of the study in China, and there is no key technology in this field. Therefore, toresearch and develop the technologies and products of network storage security withindependent intellectual property rights, makes strategic significance to China’sinformation security infrastructure.
This paper focus on the security issues of the object-based storage, such as the activeprotection of the object-based storage, the access security of the object-based storage, thedata encryption mechanism with high efficiency and so on, proposes some valid schemesand achieves some research results. The main researches and achievements in the paperare as follows:
(1) Research on the initiative protection mechanisms of the object-based storage. Inorder to avoid the stored object being stolen or damaged results from the compromisedhost system, this paper presents a scheme of initiative protection of the object-basedstorage. Because many intrusions would lead to read/write access to the storage, theintrusions can be found if there is IDS in the storage system. In the object-based storageenvironment, the IDS even can capture data and attributes for analysis according to theneeds with the support of intelligent storage devices. The scheme takes full advantage ofcharacteristics of the object-based storage and the existing IDS technology, embeddingIDS into object-based storage device-OSD to monitor the behavior of the applicationprograms accessing the storage devices,therefore protects the OSD from the intrusions,and raises the security of the object-based storage. By using the improved unsupervisedclustering and support vector machine algorithm for intrusion detection, the IDS candetect intrusions more accurately and efficiently, and can detect the unknown intrusionseffectively. At the same time, it adopts the double-layer structure and the alert fusion technology based on multiplicative increase linearly decreasing algorithm, and reduces thefalse alarm rate. As it is simple to realize and has very small performance impact onsystem, this scheme is very practical.
(2) Research on the security access mechanism of object-based storage. According tothe characteristic of the object-based storage system, this paper proposes a new securityaccess mechanism based on ECC-based two-way authentication and key exchangeprotocol. It has different protocols algorithm for different relationships between thedevices of object-based storage system. The protocols run with no need of secure channel,but can guarantee the security of key exchange and achieve the certification status of themutual communication parties. According to the safety analysis, each sub-protocol canresistant against intermediaries' attacks and other kinds of network attacks. Meanwhile, themain keys are randomly generated and temporarily effective, so they have no need ofspecific conservation and management. Therefore, compared to the existing accesssecurity mechanisms of the object-based storage, this new mechanism not only enhancethe security of the access of the object-based storage, but also reduce the difficulty of keymanagement and the requirements of secure channels, the complexity of the protocols arenot high as well.
(3) Research on the encryption mechanism of the object-based dada. As the accesscontrol and the intrusion detection mechanism are used to prevent attacks coming from thenetwork, but they are unable to prevent the internal data theft or data leakage caused bystorage device theft. To protect the data security better, the data encryption in storagedevices has become an essential security measures. The traditional encrypting file systemshas big encryption overhead and user-revoke overhead, because they encrypt all data andexpose the sharing keys to every user. The problems not only cause loss on the systemperformance, but also cause great inconvenience to the legitimate users. This paperproposes a scheme of non-continuous efficient sharing encryption file system. In thescheme, only the tender contents would be encrypted to reduce the encryption overhead.At the same time, a user is revoked by setting the user’s certification invalid, and whichcan avoid the big overhead on re-encryption of data and the overhead on the distributionand re-distribution of sharing keys because of revoking user. And so that it allows largescale users’ efficient sharing the encryption file system. Because the keys and the user’scertifications are managed by the non-centralized owner of the file group, the security riskof the system is dispersed, and the creditability requirement for the server is reduced.
The proposed initiative protection mechanisms of the object-based storage, the securityaccess mechanism of object-based storage based on ECC-based two-way authenticationand key exchange protocol, and the encryption mechanism of the object-based dada, havecertain reference for constructing high-security object-based storage system.
本文针对基于对象的存储安全问题进行了深入的研究,在解决对象存储主动防护、对象存储访问安全、数据加密机制等方面获得了一些研究成果。本论文的主要研究工作及成果如下:
一、研究了对象存储的主动防护机制。为了防止因主机系统被攻击,导致存储对象被窃取或破坏,本文提出了一种对象存储的主动防护方案。由于许多入侵行为会导致对存储的读写访问,如果存储系统中包含入侵检测功能,就可以发现这些入侵行为。在对象存储的环境下,入侵检测更可以在智能存储设备的支持下,根据需要直接抓取到数据和属性进行分析。本方案充分利用对象存储的特点和现有入侵检测技术,将入侵检测模块嵌入对象存储系统中,对应用程序操作访问存储设备的行为进行监控,保护对象存储系统免受入侵,从而提高对象存储系统的安全性。其中,入侵检测模块采用改进的无监督聚类支持向量机入侵检测算法,具有较高的检测准确率和检测效率,并能有效检测未知入侵行为;同时采用双层分布式检测结构和基于乘性递增线性递减的告警融合算法,降低了误警率。该方案实现简单,对系统性能影响较小,实用性较强。
二、研究了对象存储的访问安全机制。本文根据对象存储系统的特点,提出了一套新的基于椭圆曲线密码体制的双向认证密钥协商的对象存储访问安全机制。针对对象存储系统不同设备间的不同关系,设计了不同的认证协议。这些协议不需要基于安全通道,可保证密钥交换的安全性,而且可实现对双方身份的认证。经安全性分析,整套协议的各子协议具有抵抗抵抗中间人攻击等各类网络攻击的能力。同时,主要密钥均为随机生成,短暂有效,不需要专门保存和管理,因此,相比现有的对象存储访问安全机制,既提高了存储访问的安全性,也减轻了密钥管理难度,降低了数据通道对安全性的要求,协议的性能开销较小。
三、研究了对象存储的数据加密机制。访问控制、入侵检测机制主要用来防范从网络过来的攻击,而无法防范内部数据窃取或因存储设备被窃取带来的数据泄漏。为了更好地保护数据安全,对存储设备中的数据加密就成为一项必不可少的安全措施。传统共享加密文件系统由于对全部文件数据加密,且共享密钥暴露给多个共享用户,造成了加解密开销大、回收用户开销大等问题,一方面给系统性能带来损失,另一方面也给合法用户访问数据造成很大的不便。本文提出的新方案采用非连续加密方法,仅对文件敏感内容加密,降低了加解密开销;同时通过文件组所有者维护用户证书的有效性来实现用户回收,避免了回收用户带来的数据重加密和共享密钥重发布等大量开销,实现了规模用户的高效共享;另外,由分散的文件组所有者分别管理密钥和用户证书,分散了系统安全风险,降低了对服务器的可信要求。
提出的对象存储主动防护方法、基于椭圆曲线密码体制的双向认证密钥协商的对象存储访问安全机制,以及对象存储非连续加密方法,对构建高安全性对象存储具有一定的参考作用。
With the evolution of high performance computing from the traditional host to thenetworked cluster, the traditional host-based storage systems can not meet therequirements of the aggregate access and data storage of the cluster which with hundredsof servers, and becomes the I/O bottleneck. Following the networked clustering directionof the host, the traditional host-based storage architecture has gradually developed tonetworked storage. As the result of the developing of network storage technology, storingis no longer a purely local behavior. It is combined with the network closely, and becomesa part of network. Because the network is an open system, and there are security flawsexisting in the network protocols and software systems, so inevitably there are somesecurity risks in network systems. As a member of the network system, the networkstorage system is exposed to the intruder as well. Once the attacker successfully invades adata storage device, he can get confidential data, or even can hinder access of thelegitimate users, and lead to incalculable losses. Comparing to the mature study on thenetwork security, the research on the network storage security is still in the initial stage. Incurrent, the research results of the network storage security are mainly come from researchinstitutions and large enterprises of USA and the other developed countries. It is still at thebeginning of the study in China, and there is no key technology in this field. Therefore, toresearch and develop the technologies and products of network storage security withindependent intellectual property rights, makes strategic significance to China’sinformation security infrastructure.
This paper focus on the security issues of the object-based storage, such as the activeprotection of the object-based storage, the access security of the object-based storage, thedata encryption mechanism with high efficiency and so on, proposes some valid schemesand achieves some research results. The main researches and achievements in the paperare as follows:
(1) Research on the initiative protection mechanisms of the object-based storage. Inorder to avoid the stored object being stolen or damaged results from the compromisedhost system, this paper presents a scheme of initiative protection of the object-basedstorage. Because many intrusions would lead to read/write access to the storage, theintrusions can be found if there is IDS in the storage system. In the object-based storageenvironment, the IDS even can capture data and attributes for analysis according to theneeds with the support of intelligent storage devices. The scheme takes full advantage ofcharacteristics of the object-based storage and the existing IDS technology, embeddingIDS into object-based storage device-OSD to monitor the behavior of the applicationprograms accessing the storage devices,therefore protects the OSD from the intrusions,and raises the security of the object-based storage. By using the improved unsupervisedclustering and support vector machine algorithm for intrusion detection, the IDS candetect intrusions more accurately and efficiently, and can detect the unknown intrusionseffectively. At the same time, it adopts the double-layer structure and the alert fusion technology based on multiplicative increase linearly decreasing algorithm, and reduces thefalse alarm rate. As it is simple to realize and has very small performance impact onsystem, this scheme is very practical.
(2) Research on the security access mechanism of object-based storage. According tothe characteristic of the object-based storage system, this paper proposes a new securityaccess mechanism based on ECC-based two-way authentication and key exchangeprotocol. It has different protocols algorithm for different relationships between thedevices of object-based storage system. The protocols run with no need of secure channel,but can guarantee the security of key exchange and achieve the certification status of themutual communication parties. According to the safety analysis, each sub-protocol canresistant against intermediaries' attacks and other kinds of network attacks. Meanwhile, themain keys are randomly generated and temporarily effective, so they have no need ofspecific conservation and management. Therefore, compared to the existing accesssecurity mechanisms of the object-based storage, this new mechanism not only enhancethe security of the access of the object-based storage, but also reduce the difficulty of keymanagement and the requirements of secure channels, the complexity of the protocols arenot high as well.
(3) Research on the encryption mechanism of the object-based dada. As the accesscontrol and the intrusion detection mechanism are used to prevent attacks coming from thenetwork, but they are unable to prevent the internal data theft or data leakage caused bystorage device theft. To protect the data security better, the data encryption in storagedevices has become an essential security measures. The traditional encrypting file systemshas big encryption overhead and user-revoke overhead, because they encrypt all data andexpose the sharing keys to every user. The problems not only cause loss on the systemperformance, but also cause great inconvenience to the legitimate users. This paperproposes a scheme of non-continuous efficient sharing encryption file system. In thescheme, only the tender contents would be encrypted to reduce the encryption overhead.At the same time, a user is revoked by setting the user’s certification invalid, and whichcan avoid the big overhead on re-encryption of data and the overhead on the distributionand re-distribution of sharing keys because of revoking user. And so that it allows largescale users’ efficient sharing the encryption file system. Because the keys and the user’scertifications are managed by the non-centralized owner of the file group, the security riskof the system is dispersed, and the creditability requirement for the server is reduced.
The proposed initiative protection mechanisms of the object-based storage, the securityaccess mechanism of object-based storage based on ECC-based two-way authenticationand key exchange protocol, and the encryption mechanism of the object-based dada, havecertain reference for constructing high-security object-based storage system.
引文
[1]张江陵,冯丹.海量信息存储(第一版).北京:科学出版社,2003.
[2] Molero X, Silla F, Santonja V, et al. On the Interconnection Topology for StorageArea Networks. in: Proceedings of15th Parallel and Distributed ProcessingSymposium.2001.1648-1656
[3] Harry Hulen, Otis Graf, Keith Fitzgerald, Richard W. Watson. Storage AreaNetworks and the High Performance Storage System. in: Proceedings of the19thIEEE/10th NASA Goddard Conference on Mass Storage Systems andTechnologies, April15-18,2002.225-240
[4] Wang P, Gilligan R. E, Green, et al. IP SAN-from iSCSI to IP-AddressableEthernet Disks. in: Proceedings of the20th IEEE/11th NASA Goddard Conferenceon Mass Storage Systems and Technologies. April7-10,2003.189-193
[5] Gibson G A, Nagle D F, Amiri K, et al. A Cost-effective, high-bandwidth storagearchitecture. in: Proceedings of the8thInternational Conference on ArchitecturalSupport for Program Languages and Operating Systems (ASPLOS), October,1998.92-103
[6] Gibson G A, Nagle D F, Amiri K, et al. File server scaling with network-attachedsecure disks. in: Proceedings of the ACM International Conference onMeasurement and Modelling of Computer System, June,1997.272-284.
[7] Alain Azagury, Vladimir Dreizin, Michael Factor, et al. Towards an Object Store. in:Proceedings of the20th IEEE/11th NASA Goddard Conference on Mass StorageSystems and Technologies(MSS’03),2003.165-176
[8] Gibson G A, Nagle D F, Courtright W, et al. NASD scalable storage systems. in:Proceedings of1999USENIX Annual Technical Conference, June,1999.
[9] SCSI Object-Based Storage Device Commands-2(OSD-2). Project T10/1721-D,Revision0. T10Technical Committee NCITS, October,2004.
[10] Menon J, Pease D A, Rees R, et al. IBM Storage Tank-A heterogeneous scalableSAN file system. IBM SYSTEMS JOURNAL,2003,42(2):250-267
[11] Peter J Braam. The Lustre Storage Architecture. Cluster File Systems, Inc,http://www.clusterfs.com, March,2004.
[12] David Nagle, Denis Serenyi, Abbie Matthews. The Panasas ActiveScale StorageCluster-Delivering Scalable High Bandwidth Storage. in: Proceedings of the2004ACM/IEEE conference on Supercomputing,November,2004.53
[13] Mesnier M, Ganger G R, Riedel E. Object-Based Storage. CommunicationsMagazine, IEEE, August,2003,41(8):84-90
[14] Rodeh O, Schonfeld U, Teperman, A. zFS-a scalable distributed file system usingobject disks.in: Proceedings20th IEEE/11th NASA Goddard Conference on MassStorage Systems and Technologies, April,2003.207-218
[15] Andy Hospodor, Ethan L Miller. Interconnection Architectures for Petabyte-scaleHigh-performance Storage Systems. in: Proceedings of the21st IEEE/12th NASAGoddard Conference on Mass Storage Systems and Technologies, April,2004.101-109
[16] Peter J. Braam. The Lustre Storage Architecture. March2004. http://www. lustre.org.
[17] Panasas Inc. Object-based Storage: Enabling Peta-scale Computing. November2003. Http://www. panasas. com/docs.
[18] Kubiatowicz J, Bindel David, Yan Chen, et al. OceanStore: An Architecture forGlobal-Scale Persistent Storage. in: Proceedings of the ACM InternationalConference on Architectural Support for Programming Languages and OperatingSystems,November,2000.190-201
[19] For Wei-Khing, Xi Wei-Ya. Adaptive Extents-based File System for Object-basedStorage Devices. in: Proceedings of the23th IEEE/14th NASA GoddardConference on Mass Storage Systems and Technologies, May,2006.
[20] Xi Weiya, For Wei-Khing, Wang Donghong, et al. OSDsim-a Simulation andDesign Platform of an Object-based Storage Device. in: Proceedings of the23thIEEE/14th NASA Goddard Conference on Mass Storage Systems andTechnologies, May,2006.
[21] Renuga Kanagavelu, Yong Khai Leong. A Bit-Window based Algorithm forBalanced and Efficient Object Placement and Lookup in Large-Scale Object basedStorage Cluster. in: Proceedings of the23th IEEE/14th NASA Goddard Conferenceon Mass Storage Systems and Technologies, May,2006.
[22]张悠慧,郑纬民.基于网络附属对象设备的集群存储体系结构.软件学报,2003,14(2):293-299
[23]张悠慧,郑纬民.一种新的网络对象存储设备研究.电子学报,2003,31(5):679-682
[24]刘仲,周兴铭.基于动态区间映射的数据对象布局算法.软件学报,2005,16(11):1886-1893
[25]刘仲,章文嵩,王召福等.基于对象存储的集群存储系统设计.计算机工程与科学,2005,27(2):78-81
[26]冯丹.基于对象的海量存储关键问题研究.中国计算机科学技术发展报告2007,北京:清华大学出版社.2008.160-179
[27] Wang F, Zhang S, Feng D, et al. A Hybrid Scheme for Object Allocation in aDistributed Object-storage System. in: Proceedings of the6thInternationalConference on Computational Science, UK, May,2006.
[28] Goodson.G R, Wylie.J J, Ganger.G R, et al. Efficient Byzantine-tolerant Erasure-coded Storage. in: International Conference on Dependable Systems and Networks,July,2004.135-144
[29] Strunk. J D, Goodson. G R, Scheinholtz. M L. Self-Securing Storage: ProtectingData in Compromised Systems. in: Proceedings of the4th Symposium onOperating Systems Design and Implementation, San Diego, CA, October,2000.165-180
[30] Craig A.N. Soules, Garth R. Goodson, John D. Strunk, et al. Metadata Efficiency inVersioning File Systems. in: Proceedings of FAST’03:2nd USENIX Conferenceon File and Storage Technologies, San Francisco, CA, Mar,2003.43-58
[31] Eu-Jin Goh, Hovav Shacham, Nagendra Modadugu, et al. SiRiUS: SecuringRemote Untrusted Storage. in: Proceedings of Network and Distributed SystemsSecurity (NDSS) Symposium2003,2003.131-145
[32] Kevin Fu, M. Frans Kaashoek, David Mazières. Fast and Secure Distributed Read-only File System. ACM Transactions on Computer Systems,2002,20(1):1-24
[33] Ethan L. Miller, William E. Freeman, Darrell D. E. Long, et al. Strong Security forNetwork-Attached Storage (2002). in: Proceedings of the2002Conference on Fileand Storage Technologies (FAST),2002,1-13
[34] Mahesh K, Erik R, Ram S, et al. Plutus: Scalable secure file sharing on untrustedstorage. in: Proceedings of the2nd Conference on File and Storage Technologies(FAST’03), USENIX, Berkeley, CA, Mar,2003.29–42
[35]裴灿浩,谢长生,黄建忠.基于读写优化的内核级加密文件系统.计算机工程,2010,30(15):137-139
[36]陆华,张世永,钟亦平.一个基于单密钥的对象存储安全机制设计.计算机工程,2005,31(7):148-150
[37]周功业,易佳,陈进才.基于角色访问控制的对象存储安全认证机制.计算机工程与设计,2007,28(24):5847-5849
[38] John D. Strunk, Garth R. Goodson, Adam G. Pennington, et al. IntrusionDetection, Diagnosis, and Recovery with Self-Securing Storage (2002).CMU-CS-02-140, May,2002.
[39] Adam G. Pennington, John D. Strunk, John Linwood Griffin, et al. Storage-basedIntrusion Detection: Watching storage activity for suspicious behavior. in:Proceedings of the12th USENIX Security Symposium Washington, DC, August,2003.182-196
[40] Mohammad Banikazemi, Dan Poff, Bulent Abali, et al. Storage-Based IntrusionDetection for Storage Area Networks (SANs). in: Proceedings of22nd IEEE/13thNASA Goddard Conference on Mass Storage Systems and Technologies,2005.11-14
[41]孙照焱.基于生物免疫机制的附网存储关键技术研究.【博士学位论文】.清华大学,2004.
[42]蔡涛,鞠时光,牛德姣.基于免疫安全存储设备IBSSD的研究与实现.计算机科学,2009,36(01):101-105
[43]黄建忠,裴灿浩,谢长生,等.一种基于人工免疫技术的存储异常检测系统.计算机科学,2010,7(01):42-46
[44] SCSI Obbject-Based Storage Device Commands-2(OSD-2). Project T10/1721-D,Revision0, T10Technical Committee NCITS, October2004.
[45] Yao Di, Feng Dan. Intrusion Detection for Object-Based Storage System. in: The9th International Conference for Young Computer Scientists, ICYCS2008,November,2008.218-222
[46] Nell C, John S. An Introduction to Support Vector Machines and OtherKernel-based Learning Methods. Cambridge University Press,2000.
[47] Daniel Boley, Vivian Borst, Maria Gini. An Unsupervised Clustering Tool forUnstructured Data. in: Papers of the Workshop on Machine Learning forInformation Filtering at IJCAI-99,1999.20-24
[48] Downs T, Gates K E, Masters A. Exact Simplification of Support Vector Solutions.Journal of Machine Learning Research,2001,12(2):293-297
[49] Lee Yuh-jye, Mangasarian Olvi L. RSVM: Reduced support vector machines. DataMining Institute, Computer Sciences Department, University of Wisconsin,2001.00-07
[50] Kuan-ming Lin, Chih-jen Lin. A Study on Reduced Support Vector Machines.IEEE TRANSACTIONS ON NEURAL NETWORKS,2003,14(6):1449—1459
[51] Gene H.Kim, Eugene H. Spaffod. The design and implementation of Tripwire: Afile system integrity checker. Proceedings of the2ndACM Conference on Computerand Communications Security,1994
[52] Chen ZW, Wang KY, Jiang JG. Design of Alert Merging Algorithm of Network-based Intrusion Detection System. Information and Electronic Engineering,2005,3(3):182185
[53] Mohammad Banikazemi, Dan Poff, Bulent Abali. Storage-based IntrusionDetection for Storage Area Networks. in: Proceedings of the22ndIEEE/13thNASAGoddard Conference on Mass Storage Systems and Technologies (MSST2005),2005.11-14
[54] Ann Chervenak, Vivekanand Vellanki, Zachary Kurmas. Protect File System: ASurvey of Backup Techniques. in: Proceedings of the Joint NASA and IEEE MassStorage Conference,1998. URL citeseer.ist.psu.edu/chervenak98protecting.html.
[55] Burrows M, Abadi M, Needham R. A Logic of Authentication. ACMTRANSACTIONS ON COMPUTER SYSTEMS,1990,8(1):18-36
[56] Diffie W, Oorschot P.C, Wiener M.J. Authentication and authenticated keyexchange. Designs, Codes, and Cryptography,1992,2:107-125
[57] Bind R, Gopal I, Herzberg A, et al. Systematic design of two-party authenticationprotocols. Proceedings of CRYPTO’91, Lecture Notes in Computer Science,Springer,1992,576:44-61
[58] Shannon C. E. A Mathematical Theory of Communication. Bell System TechnicalJournal, July-October,1948,27:379-423
[59] Diffie W., Hellman M. E. New Directions in Cryptography. IEEE Transactions onInformation Theory, November,1976, IT-22(6):644-654
[60] Laurie Law, Alfred Menezes, Minghua Qu, et al. An Efficient Protocol forAuthenticated Key Agreement. Designs, Codes and Cryptography,1998,28(2):119-134
[61] Antoine Joux. A one-round protocol for tripartite Diffie-Hellman. in: Proceedingsof4thInternational Symposium on Algorithmic Number Theory. Lecture Notes inComputer Science,2000,1838:385-393
[62] Burmester M, Desmedt Yvo G. Efficient and secure conference-key distribution.Lecture Notes in Computer Science,1997,1189:119-129
[63] Menezes A, Qu M, and Vanstone S. Some new key agreement protocols providingimplicit authentication. in: Proceedings of the Second Workshop on Selected Areasin Cryptography (SAC '95), Ottawa, May18-19,1995.22-32
[64] Bellare M, Rogaway P. Entity authentication and key distribution. in: Proceedingsof CRYPTO’93, Lecture Notes in Computer Science, Springer,1994,773:232-249
[65] Blake-Wilson S, Menezes A. Authenticated Diffie-Hellman key agreementprotocols. Proceedings of5thAnnual International Workshop, SAC’98. LectureNotes in Computer Science, Springer,1998,1556:339-361
[66] Needham R M, Schroeder M D. Using encryption for authentication in largenetworks of computers. Communications of the ACM,1978,21(12):993-999
[67] Carlsen Ulf. Optimal privacy and authentication on a portable communicationsystem. ACM SIGOPS Operating Systems Review,1994,28(3):16-23
[68] Aziz A, Diffie W. Privacy And Authentication For Wireless Local Area Networks(1994). IEEE Personal Communications,1994,1(1):25-31
[69] Boyd C, Mathuria A. Protocols for Authentication and Key Establishment. Springer,2003
[70] Katz J, Ostrovsky R, Yung M. Efficient password-authenticated key exchangeusing human-memorable passwords. in: Proceedings of the InternationalConference on the Theory and Application of Cryptographic Techniques: Advancesin Cryptology, Lecture Notes in Computer Science, Springer Berlin,2001,2045:475-494
[71] Bellar M, Yacobi Y. Fully-fledged two-way public key authentication and keyagreement for low-cost terminals. Electronics Letters.1993,29(11):999-1001
[72] Al-Riyami SS, Patersor KG. Tripartite Authenticated Key Agreement Protocol fromPairing. in: Proceedings of IMA Conference on Cryptography and Coding. UKCirencester,2002.192-201
[73] Popescu C. A Secure Authenticated Key Agreement Protocol. in: Proceedings ofthe12thIEEE Mediterranean Electrotechnical Conference. MELECON,2004,2:783-786
[74] Arthur Evans.Jr, Kantrowitz W, Weiss E. A User Authentication Scheme notRequiring Secrecy in the Comuuter. Communications of the ACM.1974,17(8):437-442
[75] Lamport L. Password Authenticated with Inscure Communication.Communications of the ACM.1981,24(11):770-772
[76] Bellovin S.M, Merritt M. Encrypted key exchange: password-based protocolssecure against dictionary attacks. in: Proceedings of1992IEEE Computer SocietySymposium on Research in Security and Privacy, May,1992.72-84
[77] Feng Hao, Peter Ryan. Password Authenticated Key Exchange by Juggling. in:Proceedings of the16th International Workshop on Security Protocols,2008.
[78] Erik De Win, Bart Preneel. Elliptic Curve Public Key Cryptosystems-anintroduction. Course of LNCS,1997,1528:(131-141)
[79] Hankerson D, Menezes A, Vanstone S. Guide to Elliptic Curve Cryptography.Springer-Verlag New York, USA,1993
[80] Laurie Law, Alfred Menezes, Minghua Qu, et al. An Efficient Protocol forAuthenticated Key Agreement. Designs, Codes and Cryptography,1998.
[81] Aydos M, Sunar B. An elliptic curve cryptography based authentication and keyagreement protocol for wireless communication. in:2ndinternational workshop onDiscrete Algorithms and Methods for Mobile Computing and Communications,Dallas, TX,1998
[82] Sun Hung-Min, Hsieh Bin-Tsan, Tseng Shin-Mu. Cryptanalysis of Aydos et al’sECC-Based Wireless Authentication Protocol. in: Proceedings of the2004IEEEInternational Conference on E-Technology, E-Commere and E-Service. LosAlamitos: IEEE Computer Society Press,2004.563-566
[83] Mangipudi K, Malneedi N, Katti R. Attack and solutions on Aydos-Savas-Koc’swireless authentication protocol. Global Telecommunications Conference,2004.2229-2234
[84] Liu zhimeng,Zhao yanli, Fanhui. A Secure MAKAP for wireless communication.Wuhan University Journal of Natural Sciences,2006,11(6):1749-1752
[85] Seo D, Sweeney E. Simple authenticated key agreement algorithm. ElectronicsLetters,1999,35(13):1073-1074
[86]姚荻,冯丹.双向认证的对象存储安全机制设计.华中科技大学学报(自然科学版),2010,38(5):5-8.(署名单位:华中科技大学计算机科学与技术学院)(EIcited)
[87]姚荻,冯丹.一种认证增强的对象存储安全机制设计.计算机科学,2010,37(9):290-293.
[88] Fahiem Bacchus. Representing and Reasoning with Probabilistic Knowledge: ALogical Approach. MIT Press,1990.
[89] Ethan Miller, Darrell Long, William Freeman, et al. Strong Security for DistributedFile Systems. In Proceedings of the20th IEEE International Performance,Computing, and Communications Conference,2002.34-40
[90] Modi D, Agrawalla R.K, Moona R. TransCryptDFS: A secure distributedEncrypting File System.2010International Congress on Ultra ModernTelecommunications and Control Systems and Workshops (ICUMT), Oct,2010.187-194
[91] Matt Blaze. Key Management in an Encrypting File System. In Proceedings of theSummer1994USENIX Conference,1994.27-35
[92] Shamir A. How to share a secret. Communications of the ACM,1979,22(11):612-613.
[93] Stefan Miltchev, Vassilis Prevelakis, Sotiris Ioannidis, et al. Secure and FlexibleGlobal File Sharing. in Proceedings of the USENIX2003Annual TechnicalConference, Freenix Track,2003.165-178
[94] Backes M, Cachin C, Oprea. A Lazy Revocation in Cryptographic File Systems. in:Proceedings of the Third IEEE International Security in StorageWorkshop(SISW’05), San Francisco, December,2005.1-11
[95]牛中盈.并行文件系统安全性研究:【博士学位论文】.华中科技大学,2010.
[96] Thomas E. Anderson, Michael D. Dahlin, Jeanna M. Neefe, et al. ServerlessNetwork File Systems. ACM Transactions on Computer Systems,1995.109-126
[97] Mazires D, Kaminsky M, Kaashoek M. Separating key management from filesystem security. in: SOSP, December,1999.124-139
[98] Mazires D, Shasha D. Don't trust your file server. in: Proceedings of the EighthWorkshop on Hot Topics in Operating Systems, May,2001.113-118
[99] E Zadok, L Badulesscu, A Shender. Cryptfs: A stackable vnode level encryption filesystem. Technical Report CUCS-021-98, Computer Science Department, ColumbiaUniversity,1998.
[100] Blaze M. A Cryptographic File System for Unix. in: Proceeding of the1st ACMConference on Communications and Computing Security, Fairfax, VA, November,1993.
[101] Emelindo Maurello. TCFS: Transparent Cryptogarphic File System, LinnuxJournal,1997.
[102] G.Cattaneo, L.Catuogno, A.Del.Sorbo,etc. The Design and Implementation of aTransparent Cryptogarphic File System for Unix. in: Proceedings of the AnnualUSENIX Technical Conference, FREENIX Track, June,2001.199-212
[103] Microsoft Corporation. Encrypting File System for Windows2000. White Paper,July,1999.
[104] Fu K. Group sharing and random access in cryptographic storage file system.
[Master Thesis]. Massachusetts Institute of Technology,1999.
[105] Scott A. Banachowski, Zachary N. J. Peterson, Ethan L. Miller, et al. Intra-fileSecurity for a Distributed File System. in: Proceedings of the10thGoddardConference on Mass Storage systems and technologies, in cooperation with the19TH IEEE SYMPOSIUM on Mass Storage systems, College Park, MD, April,2002.153-163
[106]刘杰.公钥密码体制安全性证明关键技术及应用研究:【博士学位论文】.上海交通大学,2008.
[2] Molero X, Silla F, Santonja V, et al. On the Interconnection Topology for StorageArea Networks. in: Proceedings of15th Parallel and Distributed ProcessingSymposium.2001.1648-1656
[3] Harry Hulen, Otis Graf, Keith Fitzgerald, Richard W. Watson. Storage AreaNetworks and the High Performance Storage System. in: Proceedings of the19thIEEE/10th NASA Goddard Conference on Mass Storage Systems andTechnologies, April15-18,2002.225-240
[4] Wang P, Gilligan R. E, Green, et al. IP SAN-from iSCSI to IP-AddressableEthernet Disks. in: Proceedings of the20th IEEE/11th NASA Goddard Conferenceon Mass Storage Systems and Technologies. April7-10,2003.189-193
[5] Gibson G A, Nagle D F, Amiri K, et al. A Cost-effective, high-bandwidth storagearchitecture. in: Proceedings of the8thInternational Conference on ArchitecturalSupport for Program Languages and Operating Systems (ASPLOS), October,1998.92-103
[6] Gibson G A, Nagle D F, Amiri K, et al. File server scaling with network-attachedsecure disks. in: Proceedings of the ACM International Conference onMeasurement and Modelling of Computer System, June,1997.272-284.
[7] Alain Azagury, Vladimir Dreizin, Michael Factor, et al. Towards an Object Store. in:Proceedings of the20th IEEE/11th NASA Goddard Conference on Mass StorageSystems and Technologies(MSS’03),2003.165-176
[8] Gibson G A, Nagle D F, Courtright W, et al. NASD scalable storage systems. in:Proceedings of1999USENIX Annual Technical Conference, June,1999.
[9] SCSI Object-Based Storage Device Commands-2(OSD-2). Project T10/1721-D,Revision0. T10Technical Committee NCITS, October,2004.
[10] Menon J, Pease D A, Rees R, et al. IBM Storage Tank-A heterogeneous scalableSAN file system. IBM SYSTEMS JOURNAL,2003,42(2):250-267
[11] Peter J Braam. The Lustre Storage Architecture. Cluster File Systems, Inc,http://www.clusterfs.com, March,2004.
[12] David Nagle, Denis Serenyi, Abbie Matthews. The Panasas ActiveScale StorageCluster-Delivering Scalable High Bandwidth Storage. in: Proceedings of the2004ACM/IEEE conference on Supercomputing,November,2004.53
[13] Mesnier M, Ganger G R, Riedel E. Object-Based Storage. CommunicationsMagazine, IEEE, August,2003,41(8):84-90
[14] Rodeh O, Schonfeld U, Teperman, A. zFS-a scalable distributed file system usingobject disks.in: Proceedings20th IEEE/11th NASA Goddard Conference on MassStorage Systems and Technologies, April,2003.207-218
[15] Andy Hospodor, Ethan L Miller. Interconnection Architectures for Petabyte-scaleHigh-performance Storage Systems. in: Proceedings of the21st IEEE/12th NASAGoddard Conference on Mass Storage Systems and Technologies, April,2004.101-109
[16] Peter J. Braam. The Lustre Storage Architecture. March2004. http://www. lustre.org.
[17] Panasas Inc. Object-based Storage: Enabling Peta-scale Computing. November2003. Http://www. panasas. com/docs.
[18] Kubiatowicz J, Bindel David, Yan Chen, et al. OceanStore: An Architecture forGlobal-Scale Persistent Storage. in: Proceedings of the ACM InternationalConference on Architectural Support for Programming Languages and OperatingSystems,November,2000.190-201
[19] For Wei-Khing, Xi Wei-Ya. Adaptive Extents-based File System for Object-basedStorage Devices. in: Proceedings of the23th IEEE/14th NASA GoddardConference on Mass Storage Systems and Technologies, May,2006.
[20] Xi Weiya, For Wei-Khing, Wang Donghong, et al. OSDsim-a Simulation andDesign Platform of an Object-based Storage Device. in: Proceedings of the23thIEEE/14th NASA Goddard Conference on Mass Storage Systems andTechnologies, May,2006.
[21] Renuga Kanagavelu, Yong Khai Leong. A Bit-Window based Algorithm forBalanced and Efficient Object Placement and Lookup in Large-Scale Object basedStorage Cluster. in: Proceedings of the23th IEEE/14th NASA Goddard Conferenceon Mass Storage Systems and Technologies, May,2006.
[22]张悠慧,郑纬民.基于网络附属对象设备的集群存储体系结构.软件学报,2003,14(2):293-299
[23]张悠慧,郑纬民.一种新的网络对象存储设备研究.电子学报,2003,31(5):679-682
[24]刘仲,周兴铭.基于动态区间映射的数据对象布局算法.软件学报,2005,16(11):1886-1893
[25]刘仲,章文嵩,王召福等.基于对象存储的集群存储系统设计.计算机工程与科学,2005,27(2):78-81
[26]冯丹.基于对象的海量存储关键问题研究.中国计算机科学技术发展报告2007,北京:清华大学出版社.2008.160-179
[27] Wang F, Zhang S, Feng D, et al. A Hybrid Scheme for Object Allocation in aDistributed Object-storage System. in: Proceedings of the6thInternationalConference on Computational Science, UK, May,2006.
[28] Goodson.G R, Wylie.J J, Ganger.G R, et al. Efficient Byzantine-tolerant Erasure-coded Storage. in: International Conference on Dependable Systems and Networks,July,2004.135-144
[29] Strunk. J D, Goodson. G R, Scheinholtz. M L. Self-Securing Storage: ProtectingData in Compromised Systems. in: Proceedings of the4th Symposium onOperating Systems Design and Implementation, San Diego, CA, October,2000.165-180
[30] Craig A.N. Soules, Garth R. Goodson, John D. Strunk, et al. Metadata Efficiency inVersioning File Systems. in: Proceedings of FAST’03:2nd USENIX Conferenceon File and Storage Technologies, San Francisco, CA, Mar,2003.43-58
[31] Eu-Jin Goh, Hovav Shacham, Nagendra Modadugu, et al. SiRiUS: SecuringRemote Untrusted Storage. in: Proceedings of Network and Distributed SystemsSecurity (NDSS) Symposium2003,2003.131-145
[32] Kevin Fu, M. Frans Kaashoek, David Mazières. Fast and Secure Distributed Read-only File System. ACM Transactions on Computer Systems,2002,20(1):1-24
[33] Ethan L. Miller, William E. Freeman, Darrell D. E. Long, et al. Strong Security forNetwork-Attached Storage (2002). in: Proceedings of the2002Conference on Fileand Storage Technologies (FAST),2002,1-13
[34] Mahesh K, Erik R, Ram S, et al. Plutus: Scalable secure file sharing on untrustedstorage. in: Proceedings of the2nd Conference on File and Storage Technologies(FAST’03), USENIX, Berkeley, CA, Mar,2003.29–42
[35]裴灿浩,谢长生,黄建忠.基于读写优化的内核级加密文件系统.计算机工程,2010,30(15):137-139
[36]陆华,张世永,钟亦平.一个基于单密钥的对象存储安全机制设计.计算机工程,2005,31(7):148-150
[37]周功业,易佳,陈进才.基于角色访问控制的对象存储安全认证机制.计算机工程与设计,2007,28(24):5847-5849
[38] John D. Strunk, Garth R. Goodson, Adam G. Pennington, et al. IntrusionDetection, Diagnosis, and Recovery with Self-Securing Storage (2002).CMU-CS-02-140, May,2002.
[39] Adam G. Pennington, John D. Strunk, John Linwood Griffin, et al. Storage-basedIntrusion Detection: Watching storage activity for suspicious behavior. in:Proceedings of the12th USENIX Security Symposium Washington, DC, August,2003.182-196
[40] Mohammad Banikazemi, Dan Poff, Bulent Abali, et al. Storage-Based IntrusionDetection for Storage Area Networks (SANs). in: Proceedings of22nd IEEE/13thNASA Goddard Conference on Mass Storage Systems and Technologies,2005.11-14
[41]孙照焱.基于生物免疫机制的附网存储关键技术研究.【博士学位论文】.清华大学,2004.
[42]蔡涛,鞠时光,牛德姣.基于免疫安全存储设备IBSSD的研究与实现.计算机科学,2009,36(01):101-105
[43]黄建忠,裴灿浩,谢长生,等.一种基于人工免疫技术的存储异常检测系统.计算机科学,2010,7(01):42-46
[44] SCSI Obbject-Based Storage Device Commands-2(OSD-2). Project T10/1721-D,Revision0, T10Technical Committee NCITS, October2004.
[45] Yao Di, Feng Dan. Intrusion Detection for Object-Based Storage System. in: The9th International Conference for Young Computer Scientists, ICYCS2008,November,2008.218-222
[46] Nell C, John S. An Introduction to Support Vector Machines and OtherKernel-based Learning Methods. Cambridge University Press,2000.
[47] Daniel Boley, Vivian Borst, Maria Gini. An Unsupervised Clustering Tool forUnstructured Data. in: Papers of the Workshop on Machine Learning forInformation Filtering at IJCAI-99,1999.20-24
[48] Downs T, Gates K E, Masters A. Exact Simplification of Support Vector Solutions.Journal of Machine Learning Research,2001,12(2):293-297
[49] Lee Yuh-jye, Mangasarian Olvi L. RSVM: Reduced support vector machines. DataMining Institute, Computer Sciences Department, University of Wisconsin,2001.00-07
[50] Kuan-ming Lin, Chih-jen Lin. A Study on Reduced Support Vector Machines.IEEE TRANSACTIONS ON NEURAL NETWORKS,2003,14(6):1449—1459
[51] Gene H.Kim, Eugene H. Spaffod. The design and implementation of Tripwire: Afile system integrity checker. Proceedings of the2ndACM Conference on Computerand Communications Security,1994
[52] Chen ZW, Wang KY, Jiang JG. Design of Alert Merging Algorithm of Network-based Intrusion Detection System. Information and Electronic Engineering,2005,3(3):182185
[53] Mohammad Banikazemi, Dan Poff, Bulent Abali. Storage-based IntrusionDetection for Storage Area Networks. in: Proceedings of the22ndIEEE/13thNASAGoddard Conference on Mass Storage Systems and Technologies (MSST2005),2005.11-14
[54] Ann Chervenak, Vivekanand Vellanki, Zachary Kurmas. Protect File System: ASurvey of Backup Techniques. in: Proceedings of the Joint NASA and IEEE MassStorage Conference,1998. URL citeseer.ist.psu.edu/chervenak98protecting.html.
[55] Burrows M, Abadi M, Needham R. A Logic of Authentication. ACMTRANSACTIONS ON COMPUTER SYSTEMS,1990,8(1):18-36
[56] Diffie W, Oorschot P.C, Wiener M.J. Authentication and authenticated keyexchange. Designs, Codes, and Cryptography,1992,2:107-125
[57] Bind R, Gopal I, Herzberg A, et al. Systematic design of two-party authenticationprotocols. Proceedings of CRYPTO’91, Lecture Notes in Computer Science,Springer,1992,576:44-61
[58] Shannon C. E. A Mathematical Theory of Communication. Bell System TechnicalJournal, July-October,1948,27:379-423
[59] Diffie W., Hellman M. E. New Directions in Cryptography. IEEE Transactions onInformation Theory, November,1976, IT-22(6):644-654
[60] Laurie Law, Alfred Menezes, Minghua Qu, et al. An Efficient Protocol forAuthenticated Key Agreement. Designs, Codes and Cryptography,1998,28(2):119-134
[61] Antoine Joux. A one-round protocol for tripartite Diffie-Hellman. in: Proceedingsof4thInternational Symposium on Algorithmic Number Theory. Lecture Notes inComputer Science,2000,1838:385-393
[62] Burmester M, Desmedt Yvo G. Efficient and secure conference-key distribution.Lecture Notes in Computer Science,1997,1189:119-129
[63] Menezes A, Qu M, and Vanstone S. Some new key agreement protocols providingimplicit authentication. in: Proceedings of the Second Workshop on Selected Areasin Cryptography (SAC '95), Ottawa, May18-19,1995.22-32
[64] Bellare M, Rogaway P. Entity authentication and key distribution. in: Proceedingsof CRYPTO’93, Lecture Notes in Computer Science, Springer,1994,773:232-249
[65] Blake-Wilson S, Menezes A. Authenticated Diffie-Hellman key agreementprotocols. Proceedings of5thAnnual International Workshop, SAC’98. LectureNotes in Computer Science, Springer,1998,1556:339-361
[66] Needham R M, Schroeder M D. Using encryption for authentication in largenetworks of computers. Communications of the ACM,1978,21(12):993-999
[67] Carlsen Ulf. Optimal privacy and authentication on a portable communicationsystem. ACM SIGOPS Operating Systems Review,1994,28(3):16-23
[68] Aziz A, Diffie W. Privacy And Authentication For Wireless Local Area Networks(1994). IEEE Personal Communications,1994,1(1):25-31
[69] Boyd C, Mathuria A. Protocols for Authentication and Key Establishment. Springer,2003
[70] Katz J, Ostrovsky R, Yung M. Efficient password-authenticated key exchangeusing human-memorable passwords. in: Proceedings of the InternationalConference on the Theory and Application of Cryptographic Techniques: Advancesin Cryptology, Lecture Notes in Computer Science, Springer Berlin,2001,2045:475-494
[71] Bellar M, Yacobi Y. Fully-fledged two-way public key authentication and keyagreement for low-cost terminals. Electronics Letters.1993,29(11):999-1001
[72] Al-Riyami SS, Patersor KG. Tripartite Authenticated Key Agreement Protocol fromPairing. in: Proceedings of IMA Conference on Cryptography and Coding. UKCirencester,2002.192-201
[73] Popescu C. A Secure Authenticated Key Agreement Protocol. in: Proceedings ofthe12thIEEE Mediterranean Electrotechnical Conference. MELECON,2004,2:783-786
[74] Arthur Evans.Jr, Kantrowitz W, Weiss E. A User Authentication Scheme notRequiring Secrecy in the Comuuter. Communications of the ACM.1974,17(8):437-442
[75] Lamport L. Password Authenticated with Inscure Communication.Communications of the ACM.1981,24(11):770-772
[76] Bellovin S.M, Merritt M. Encrypted key exchange: password-based protocolssecure against dictionary attacks. in: Proceedings of1992IEEE Computer SocietySymposium on Research in Security and Privacy, May,1992.72-84
[77] Feng Hao, Peter Ryan. Password Authenticated Key Exchange by Juggling. in:Proceedings of the16th International Workshop on Security Protocols,2008.
[78] Erik De Win, Bart Preneel. Elliptic Curve Public Key Cryptosystems-anintroduction. Course of LNCS,1997,1528:(131-141)
[79] Hankerson D, Menezes A, Vanstone S. Guide to Elliptic Curve Cryptography.Springer-Verlag New York, USA,1993
[80] Laurie Law, Alfred Menezes, Minghua Qu, et al. An Efficient Protocol forAuthenticated Key Agreement. Designs, Codes and Cryptography,1998.
[81] Aydos M, Sunar B. An elliptic curve cryptography based authentication and keyagreement protocol for wireless communication. in:2ndinternational workshop onDiscrete Algorithms and Methods for Mobile Computing and Communications,Dallas, TX,1998
[82] Sun Hung-Min, Hsieh Bin-Tsan, Tseng Shin-Mu. Cryptanalysis of Aydos et al’sECC-Based Wireless Authentication Protocol. in: Proceedings of the2004IEEEInternational Conference on E-Technology, E-Commere and E-Service. LosAlamitos: IEEE Computer Society Press,2004.563-566
[83] Mangipudi K, Malneedi N, Katti R. Attack and solutions on Aydos-Savas-Koc’swireless authentication protocol. Global Telecommunications Conference,2004.2229-2234
[84] Liu zhimeng,Zhao yanli, Fanhui. A Secure MAKAP for wireless communication.Wuhan University Journal of Natural Sciences,2006,11(6):1749-1752
[85] Seo D, Sweeney E. Simple authenticated key agreement algorithm. ElectronicsLetters,1999,35(13):1073-1074
[86]姚荻,冯丹.双向认证的对象存储安全机制设计.华中科技大学学报(自然科学版),2010,38(5):5-8.(署名单位:华中科技大学计算机科学与技术学院)(EIcited)
[87]姚荻,冯丹.一种认证增强的对象存储安全机制设计.计算机科学,2010,37(9):290-293.
[88] Fahiem Bacchus. Representing and Reasoning with Probabilistic Knowledge: ALogical Approach. MIT Press,1990.
[89] Ethan Miller, Darrell Long, William Freeman, et al. Strong Security for DistributedFile Systems. In Proceedings of the20th IEEE International Performance,Computing, and Communications Conference,2002.34-40
[90] Modi D, Agrawalla R.K, Moona R. TransCryptDFS: A secure distributedEncrypting File System.2010International Congress on Ultra ModernTelecommunications and Control Systems and Workshops (ICUMT), Oct,2010.187-194
[91] Matt Blaze. Key Management in an Encrypting File System. In Proceedings of theSummer1994USENIX Conference,1994.27-35
[92] Shamir A. How to share a secret. Communications of the ACM,1979,22(11):612-613.
[93] Stefan Miltchev, Vassilis Prevelakis, Sotiris Ioannidis, et al. Secure and FlexibleGlobal File Sharing. in Proceedings of the USENIX2003Annual TechnicalConference, Freenix Track,2003.165-178
[94] Backes M, Cachin C, Oprea. A Lazy Revocation in Cryptographic File Systems. in:Proceedings of the Third IEEE International Security in StorageWorkshop(SISW’05), San Francisco, December,2005.1-11
[95]牛中盈.并行文件系统安全性研究:【博士学位论文】.华中科技大学,2010.
[96] Thomas E. Anderson, Michael D. Dahlin, Jeanna M. Neefe, et al. ServerlessNetwork File Systems. ACM Transactions on Computer Systems,1995.109-126
[97] Mazires D, Kaminsky M, Kaashoek M. Separating key management from filesystem security. in: SOSP, December,1999.124-139
[98] Mazires D, Shasha D. Don't trust your file server. in: Proceedings of the EighthWorkshop on Hot Topics in Operating Systems, May,2001.113-118
[99] E Zadok, L Badulesscu, A Shender. Cryptfs: A stackable vnode level encryption filesystem. Technical Report CUCS-021-98, Computer Science Department, ColumbiaUniversity,1998.
[100] Blaze M. A Cryptographic File System for Unix. in: Proceeding of the1st ACMConference on Communications and Computing Security, Fairfax, VA, November,1993.
[101] Emelindo Maurello. TCFS: Transparent Cryptogarphic File System, LinnuxJournal,1997.
[102] G.Cattaneo, L.Catuogno, A.Del.Sorbo,etc. The Design and Implementation of aTransparent Cryptogarphic File System for Unix. in: Proceedings of the AnnualUSENIX Technical Conference, FREENIX Track, June,2001.199-212
[103] Microsoft Corporation. Encrypting File System for Windows2000. White Paper,July,1999.
[104] Fu K. Group sharing and random access in cryptographic storage file system.
[Master Thesis]. Massachusetts Institute of Technology,1999.
[105] Scott A. Banachowski, Zachary N. J. Peterson, Ethan L. Miller, et al. Intra-fileSecurity for a Distributed File System. in: Proceedings of the10thGoddardConference on Mass Storage systems and technologies, in cooperation with the19TH IEEE SYMPOSIUM on Mass Storage systems, College Park, MD, April,2002.153-163
[106]刘杰.公钥密码体制安全性证明关键技术及应用研究:【博士学位论文】.上海交通大学,2008.
© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号 地址:北京市海淀区学院路29号 邮编:100083 电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700 |