拟态分布式文件存储系统MDFSMimic Distributed File Storage System MDFS
产品介绍:
Product introduction.
应对海量的数据存储需求,分布式存储系统是目前首选的数据存储解决方案,可扩展性和低成本是其最大的优点。面对业务系统不间断的数据存储需求,可以通过向集群中不停的增加存储节点来应对。分布式存储系统是依附在操作系统和计算机网络环境上的一个应用系统,利用多台服务器分担存储负荷及元数据管理,并通过大量复杂的算法来保障数据的安全性,如一致性、容错性、可用性等算法。
To cope with the demand for massive data storage, distributed storage system is currently the preferred data storage solution, and scalability and low cost are its biggest advantages. In the face of uninterrupted data storage needs of business systems, it can be coped with by constantly adding storage nodes to the cluster. Distributed storage system is an application system attached to the operating system and computer network environment, using multiple servers to share the storage load and metadata management, and a large number of complex algorithms to ensure the security of data, such as consistency, fault tolerance, availability and other algorithms.
分布式存储系统依赖网络进行数据交换,却不具备对抗网络攻击的防御功能,遇到网络攻击时存在数据被截取甚至存储集群宕机的风险。对于操作系统存在的安全性问题,如病毒、木马等攻击行为,也会让分布式存储系统上的数据存在安全性风险。
Distributed storage systems rely on the network for data exchange, but do not have the defense function against network attacks, and there is a risk of data interception or even storage cluster downtime when encountering network attacks. Security issues for operating systems, such as viruses, Trojan horses and other attacks, also put the data on distributed storage systems at risk of security.
作为分布式存储系统的载体,操作系统不可避免的存在着漏洞。从国家信息安全层面来看,目前国内可用于商业用途的操作系统寥寥无几,可选对象基本上都是国外产品,受商业因素或国家战略影响,部分操作系统可能被人为地设置后门,导致发生在计算机网络上的漏洞事件频发。因此,如何从抗操作系统攻击和抗网络攻击的层面保障数据的安全性也是分布式存储系统必须考虑的重要问题。
As the carrier of the distributed storage system, the operating system inevitably has vulnerabilities. From the national information security level, there are only a few domestic operating systems available for commercial use, and the available objects are basically foreign products. Influenced by commercial factors or national strategies, some operating systems may be artificially set up as backdoors, resulting in frequent incidents of vulnerabilities occurring on computer networks. Therefore, how to safeguard data security from the level of anti-operating system attack and anti-network attack is also an important issue that distributed storage system must consider.
作为海量数据存储的解决方案,分布式存储系统在数据冗余机制上有很多考量,但是对于一些核心的机密数据,安全性要求极为苛刻,分布式存储系统如何做到面对黑客的攻击时,仍然能不间断的提供正常的存储服务,显然这个问题无法用存储灾备方案来解决。
As a solution for mass data storage, distributed storage system has many considerations on data redundancy mechanism, but for some core confidential data, the security requirements are extremely demanding, and how the distributed storage system can still provide normal storage service without interruption in the face of hacker's attack, obviously this problem cannot be solved by storage disaster recovery solution.
网络空间拟态防御理论由邬江兴院士提出,其模型及系统经过理论的严格证明,工程系统产品的开发验证,及经历了国内行业,军方,公安,国安,大学研究机构长时间的内测,是目前国际上唯一能解决“应对未知的漏洞后门病毒木马和未知的渗透攻击”的理论及系统。目前拟态产品系列包含拟态路由器、拟态防火墙、拟态Web服务器、拟态存储系统等。这些拟态设备组成的南京拟态靶场NEST,从2018年起连续3年经历“强网杯”拟态防御国际精英挑战赛上国内外一流白帽黑客的挑战与攻击,从未被攻破。本团队从2017年开始承担国家重点研发计划网络空间安全重点专项的拟态分布式存储系统的研发,结合团队在分布式存储领域近10年的积累,可以为党政军、金融行业、通讯行业、有高安全需要的企业提供高安全的存储解决方案。
The theory of cyberspace mimicry defense was proposed by Academician Wu Jiangxing. Its models and systems have been rigorously proved by theory, developed and verified by engineering system products, and have undergone long-term internal testing by domestic industry, military, public security, national security, and university research institutions. At present, it is the only theory and system in the world that can solve the problem of "responding to unknown loopholes, backdoors, virus Trojans and unknown penetration attacks". At present, the Mimic product series includes Mimic Router, Mimic Firewall, Mimic Web Server, Mimic Storage System, etc. Nanjing Mimic Shooting Range NEST, composed of these mimic devices, has been challenged and attacked by first-class white hat hackers at home and abroad in the "Qiangwang Cup" Mimic Defense International Elite Challenge for three consecutive years since 2018, and has never been broken. Since 2017, our team has undertaken the research and development of the simulated distributed storage system, which is a key special project of cyberspace security under the National Key R&D Program. Combined with the team's nearly 10-year accumulation in the field of distributed storage, it can be used for the party, government, military, financial industry, communications, etc. Provide high-security storage solutions for industries and enterprises with high security needs.
该系统采用异构的多重随机编码防御机制,对不确定的攻击行为进行主动地动态防御。
The system adopts a heterogeneous multiple random coding defense mechanism to actively and dynamically defend against uncertain attack behaviors.
拟态存储防御体系存储原理
功能特性:
1.支出PB级数据存储;
2.支持无限量的动态扩容;
3.支持多种异构纠删码;
4.底层数据防篡改;
融合拟态判决的思想,彻底解决纠删码对篡改无效的问题。
5.秒级的数据自动修复;
自动识别数据块损坏、被篡改等异常,并实现自动秒级修复。
6.高安全数据存储;
7.高效的数据读写性能;
8.基于区块链技术的多种人体体征认证(可选);
9.基于区块链技术的日志锁存(可选)。
Features:
- 1. Expend PB-level data storage;
- 2. Support unlimited dynamic expansion;
- 3. Support a variety of heterogeneous erasure codes;
- 4. The underlying data is tamper-proof;
- It integrates the idea of imitation judgment and completely solves the problem that erasure codes are invalid for tampering.
- 5. Second-level data automatic repair;
- Automatically identify abnormalities such as data block damage and tampering, and realize automatic second-level repair.
- 6. High security data storage;
- 7. Efficient data read and write performance;
- 8. Various body sign authentication based on blockchain technology (optional);
- 9. Log latching based on blockchain technology (optional)
应用场景:
适用于党政军、金融行业、通信行业、企业、安防领域的对数据存储安全要求较高的场景。
Application scenarios:
It is suitable for scenarios with high requirements for data storage security in the party, government and military, financial industry, communication industry, enterprise, and security field.
