中文摘要：

如今,数据越来越多地被选择存放在云存储环境,而非个人电脑中.这使得用户失去了对数据的完全控制,从而难以保证数据的安全性.为了解决此问题,文中提出了一种新的安全云存储系统架构.基于这套架构,文中设计并实现了一个安全云存储系统——Corslet.Corslet可以直接架在已有的云存储系统之上而无需对其进行任何改变,同时提供端到端的数据私密性保护、完整性保护以及访问权限控制等功能.Corslet使用简单,用户只需在客户端存放他们的身份证书即可.对Corslet的测试结果显示,Corslet架在NFSv4集群之上I/O性能下降不到5%,证明Corslet在提高用户数据安全性的同时,其性能也是可以接受的.

英文摘要：

Nowadays, data has been increasingly shared among different users inside the cloud storage systems, instead of being owned by any single private user, which makes an ordinary user usually does not have the control permission over the whole system, thus hard to secure data storage or data sharing of his own files. To solve this problem, this paper proposes a new secure cloud storage system architecture. Based on this architecture, this paper designs and implements a secure cloud storage system called Corslet. Corslet can run directly on deployed underlying cloud storage systems without modification, while bringing end-to-end confidentiality and integrity as well as efficient access control for user data. For individual users, Corslet is easy to use, the only thing to keep locally is their certifications. The experiments and standard benchmark results show that Corslet over NFSv4 cluster brings acceptable I/O throughput reduction which is less than 5%, proving that Corslet can provide enhanced security for user data while maintaining acceptable performance.