Two-Layered Access Control for Storage Area Network

Abstract

Access control is important to protect for storage area network. Current access control needed large time and space overhead, and it would make large I/O performance loss of storage area network. The artificial immune algorithm can efficiently detect abnormal access request of storage area network, so the two-layered access control is presented for storage area network. The structure of two-layered access control is given, it contains two kinds of modules such as the top access control module in metadata server and the lower access control module in intelligent disk. The distribution strategy for two-layered access control is presented. The top access control module in metadata server generates all detectors and preserves a majority of them. The lower access control module preserves a small number of detectors. Then it realizes a network access request inspection strategy with a center of top access control module. The number-type detector is used to instead of binary string detector and the numerical-type detector generating algorithm is given, they are used to avoid binary string detector enumeration and access request inspection by bit. Using B-tree to create the index of number-type detector and selecting the number in one-dimensional numerical interval different with legal access request as detector. The detector distribution algorithm is presented, clustering the detector and intelligent disk, and distributing the detectors among lower access control modules. Analyzing the function, overhead and accuracy of two-layered access control strategy. It proves that the two-layered access control strategy can inspect access request with low time and space overhead and high accuracy.