Focusing on the issue that OpenFlow network can't meet access control policy constantly resulted from its data plane changing frequently, an automatic implementation scheme of implementing access control rules in OpenFlow network was proposed. Firstly, reachable space was obtained by building real-time forwarding paths, and conflicts among access control rules were resolved by using dynamical synthesis algorithm. Then, denied space was extracted from synthetic set of access control rules by using rule space division algorithm, which was compared with reachable space subsequently to detect direct and indirect violations. According to network update situations and violation detection results, automatic violation resolutions were adopted flexibly, such as rejecting rule update, removing rule sequence, deploying rule near source based on Linear Programming (LP) and deploying rule terminally. Lastly, the format of access control rule was converted. The theoretical analysis and simulation results demonstrate that the proposed scheme is applicable under the condition that multiple security applications are running on the controller and memory of switch is limited, and show that deploying rule near source based on LP can minimize unwanted traffic of network.

To solve the problems existing in BLP (Bell-LaPadula) model, such as information aggregation leakage, excessive privileges of trusted subject and the deficiency of integrity, with reference to the application requirement of hierarchical file protection, an information aggregation leakage proof model named IALP (Information Aggregation Leakage Proof) was proposed based on assignment partition. First of all, the cause of information aggregation leakage and the current research situation were discussed. Secondly, on the basis of assignments partition, the knowledgeable degree of subject and the information weight of object were quantized, and the relatively trusted subject was proposed. Security axioms and state transition rules were given. Finally, the theoretical proof, application examples and analysis indicate that IALP can control the knowable degree of the subject towards the object set with the aggregation leakage relation, and limits the privilege of trusted subject and enhances the integrity to some extent.

In order to improve the storage efficiency of Hadoop Distributed File System (HDFS) and its load balance ability, this paper presented an improved solution named Noah to replace the original multiple-replication strategy. Noah introduced a coding module to HDFS. Instead of adopting the multiple-replication strategy by the original system, the module encoded every data block of HDFS into a greater number of data sections (pieces), and saved them dispersedly into the clusters of the storage system in distributed fashion. In the case of cluster failure, the original data would be recovered via decoding by collecting any 70% of the sections, while the dynamic replication strategy also worked synchronously, in which the amount of copies would dynamically change with the demand. The experimental results in analogous clusters of storage system show the feasibility and advantages of new measures in proposed solution.