位置:成果数据库 > 期刊 > 期刊详情页
基于连续多版本的可审计文件系统
  • 期刊名称:黄荣荣, 舒继武, 陈 康, 肖 达, 基于连续多版本的可审计文件系统, 计算机研究与发展,2009
  • 时间:0
  • 分类:TP309.2[自动化与计算机技术—计算机系统结构;自动化与计算机技术—计算机科学与技术]
  • 作者机构:[1]清华大学计算机科学与技术系,北京100084, [2]清华大学信息科学与技术国家实验室(筹),北京100084
  • 相关基金:基金项目:国家“八六三”高技术研究发展计划基金项目(2009AA01A4303);高等学校博士学科点专项科研基金项目(20070003092);教育部新世纪优秀人才支持计划基金项目(NCET050067);国家自然科学基金项目(60873066)
  • 相关项目:大规模网络存储系统的容错技术研究
中文摘要:

随着越来越多的法律法规要求将电子数据纳入审计监督范围,电子数据安全审计变得愈来愈重要.电子数据审计要求为数据的更改生成可验证的审计跟踪记录.现有的针对电子数据审计的系统因为不能防止内部人员的攻击以保证审计跟踪记录的安全可信,无法很好地满足用户需求.设计并实现了一个基于连续多版本的可审计文件系统CV-AFS,通过连续多版本技术连续捕获和保存文件系统数据变化,引入了一个可信的审计代理负责生成相应的审计跟踪记录,事后审计机构可根据审计跟踪记录来对数据进行审计,从而防止了内部人员的攻击.通过使用增量Hash算法,降低了生成审计跟踪记录的开销.作者在Linux上基于多版本文件系统ext3cow实现了CV-AFS的原型系统并进行了性能测试.Postmark的测试结果表明,CV-AFS的总时间开销要比使用传统完全Hash算法的开销降低43.5%.

英文摘要:

With the trend of more and more recent federal, state and local legislation mandating the retention and access of electronic records and audit information, the security audit of digital data becomes more and more important. The key requirement of the digital audit is to generate verifiable audit trails on the change of electronic records. Current systems for compliance with digital audit legislation fail to provide the security and trustworthiness of audit trails in the presence of a powerful insider adversary. A continuous versioning-based auditable file system, CV-AFS, is presented. All changes to data are recorded and the system will construct a data history through continuous versioning. A trusted audit agent is introduced to generate corresponding audit trails. At a later time, an auditor may verify the version history of a file according to the audit trails, and thus important data can be protected against insider attacks. The overhead of generating audit trails is reduced through the use of incremental and parallelizable Hash construction. The authors have implemented a prototype of CV-AFS in the ext3cow versioning file system based on Linux and evaluated its performance. Postmark benchmark test shows that the time overhead of CV AFS is reduced by 43.5% compared with traditional serial Hash construction.

同期刊论文项目
同项目期刊论文