期刊文献+

基于连续多版本的可审计文件系统 被引量:3

Continuous Versioning-Based Auditable File System
下载PDF
导出
摘要 随着越来越多的法律法规要求将电子数据纳入审计监督范围,电子数据安全审计变得愈来愈重要.电子数据审计要求为数据的更改生成可验证的审计跟踪记录.现有的针对电子数据审计的系统因为不能防止内部人员的攻击以保证审计跟踪记录的安全可信,无法很好地满足用户需求.设计并实现了一个基于连续多版本的可审计文件系统CV-AFS,通过连续多版本技术连续捕获和保存文件系统数据变化,引入了一个可信的审计代理负责生成相应的审计跟踪记录,事后审计机构可根据审计跟踪记录来对数据进行审计,从而防止了内部人员的攻击.通过使用增量Hash算法,降低了生成审计跟踪记录的开销.作者在Linux上基于多版本文件系统ext3cow实现了CV-AFS的原型系统并进行了性能测试.Postmark的测试结果表明,CV-AFS的总时间开销要比使用传统完全Hash算法的开销降低43.5%. With the trend of more and more recent federal, state and local legislation mandating the retention and access of electronic records and audit information, the security audit of digital data becomes more and more important. The key requirement of the digital audit is to generate verifiable audit trails on the change of electronic records. Current systems for compliance with digital audit legislation fail to provide the security and trustworthiness of audit trails in the presence of a powerful insider adversary. A continuous versioning-based auditable file system, CV-AFS, is presented. All changes to data are recorded and the system will construct a data history through continuous versioning. A trusted audit agent is introduced to generate corresponding audit trails. At a later time, an auditor may verify the version history of a file according to the audit trails, and thus important data can be protected against insider attacks. The overhead of generating audit trails is reduced through the use of incremental and parallelizable Hash construction. The authors have implemented a prototype of CV-AFS in the ext3cow versioning file system based on Linux and evaluated its performance. Postmark benchmark test shows that the time overhead of CV AFS is reduced by 43.5% compared with traditional serial Hash construction.
出处 《计算机研究与发展》 EI CSCD 北大核心 2009年第11期1830-1838,共9页 Journal of Computer Research and Development
基金 国家"八六三"高技术研究发展计划基金项目(2009AA01A4303) 高等学校博士学科点专项科研基金项目(20070003092) 教育部新世纪优秀人才支持计划基金项目(NCET-05-0067) 国家自然科学基金项目(60873066)
关键词 安全审计 连续多版本 审计跟踪记录 增量Hash 防篡改硬件 security audit continuous versioning audit trails incremental Hash construction tamper-resistant hardware
  • 相关文献

参考文献1

二级参考文献12

  • 1Cornell B, Dinda PA, Bustamante FE. Wayback: A user-level versioning file system for linux. In: Proc. of the 2004 USENIX Annual Technical Conf. Boston: USENIX Association, 2004. 19-28.
  • 2Santry DJ, Feeley M J, Hutchinson NC, Veitch AC. Elephant: The file system that never forgets. In: Proc. of the Workshop on Hot Topics in Operating Systems. Arizona: IEEE TCOS, 1999.2-7.
  • 3Howard JH, Kazar ML, Menees SG, Nichols DA, Satyanarayanan M, Sidebotham RN, West MJ. Scale and performance in a distributed file system. ACM Trans. on Computer Systems, 1988,6(I ):51-8 I.
  • 4Pike R, Presotto D, Doward S, Flandrena B, Thompson K, Trickey H, Winterbottom P. Plan 9 from Bell Labs. Computing Systems, 1995,8(3):221-254.
  • 5Hitz D, Lau D, Malcolm M. File system design for an NFS file server appliance. In: Proc. of the 1994 Winter USENIX Technical Conf. San Francisco: USENIX Association, 1994. 235-245.
  • 6Lee EK, Thekkath CA. Petal: Distributed virtual disks. In: Proc. of the 7th Int'l Conf. on Architectural Support for Programming Languages and Operating Systems (ASPLOS-7). Cambridge: ACM Association, 1996.84-92.
  • 7Quinlan S, Dorward S. Venti: A new approach to archival storage. In: Proc. of the 1st USENIX Conf. on File and Storage Technologies. Monterey: USENIX Association, 2002.89-101.
  • 8Zachary P, Randal B. Ext3cow: A time-shilling file system for regulatory compliance. ACM Trans. on Storage, 2005,1 (2): 190-212.
  • 9Soules C, Goodson G, Strunk J, Ganger G. Metadata efficiency in versioning file systems. In: Proc. of the 2nd USENIX Conf. on File and Storage Technologies. San Francisco: USENIX Association, 2003.43-58.
  • 10Muniswamy-Reddy K, Wright C, Himmer A, Zadok E. A versatile and user-oriented versioning file system. In: Proc. of the 3rd USENIX Conf. on File Storage and Technologies. San Francisco: USENIX Association, 2004.115-128.

共引文献3

同被引文献19

引证文献3

二级引证文献18

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部