摘要
该文针对云端Web服务器因被入侵而导致敏感数据泄露的问题提出了新的云端Web服务器敏感数据保护方法——SDPM(sensitive data protection method)。该方法利用云端虚拟化技术的特性,结合数据加密和隔离执行的思想,分别从传输和处理两方面保证敏感数据的安全。该文采用基于数据流追踪的敏感逻辑动态识别技术和基于虚拟化的敏感操作隔离执行技术,基于PHP内核和Xen Hypervisor对SDPM进行实现。该文针对6个开源PHP应用进行实验。结果表明:应用中敏感逻辑所占比例小于2%,在隔离执行敏感逻辑的情况下运行相关页面的防护开销小于40%。该文提出的SDPM方法可保证云端Web服务器在被入侵后仍无敏感信息泄露。
A sensitive data protection method (SDPM) for web servers in the cloud was proposed to prevent sensitive data leakage from the compromised web servers, which utilizes the features of virtualization and combines the concepts of data encryption and execution isolation. By predetermining and fixing a small amount of application codes that will compute over sensitive data, and by encrypting sensitive data before these data are available to the rest of untrusted codes, the SDPM provides strong defense against all malicious codes that an attacker may run in the server software stack. The SDPM was implemented based on the kernel of Xen Hypervisor and PHP. The results show that the amount of sensitive codes is small with a percentage of less than 2% and the overhead of protecting sensitive data is moderate with a percentage of less than 40% according to six popular web applications in this paper.
出处
《清华大学学报(自然科学版)》
EI
CAS
CSCD
北大核心
2016年第1期51-57,65,共8页
Journal of Tsinghua University(Science and Technology)
基金
国家自然科学基金资助项目(61402125)
关键词
数据保护
服务器
可信计算
data protection
server
trusted computing