摘要
内核级文件加密系统如eCryptfs、dm-crypt等能够有效防止存储介质丢失导致的数据泄露,但它们都未区分访问文件的进程,对于木马程序无防范能力。提出一种面向特定应用的内核级文件加密技术,内核页缓冲只存放密文,仅对指定应用提供明文,杜绝了木马程序获得加密文件明文的可能性,提高了信息系统的安全性。
Encryption file system such as eCryptfs and dm-crypt can avoid information leakage by storage lost.But they do not distinguish processes accessing the file,so they can not prevent information leakage by the trojan program.This paper introduced a method which puts the cryptograph in the kernel page cache,and only the specific application can access the plain text.This method eliminates the way by which the trojan program accesses the plain text,improves the security of information system.
出处
《计算机科学》
CSCD
北大核心
2015年第S1期393-394 398,398,共3页
Computer Science
基金
核高基项目(2013ZX01029002-001)资助
关键词
内核
加密文件系统
透明加密
木马
安全
Kernel,Encryption file system,Transparent encrypt,Trojan horse,Security