ISSN 1000-1239 CN 11-1777/TP

• 论文 • 上一篇    下一篇


黄荣荣 舒继武 陈 康 肖 达   

  1. (清华大学计算机科学与技术系 北京 100084) (清华大学信息科学与技术国家实验室(筹) 北京 100084) (
  • 出版日期: 2009-11-15

Continuous Versioning-Based Auditable File System

Huang Rongrong, Shu Jiwu, Chen Kang, and Xiao Da   

  1. (Department of Computer Science and Technology, Tsinghua University, Beijing 100084) (National Laboratory for Information Science and Technology(TNList), Tsinghua University, Beijing 100084)
  • Online: 2009-11-15

摘要: 随着越来越多的法律法规要求将电子数据纳入审计监督范围,电子数据安全审计变得愈来愈重要.电子数据审计要求为数据的更改生成可验证的审计跟踪记录.现有的针对电子数据审计的系统因为不能防止内部人员的攻击以保证审计跟踪记录的安全可信,无法很好地满足用户需求.设计并实现了一个基于连续多版本的可审计文件系统CV-AFS,通过连续多版本技术连续捕获和保存文件系统数据变化,引入了一个可信的审计代理负责生成相应的审计跟踪记录,事后审计机构可根据审计跟踪记录来对数据进行审计,从而防止了内部人员的攻击.通过使用增量Hash算法,降低了生成审计跟踪记录的开销.作者在Linux上基于多版本文件系统ext3cow实现了CV-AFS的原型系统并进行了性能测试.Postmark的测试结果表明,CV-AFS的总时间开销要比使用传统完全Hash算法的开销降低43.5%.

关键词: 安全审计, 连续多版本, 审计跟踪记录, 增量Hash, 防篡改硬件

Abstract: With the trend of more and more recent federal, state and local legislation mandating the retention and access of electronic records and audit information, the security audit of digital data becomes more and more important. The key requirement of the digital audit is to generate verifiable audit trails on the change of electronic records. Current systems for compliance with digital audit legislation fail to provide the security and trustworthiness of audit trails in the presence of a powerful insider adversary. A continuous versioning-based auditable file system, CV-AFS, is presented. All changes to data are recorded and the system will construct a data history through continuous versioning. A trusted audit agent is introduced to generate corresponding audit trails. At a later time, an auditor may verify the version history of a file according to the audit trails, and thus important data can be protected against insider attacks. The overhead of generating audit trails is reduced through the use of incremental and parallelizable Hash construction. The authors have implemented a prototype of CV-AFS in the ext3cow versioning file system based on Linux and evaluated its performance. Postmark benchmark test shows that the time overhead of CV-AFS is reduced by 43.5% compared with traditional serial Hash construction.

Key words: security audit, continuous versioning, audit trails, incremental Hash construction, tamper-resistant hardware