zhu jianxin,yang xiaohu,dong jinxiang,cao zhexin

DOI: https://doi.org/10.3321/j.issn:1002-8331.2002.10.030

2002-01-01

Abstract:The reliable identity authentication will ensure the security of information system firstly.The technology of biometric authentication will provide a more reliable and more secure method to protect the security of information system.This paper analyzes a generalized biometric identification system reference model,then point s out that this model will help the design of architecture in the biometric authentication system.The paper also analyzes the main issues that must be considered in the design of biometric authentication system,then introduces an example -the design of fingerprint-based authentication system in network environment.

黄益民,平玲娣,潘雪增

DOI: https://doi.org/10.3785/j.issn.1008-973x.2001.06.005

2001-01-01

Abstract:After study of existing security models; analysis of information flow model, Bell-LaPadula(BLP) access control model and Biba access control model; and collation and comparison of their advantages and disadvantages, an improved model is put forward that satisfies the actual demands of information security. An implementation strategy is put forward that ensures information security, reliability, practicality and compatibility in the designed security system. An implementation scheme of this security system and its components and functions is provided. This system combines the following functions: mandatory access contro1, privilege separation, security audit, identity authentication and self-protection. It achieves the level 3 of national information security standard and level B1 of TCSEC standard. It was implemented in the Windows NT and Linux operating system and has yielded good resultsin application.

MAO Weifeng,PING Lingdi,JIANG Li,CHEN Xiaoping

DOI: https://doi.org/10.3969/j.issn.1000-3428.2006.12.068

2006-01-01

Abstract:SECOS is a secure operating system with independent intellectual property right,which accords with the requirements of level 4 secure operation system technology.This paper illustrates some key issues of the system,including design method for enchancement of security,improved model from the Bell-La Padula MAC(mandatory access control) implementation,the realization of the model,formal method during the system development,conversiion channel analysis and its prevention,and secure deletion.The performance evaluation shows the design and implementation of SECOS is effective.

Jie Lin,Yunliang Zhang,Zhiyong Tan,Yiqi Dai

2009-01-01

Abstract:The paper proposes a novel secure distributed disk system. By dynamically exploiting file-system semantics of on-disk data blocks and sensing activities of the local file system, the disk system can be integrated with the current file systems seamlessly without changing the standard block interface between them and can efficiently manage accesses to the files from multiple hosts. And the disk system adopts a new data distribution scheme to ensure confidentiality, reliability and availability of data, and a credibility evaluation strategy to prevent some attacks from malicious clients and data servers.

YANG Bo,ZHANG Ji-zheng,JIA Hui-bo

DOI: https://doi.org/10.3969/j.issn.1001-3695.2006.04.028

2006-01-01

Abstract:Self-securing mechanism means the shift of storage security functionality into the storage device's firmware,which guarantees the availability and integrity of data storage in the case of host systems or client systems are compromised.With the popularization of the embedded processor,erecting security perimeter on storage device will direct the development of storage system.

Mais Nijim,Xiao Qin,Tao Xie

DOI: https://doi.org/10.1145/1210596.1210598

2006-01-01

ACM Transactions on Storage

Abstract:Since security is of critical importance for modern storage systems, it is imperative to protect stored data from being tampered with or disclosed. Although an increasing number of secure storage systems have been developed, there is no way to dynamically choose security services to meet disk requests' flexible security requirements. Furthermore, existing security techniques for disk systems are not suitable to guarantee desired response times of disk requests. We remedy this situation by proposing an adaptive strategy (referred to as AWARDS) that can judiciously select the most appropriate security service for each write request, while endeavoring to guarantee the desired response times of all disk requests. To prove the efficiency of the proposed approach, we build an analytical model to measure the probability that a disk request is completed before its desired response time. The model also can be used to derive the expected value of disk requests' security levels. Empirical results based on synthetic workloads as well as real I/O-intensive applications show that AWARDS significantly improves overall performance over an existing scheme by up to 358.9% (with an average of 213.4%).

LI Dong,GUO Jin,ZHANG JIZHENG,JIA Huibo

DOI: https://doi.org/10.3969/j.issn.1000-3428.2005.11.066

2005-01-01

Abstract:Security mechanisms for survivability used in current storage systems are divided into two classes, including distributed data copies on wide scale and self-security storage devices. The data center now this paper deploys employs the method resembling the latter, which sets up access patterns database to identify possible attacks. The paper predicts as storage device becomes more intelligent self-security storage device and combination of different security mechanisms will direct the development of survivable storage system.

Minal Moharir,A. V. Suresh

DOI: https://doi.org/10.48550/arXiv.1109.4565

2011-08-26

Abstract:The main objective of the paper is to study and develop an efficient method for Hard Disk Drive(HDD) Security using Full Disk Encryption (FDE) with Advanced Encryption Standards(AES) for data security specifically for Personal Computers(PCS) and Laptops . The focus of this work is to authenticate and protect the content of HDD from illegal use. The paper proposes an adaptive methods for protecting a HDD based on FDE. The proposed method is labeled as DiskTrust. FDE encrypts entire content or a single volume on your disk. DiskTrust implements Symmetric key cryptography with, Advanced Encryption Standards. Finally, the applicability of these methodologies for HDD security will be evaluated on a set of data files with different key sizes.

Cryptography and Security

LIN Hao-xiang,DONG Yuan,ZHANG Wei,ZHANG Su-qin,HU Chang-jun

DOI: https://doi.org/10.3969/j.issn.1000-1220.2007.01.026

2007-01-01

Abstract:Recently it has been a focus to protect personal sensitive information. Using cryptographic technique is a promising way. This paper describes the design and implementation of Waycryptic, a versatile cryptographic file system for Linux. By integrating cryptographic technique into file system level, users obtain transparent, dynamic, efficient and secure encryption function without modifying their applications. Encrypted files could be saved on any physical file system which supports extended attributes (XATTR). Waycryptic also permits encrypted files to be shared among multi users and to be easily recovered by designating an account in advance. The results of Iozone and Bonnie benchmarks show that Waycryptic is comparatively efficient and is suitable for personal or multi-user systems which require enhanced security.

张辉,王春露,张悠慧

DOI: https://doi.org/10.16208/j.issn1000-7024.2008.16.019

2008-01-01

Abstract:It is illustrated the technology of how to use a single file system to backup the crucial data which is saved on it and how to restore the important data when it is ruined.As the same time,the hard disk or mobile storage device which serves a single file system as storage system makes sure that when the disk of device is lost the confidential data is safe by the technology of encryption.

Jiwu Shu,Zhirong Shen,Wei Xue,Yingxun Fu

DOI: https://doi.org/10.1109/ASPDAC.2013.6509625

2013-01-01

Abstract:With the rapid development of cloud storage, data security in storage receives great attention and becomes the top concern to block the spread development of cloud service. In this paper, we systematically study the security researches in the storage systems. We first present the design criteria that are used to evaluate a secure storage system and summarize the widely adopted key technologies. Then, we further investigate the security research in cloud storage and conclude the new challenges in the cloud environment. Finally, we give a detailed comparison among the selected secure storage systems and draw the relationship between the key technologies and the design criteria.

纪丰伟,陈恳,刘敏,于晓强

DOI: https://doi.org/10.3321/j.issn:1004-132x.2002.02.019

2002-01-01

Abstract:On the basis of function framework of PDM, this paper proposes a method to build PDM security system, and discusses stressly how to keep security of data and process in PDM system. In the end of the paper, some tools or methods about data encryption, digital signature, etc, are described.

ZHAO Xiu-wen,LUO Ping,CHEN Qiang,ZHANG Ning

2006-01-01

Abstract:How to provide stronger and more flexible security protections for file systems is one important part of secure file systems research.Based LDAP and SSH protocol,the distributed secure file system is designed.The model,principle and security analysis of distributed secure file system are introduced.

Yuxia Cheng,Qing Wu,Bei Wang,Wenzhi Chen

DOI: https://doi.org/10.1007/978-3-319-69471-9_4

2017-01-01

Abstract:Protecting data security and privacy is one of the top concerns in the public cloud. As the cloud infrastructure is complex, and it is difficult for cloud users to gain trust. Particularly, how to guarantee the confidentiality and integrity of in-memory user private data in untrusted cloud faces big challenges. The in-memory data is typically used for online processing that requires high performance and plaintext access in CPU, therefore simple data encryption is infeasible for in-memory data security protection. In this paper, we propose a secure in-memory data cache scheme based on the memcached key-value store system and leverage the new trusted Intel SGX processors to protect sensitive operations. Firstly, we build a secure enclave and design a trusted channel protocol using remote attestation mechanism. Secondly, we propose a cache server partitioning method that decouples the sensitive key-value operations with enclave protection. Thirdly, we implement a secure client library to maintain the original cache semantics for application compatibility. The experimental result showed that the proposed solutions achieves comparable performance with the traditional key-value store systems, while improves the level of data security in untrusted cloud.

Hai-Yun Peng,Wen-Gang Zhou

DOI: https://doi.org/10.14257/ijsia.2014.8.2.26

2014-01-01

International Journal of Security and Its Applications

Abstract:It is a tough problem to pretect computer data in the public environment. In order to prevent hard disk data from virus infection, malice destory and deleting by mistake, this paper illustrates the design and implementation of a disk immunity system based WDM filtered driver. This system can effectively protect hard disk data. Benchmark results show that this system has a few effects for the disk I/O performance.

Hong-Liang TIAN,Yong ZHANG,Xin-Hui XU,Chao LI,Chun-Xiao XING

DOI: https://doi.org/10.11897/SP.J.1016.2016.00154

2016-01-01

Chinese Journal of Computers

Abstract:Big data,known for its characteristics of high volume,high value and centralized storage, is an attractive target for attackers.Thus,big data security is an important issue.However,the two most common data security measures used in big data platforms (e.g.Hadoop)are not satisfactory:(1 )Access control mechanisms are prone to bugs and vulnerabilities;(2)Data encryption is provably secure but incurs considerable overheads during data processing.In this paper,we present TrustedSSD,a secure Solid State Drive (SSD)that efficiently guarantees the security of data-at-rest by enforcing a fine-grained access control.We first analysis the security of TrustedSSD,and then describe the design and implementation of the system,highlighting the challenges involved. We built a prototype of TrustedSSD on a commercially successful SSD controller.Experimental results on both synthetic and real-world workloads show that TrustedSSD incurs less than 3%overhead.Therefore,we believe TrustedSSD is a promising approach to big data security.

Manting Shen,Yinyan Yu,Zhi Tang,Xiaoyu Cui

DOI: https://doi.org/10.1109/compsac.2016.56

2016-01-01

Abstract:Sensitive information leakage in files is one of the biggest concerns in people's life. Considering this situation, people have designed lots of tools to protect sensitive files. However, these specialized tools are not applicable when the user amount is small. This paper proposes a novel light-weight mechanism that provides efficient and fast cryptographic-based file protection to meet the need of small organizations. The highlights are its ability to provide protection for all types of files, and the usage of an efficient access control approach for file sharing. Operations in the directory are monitored in real time and files are protected automatically. Moreover, encryption keys are generated and well preserved by a hierarchical key generation algorithm. For further estimation, we conducted experiments and analyzed the security and performance of our mechanism as well as other file protection software, and then we made a comparison among them. Experimental results show that our mechanism performs well both in security and performance and outperforms those other file protection software when applied in small organizations.

Jiwu Shu,Zhirong Shen,Wei Xue

DOI: https://doi.org/10.1016/j.jpdc.2014.06.003

IF: 4.542

2014-01-01

Journal of Parallel and Distributed Computing

Abstract:With the increasing amount of personal data stored in public storage, users are losing control of their physical data, putting their data information at risk of theft or being compromised. Traditional secure storage systems either require users to completely trust the storage provider or impose the considerable burden of managing files on file owners; such systems are inapplicable in the practical cloud environment. This paper addresses these challenging problems by proposing a new secure system architecture and implementing a stackable secure storage system named Shield, in which a proxy server is introduced to be in charge of authentication and access control. We propose a new variant of the Merkle Hash Tree to support efficient integrity checking and file content update; further, we have designed a hierarchical key organization to achieve convenient keys management and efficient permission revocation. Shield supports concurrent write access by employing a virtual linked list; it also provides secure file sharing without any modification to the underlying file systems. A series of evaluations over various real benchmarks show that Shield causes about 7%∼13% performance degradation when compared with eCryptfs but provides enhanced security for user’s data.

WANG Li-min,CONG Shan,CHEN Yan

DOI: https://doi.org/10.3969/j.issn.1671-1122.2011.05.009

2011-01-01

Abstract:This paper studied the password techniques in internal network information system security and secrecy,analyzes the supporting function of the general unit interior network usually existent problem,put forward properly encryption devices can be some problems and measures taken.

Qingni Shen,Yahui Yang,Zhonghai Wu,Dandan Wang,Min Long

DOI: https://doi.org/10.1504/ijguc.2013.057118

2013-01-01

International Journal of Grid and Utility Computing

Abstract:With the growth of business, an enterprise would like to make its PSC private storage cloud approach an infrastructure service in a partner/public cloud. In such PSCs, there are some new data security issues, First, how to keep the data rest in the PSC isolated from internal and external attackers; second, how to make secure intra-cloud data migration within the enterprise; third, how to secure inter-cloud data migrating between the PSC and the partner/public cloud. In this paper, we propose an architecture design for enforcing data security services on the layer of HDFS in the PSC, including secure data isolation service, secure intra-cloud data migration service, and secure inter-cloud data migration service. Finally, it gives the prototype implemented as pluggable security modules in accord with our custom security policies through AOP Aspect-Oriented Programming method. The time cost is given and evaluated efficiently.