计算机工程与设计
計算機工程與設計
계산궤공정여설계
COMPUTER ENGINEERING AND DESIGN
2015年
6期
1482-1486
,共5页
喻崇仁%牛中盈%杨嘉伟%田鹏
喻崇仁%牛中盈%楊嘉偉%田鵬
유숭인%우중영%양가위%전붕
透明加密%容灾%虚拟化%分层开发%并行加密
透明加密%容災%虛擬化%分層開髮%併行加密
투명가밀%용재%허의화%분층개발%병행가밀
transparent encryption%disaster recovery%virtualization%layering development%parallel encryption
为满足容灾系统中保护数据机密性的需求,设计一种面向容灾的堆叠式数据透明加密框架。采用虚拟化技术和分层开发思想,在系统容灾层之上构建数据加密层,实现容灾系统中数据的加密存储和在网络中的加密传输。针对数据加密操作时间开销大的问题,设计一个数据并行加密机制p‐dm‐crypt ,在加密驱动程序中实现对数据的并行加密处理。原型系统上的测试结果表明,与采用Linux系统内置的dm‐crypt加密机制的系统相比,采用p‐dm‐crypt的系统在写性能方面提升了18%。
為滿足容災繫統中保護數據機密性的需求,設計一種麵嚮容災的堆疊式數據透明加密框架。採用虛擬化技術和分層開髮思想,在繫統容災層之上構建數據加密層,實現容災繫統中數據的加密存儲和在網絡中的加密傳輸。針對數據加密操作時間開銷大的問題,設計一箇數據併行加密機製p‐dm‐crypt ,在加密驅動程序中實現對數據的併行加密處理。原型繫統上的測試結果錶明,與採用Linux繫統內置的dm‐crypt加密機製的繫統相比,採用p‐dm‐crypt的繫統在寫性能方麵提升瞭18%。
위만족용재계통중보호수거궤밀성적수구,설계일충면향용재적퇴첩식수거투명가밀광가。채용허의화기술화분층개발사상,재계통용재층지상구건수거가밀층,실현용재계통중수거적가밀존저화재망락중적가밀전수。침대수거가밀조작시간개소대적문제,설계일개수거병행가밀궤제p‐dm‐crypt ,재가밀구동정서중실현대수거적병행가밀처리。원형계통상적측시결과표명,여채용Linux계통내치적dm‐crypt가밀궤제적계통상비,채용p‐dm‐crypt적계통재사성능방면제승료18%。
To meet the requirement of protecting data confidentiality in a disaster recovery system ,a stackable transparent data encryption framework was designed .Using virtualization technology and layering development ideas ,the encrypted storage and transmission for data in a disaster recovery system was achieved by constructing a data encryption layer above the disaster reco‐very layer .To reduce the time overhead of cryptographic operations ,a parallel data encryption mechanism called p‐dm‐crypt was designed ,which realized the parallel processing of data encryption in the device driver .Results of the test indicate that compared with a system using dm‐crypt with an encryption mechanism built in Linux ,the write performance of the system using p‐dm‐crypt is increased by 18% .
