作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2019, Vol. 45 ›› Issue (7): 170-175. doi: 10.19678/j.issn.1000-3428.0051549

• 安全技术 • 上一篇    下一篇

具备完整性追溯的系统数据容灾机制

杜军龙, 金俊平, 周剑涛   

  1. 江西省信息中心, 南昌 330001
  • 收稿日期:2018-05-14 修回日期:2018-06-22 出版日期:2019-07-15 发布日期:2019-07-23
  • 作者简介:杜军龙(1978-),男,高级工程师,主研方向为信息安全、电子政务;金俊平,研究员;周剑涛,工程师。
  • 基金资助:
    “核高基”重大专项“工业互联网安全操作系统产业化及规模化应用”(2017ZX01038103)。

System Data Disaster Tolerant Mechanism with Integrity Traceability

DU Junlong, JIN Junping, ZHOU Jiantao   

  1. Jiangxi Information Center, Nanchang 330001, China
  • Received:2018-05-14 Revised:2018-06-22 Online:2019-07-15 Published:2019-07-23

摘要: 针对通用Linux平台因遭受异常攻击、破坏、宕机与病毒感染导致系统无法启动的问题,提出一种系统数据容灾机制(DDTM)。以安全上下文为宿主对象,基于可配置形式涵盖挂载预设、容灾粒度与改写策略库,通过文件完整性的追溯构建动态改写链。在DDTM形式化定义的基础上,给出细粒度的实现算法。实验结果表明,该机制可靠性高、实用性强。

关键词: 数据容灾, 系统异常, 文件安全上下文, 完整性追溯, 动态改写

Abstract: This paper proposes a system Data Disaster Tolerant Mechanism(DDTM) to address the problem that general Linux platforms suffer from abnormal attacks,damage,downtime,and virus infection,which leads to system startup failure. The security context is used as a host object,and the configurable form covers the mount preset,the disaster tolerance granularity,and the rewriting policy library. A dynamic rewriting chain is built by traceability of file integrity.Based on the formal definition of DDTM,a fine-grained implementation algorithm is given.Experimental results show that the mechanism is of high reliability and practicability.

Key words: data tolerance, system abnormal, file security context, integrity traceability, dynamic rewriting

中图分类号: