Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Encrypted file system based on multi-image files

A technology for encrypting file systems and files. It is applied in the field of information security and can solve problems such as trouble, frequent flashing, clearing cache, and data leakage.

Active Publication Date: 2016-05-11
WUHAN UNIV OF TECH
View PDF6 Cites 3 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

File I / O with cache brings additional problems to transparent file encryption: when the trusted process and the untrusted process perform file I / O operations on an encrypted file at the same time, especially the alternate file data reading and writing operations , plaintext data and ciphertext data will alternately appear in the cache, which will cause the following problems: First, untrusted processes may read plaintext data, resulting in data leakage; second, program processes cannot process data correctly, such as trusted processes What is read is ciphertext data and cannot be processed normally
The problem with this solution is: first, it needs to frequently flush and clear the cache, resulting in the so-called violent flushing and clearing of the cache; second, when the trusted process and the untrusted process read and write data alternately, the It is very difficult to handle cache flushing and emptying
However, the scheme in the patent application 201510690514.9 also has the following problems: the file data stored and written by an untrusted process may be plaintext data (for example, a browser downloads and saves an unencrypted Word document), so when multiple untrusted processes File I / O operations on files being stored and written may cause data leakage
However, this solution is too troublesome, and it cannot completely solve the problem of data leakage. For example, when an untrusted process opens or creates a file in a memory-mapped manner and stores and writes plaintext data, the file driver of the dual-image encrypted file system or It may be too late when the additionally introduced file filter finds that the cached data in the memory is plaintext data, and the plaintext data in the cache may have been read by other untrusted processes (although the probability of this is very small)

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Encrypted file system based on multi-image files
  • Encrypted file system based on multi-image files
  • Encrypted file system based on multi-image files

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0052] Embodiment 1. User space encrypted file system based on multi-image files

[0053] Such as figure 2 Shown, utilize the present invention and user space file system (FileSysteminUserSpace, FUSE) technology to develop a user space encrypted file system (a file system storing ciphertext), comprise FUSE file driver and FUSE user space process, wherein, FUSE file driver is The file system driver of the user space file system, the FUSE user space process is the running process of the user space program that the user space file system performs file I / O operation processing. Trusted process and untrusted process discrimination, file redirection, file data is plaintext or ciphertext discrimination, file data encryption and decryption processing and other functions (part or all) are implemented in the FUSE file driver, or (part or all) in the FUSE user Space process (program) implementation. If these functions (part or all) are driven and implemented in the FUSE file, it is no...

Embodiment approach 1

[0065] Use the strings corresponding to serial numbers 0, 1, 2, ...; the encrypted file system records the A image file or B image file that each original file is currently opened or created ; When the file opening or creation operation for a main image file is redirected to the A image file or the B image file of the corresponding original file, the encrypted file system selects an unused serial number of the A image file or the B image file as , For example, randomly select an unused serial number, or select the smallest unused serial number, or select a serial number that is 1 greater than the used serial number, etc.

Embodiment approach 2

[0067] The time is counted in milliseconds from a fixed moment. When redirecting an operation of opening or creating a main image file, the encrypted file system uses the string of the time count value at the current moment as the redirected A image. file or B like file .

[0068] The above two schemes are suitable for both ordinary files and file directories.

[0069] As can be seen from the above scheme, the file path of the A image file and the B image file contains the file path of the main image file, and the encrypted file system can determine the main image to be operated by the program process through the file path of the A image file or the B image file file to determine the original file to operate on. Since the file directories K:\__AFiles\ and K:\__BFiles\ have special purposes here, they cannot be used as ordinary file directories. The encrypted file system can check whether the file path of a file contains the file directory K:\__AFiles\ or K:\__BFiles\,...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to an encrypted file system based on multi-image files. Each file in the encrypted file system is provided with a plurality of file images, i.e. a primary image file, a plurality of A image files, and a B image file; when one of the primary image files is opened or created by an untrusted process, the file opening or creating operation is redirected to one of the corresponding A image files, and the file opening or creating operations of different untrusted processes for the same primary image file are redirected to the different A image files; when one of the primary image files is opened or created by a trusted process, the file opening or creating operation is redirected to the corresponding B image file; the encrypted file system converts I / O operations for the A image files and the B image file of each file into operations for the corresponding original file, and automatically carries out file encryption and decryption processing during the operations. The encrypted file system provided by the invention avoids not only the mixing of cached data between the trusted processes and the untrusted processes, but also clear data leakage among the untrusted processes which might be caused by data storage and writing operations.

Description

technical field [0001] The invention belongs to the technical field of information security, in particular to an encrypted file system based on multi-image files. Background technique [0002] The transparent file encryption system can automatically realize the encryption and decryption of files without changing the user's usage habits, and is an important technical means to ensure data security. In transparent file encryption, program processes that perform file I / O operations on encrypted files are divided into trusted processes and untrusted processes. Trusted processes are allowed to obtain plaintext data of encrypted files, while untrusted processes are not allowed. In the current computer file system, in order to improve the efficiency of file I / O operations, most file I / O operations are cached, that is, the file system caches the data read and / or stored by the program process in the computer memory, and When different program processes perform file I / O operations on ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/62
CPCG06F21/6218G06F2221/2107
Inventor 龙毅宏
Owner WUHAN UNIV OF TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com