Journal of Computer Applications ›› 2017, Vol. 37 ›› Issue (2): 412-416.DOI: 10.11772/j.issn.1001-9081.2017.02.0412

Previous Articles     Next Articles

Data protection mechanism of local-no-data for iSCSI disk

ZHANG Jinqing1, YAO Shuzhen1, TAN Huobin2   

  1. 1. School of Computer Science and Engineering, Beihang University, Beijing 100191, China;
    2. School of Software, Beihang University, Beijing 100191, China
  • Received:2016-08-15 Revised:2016-09-04 Online:2017-02-10 Published:2017-02-11


张晋卿1, 姚淑珍1, 谭火彬2   

  1. 1. 北京航空航天大学 计算机学院, 北京 100191;
    2. 北京航空航天大学 软件学院, 北京 100191
  • 通讯作者: 张晋卿,
  • 作者简介:张晋卿(1992-),男,山东青岛人,硕士研究生,主要研究方向:信息安全;姚淑珍(1965-),女,北京人,教授,博士,CCF会员,主要研究方向:软件工程、Petri网;谭火彬(1979-),男,北京人,讲师,博士,主要研究方向:软件工程。

Abstract: The existing Internet Small Computer System Interface (iSCSI) disk data protection measures cannot guarantee that the data will not be stolen when unexpected user logs into the system legally. By combining algorithm of redirect disk read and write, transparent encryption and decryption of disk, local-no-data iSCSI disk data protection mechanism named iSCSI_SEC (iSCSI disk data SECurity) was proposed. The concept of local-no-data means that the important data in iSCSI disk will only be stored in the server and not be stored in the local storage by user operation or program copy or some other reasons, which can guarantee the confidentiality of important data on the disk. iSCSI_SEC was realized in system kernel by loading a layer of disk filter. The experimental results show that compared with TrueCrypt, although iSCSI_SEC decreased the disk read and write performance, but the decrease is less than that of TrueCrypt. iSCSI_SEC not only can guarantee the confidentiality of data on iSCSI disk, but also has better performance than TrueCrypt under the environment of iSCSI.

Key words: Internet Small Computer System Interface (iSCSI)protocol, disk filter, data theft

摘要: 在信息窃取者合法登录系统的情况下,现有的Internet小型计算机系统接口(iSCSI)磁盘数据保护措施并不能保证数据不被窃取。通过结合磁盘读写重定向算法、磁盘透明加解密机制,提出一种本地无数据的iSCSI磁盘数据保护机制iSCSI_SEC。本地无数据指的是iSCSI磁盘中的重要数据只会存在于iSCSI磁盘服务器中而不会因为用户操作或者程序拷贝等原因在本地存储介质上存在,从而能够保证磁盘中重要数据的机密性。通过在系统内核层加载磁盘过滤驱动程序的方式来实现数据保护机制,并与TrueCrypt进行磁盘读写性能对比,实验结果显示iSCSI_SEC使磁盘读、写性能下降幅度小于TrueCrypt。结果表明,iSCSI_SEC不仅能够保证iSCSI磁盘数据的机密性,并且在iSCSI磁盘环境下比TrueCrypt有更好的性能表现。

关键词: iSCSI协议, 磁盘过滤, 数据窃取

CLC Number: