Please wait a minute...
 首页  期刊介绍 期刊订阅 联系我们 横山亮次奖 百年刊庆
 
最新录用  |  预出版  |  当期目录  |  过刊浏览  |  阅读排行  |  下载排行  |  引用排行  |  横山亮次奖  |  百年刊庆
清华大学学报(自然科学版)  2016, Vol. 56 Issue (1): 51-57,65    DOI: 10.16511/j.cnki.qhdxxb.2016.23.007
  信息安全 本期目录 | 过刊浏览 | 高级检索 |
云端Web服务器敏感数据保护方法研究
韩心慧, 王东祺, 陈兆丰, 张慧琳
北京大学 计算机科学技术研究所, 北京 100871
Method for sensitive data protection of web servers in the cloud
HAN Xinhui, WANG Dongqi, CHEN Zhaofeng, ZHANG Huilin
Institute of Computer Science & Technology, Peking University, Beijing 100871, China
全文: PDF(1762 KB)  
输出: BibTeX | EndNote (RIS)      
摘要 该文针对云端Web服务器因被入侵而导致敏感数据泄露的问题提出了新的云端Web服务器敏感数据保护方法——SDPM(sensitive data protection method)。该方法利用云端虚拟化技术的特性, 结合数据加密和隔离执行的思想, 分别从传输和处理两方面保证敏感数据的安全。该文采用基于数据流追踪的敏感逻辑动态识别技术和基于虚拟化的敏感操作隔离执行技术, 基于PHP内核和Xen Hypervisor对SDPM进行实现。该文针对6个开源PHP应用进行实验。结果表明: 应用中敏感逻辑所占比例小于2%, 在隔离执行敏感逻辑的情况下运行相关页面的防护开销小于40%。该文提出的SDPM方法可保证云端Web服务器在被入侵后仍无敏感信息泄露。
服务
把本文推荐给朋友
加入引用管理器
E-mail Alert
RSS
作者相关文章
韩心慧
王东祺
陈兆丰
张慧琳
关键词 数据保护服务器可信计算    
Abstract:A sensitive data protection method (SDPM) for web servers in the cloud was proposed to prevent sensitive data leakage from the compromised web servers, which utilizes the features of virtualization and combines the concepts of data encryption and execution isolation. By predetermining and fixing a small amount of application codes that will compute over sensitive data, and by encrypting sensitive data before these data are available to the rest of untrusted codes, the SDPM provides strong defense against all malicious codes that an attacker may run in the server software stack. The SDPM was implemented based on the kernel of Xen Hypervisor and PHP. The results show that the amount of sensitive codes is small with a percentage of less than 2% and the overhead of protecting sensitive data is moderate with a percentage of less than 40% according to six popular web applications in this paper.
Key wordsdata protection    server    trusted computing
收稿日期: 2014-10-28      出版日期: 2016-01-29
ZTFLH:  TP309  
引用本文:   
韩心慧, 王东祺, 陈兆丰, 张慧琳. 云端Web服务器敏感数据保护方法研究[J]. 清华大学学报(自然科学版), 2016, 56(1): 51-57,65.
HAN Xinhui, WANG Dongqi, CHEN Zhaofeng, ZHANG Huilin. Method for sensitive data protection of web servers in the cloud. Journal of Tsinghua University(Science and Technology), 2016, 56(1): 51-57,65.
链接本文:  
http://jst.tsinghuajournals.com/CN/10.16511/j.cnki.qhdxxb.2016.23.007  或          http://jst.tsinghuajournals.com/CN/Y2016/V56/I1/51
  图1 威胁模型
  图2 应用SDPM 的云端Web服务器架构示意图
  图3 敏感逻辑分析工作流程
  图4 PHP示例程序与编译后的操作码序列
  表1 PHP应用中敏感操作数量与全部操作数量分析结果
  图5 应用SDPM 的运行开销
[1] The OWASP Foundation. Top 10 2013-A6-Sensitive Data Exposure[EB/OL]. (2013-02).https://www.owasp.org/index.php/Top_10_2013-A6-Sensitive_Data_Exposure.
[2] Verizon. 2013 Data Breach Investigations Report[EB/OL]. (2013). http://www.verizonenterprise.com/resources/reports/rp_data-breach-investigations-report-2013_en_xg.pdf.
[3] Popa R A, Redfield C, Zeldovich N, et al. Cryptdb: Protecting confidentiality with encrypted query processing [C]//Proceedings of the 23rd ACM Symposium on Operating Systems Principles. New York, NY: ACM Press, 2011: 85-100.
[4] Puttaswamy K P N, Kruegel C, Zhao B Y. Silverline: Toward data confidentiality in storage-intensive cloud applications [C]//Proceedings of the 2nd ACM Symposium on Cloud Computing. New York, NY: ACM Press, 2011: 10.
[5] Parno B, McCune J M, Wendlandt D, et al. CLAMP: Practical prevention of large-scale data leaks [C]//Security and Privacy, 2009 30th IEEE Symposium on. Piscataway, NJ: IEEE Press, 2009: 154-169.
[6] Felt A P, Finifter M, Weinberger J, et al. Diesel: Applying privilege separation to database access [C]//Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security. New York: ACM Press, 2011: 416-422.
[7] Lampson B, Abadi M, Burrows M, et al. Authentication in distributed systems: Theory and practice [J]. ACM Transactions on Computer Systems (TOCS), 1992, 10(4): 265-310.
[8] Wikipedia. Trusted computing base [EB/OL]. (2002-02).http://en.wikipedia.org/wiki/Trusted_computing_base.
[9] Howard M. Attack surface: Mitigate security risks by minimizing the code you expose to untrusted users [EB/OL]. (2004-11). http://msdn.microsoft.com/en-us/magazine/cc163882.aspx.
[10] McCune J M, Parno B J, Perrig A, et al. Flicker: An execution infrastructure for TCB minimization [J]. ACM SIGOPS Operating Systems Review, 2008, 42(4): 315-328.
[11] Dworkin M. Recommendation for block cipher modes of operation: Galois/counter mode (GCM) and GMAC [R]. Gaithersburg: US Department of Commerce, National Institute of Standards and Technology, 2007.
[12] McGrew D, Viega J. The Galois/counter mode of operation (GCM) [EB/OL]. (2004).http://siswg.net/docs/gcm_ spec.pdf.
[13] Wikipedia. Block cipher mode of operation [EB/OL]. (2014-05). http://en.wikipedia.org/wiki/Block_cipher_mode_ of_operation.
[14] Gueron S, Kounavis M E. Intel? carry-less multiplication instruction and its usage for computing the GCM mode, Intel white paper [R]. 2012.
[15] W3Techs. Usage of server-side programming languages for websites [EB/OL]. (2014-04). http://w3techs.com/technologies/overview/programming_language/all.
[16] Gueron S. AES-GCM for efficient authenticated encryption: Ending the reign of HMAC-SHA-1? [C]//Workshop on Real-World Cryptography. Stanford: Stanford Univ, 2013.
[17] The PHP Group. vld Package Information [EB/OL]. (2003-09).http://pecl.php.net/package/vld.
[18] Crawljax. Crawling Ajax-based Web Applications [EB/OL]. (2007-10). http://crawljax.com.
[19] Computer Science Department at the University of Illinois at Urbana-Champaign. The LLVM Compiler Infrastructure [EB/OL]. (2002-06). http://llvm.org.