摘要
为了防止数据失窃需要对敏感数据进行加解密处理,提出一种基于Linux安全模块框架的轻量级透明加密方法。该方法主要是对文件进行写操作时,使用LSM钩子实现对文件的加密操作;当用户试图读取文件时触发内核读系统调用服务例程并在该例程中实现文件的解密操作。测试结果发现基于LSM的透明加密在确保数据安全的情况下对读写性能影响不大。
A lightweight transparent encryption method based on the framework of Linux security modules (LSM) is proposed to meet the need for encrypting and decrypting on sensitive data from being stolen. The method uses the LSM hooks to encryption file while writing file, and triggers the kernel read system call service routine to decrypt file in the routine when user attempts to reading file. Testing results show that this method not only can ensure data security but also have little influence on reading and writing file.
出处
《西安邮电大学学报》
2014年第1期78-81,共4页
Journal of Xi’an University of Posts and Telecommunications
基金
陕西省教育厅基金资助项目(11JK1037)
