磁盘级的ZFS数据跟踪与隐藏技术
摘要
计算机应用正朝着数据密集型发展。同时,随着物联网的兴起,越来越多的物品被接入到互联网,产生了新的海量数据并通过云端进行上传和下载。而近年来,用户生成的内容也增长了15倍。数据的爆炸式增长超出了摩尔定律。今后4年内产生的数据量将超出历史的总和。
当前磁盘驱动器的容量每9到12个月就会翻倍,按照这个速度,在未来10到15年内需要为文件系统增加64位的寻址能力。传统文件系统将无法满足需求。ZFS是一种创新的适应未来发展需要的海量文件系统,支持128位寻址,同时提供了丰富的特性。但目前关于ZFS的文献并不多,也很少提及切实可行的研究手段。
本文提出了一种对ZFS文件数据进行跟踪和隐藏的方法,通过磁盘级的访问,从目标文件的路径和文件名开始,在磁盘上逐步地找到所有与其相关的源信息和数据信息,实现跟踪的目标。进而,通过直接修改磁盘数据来实现ZFS的文件数据隐藏。
实现ZFS数据跟踪与隐藏的意义在于:通过全面的数据跟踪,直观地揭示了ZFS的存储机制。本文设计的软件可以作为ZFS的分析工具,用于数字取证和其他的相关研究。鉴于ZFS的独特设计,可以使用该软件恢复同一文件过去时间点的数据。而ZFS文件数据隐藏在结合了数据扰乱以后,能够防范系统的入侵者,最大程度地保护用户的敏感数据。
Many researches and applications are based on data-intensive computing. With the advent of the Internet of Things, a massive amount of new data will be uploaded to and downloaded from the cloud. And this is in addition to the burgeoning amount of user-generated content. The data explosion is bigger than Moore's law. More data will be created in the next four years than ever before.
As the volume of disk driver doubles every 9 to 12 months, file systems will be equipped with extra 64-bit addressing capability within 10 to 15 years. Among all the potential wide-address file systems, Zettabyte File System stands out as one of the most innovative, feature-rich, and future-proof 128-bit system. However, the literature on ZFS is very limited and not many researches provide pragmatic approaches.
This paper introduces a solution to implement ZFS data tracing and concealment at disk level. By accessing on-disk data directly, we dig out all the metadata and file content for a designated ZFS file and establish a holistic view of data tracing. Afterward, we modify all relevant metadata to conceal a ZFS file. Meanwhile, data scrambling is adopted to enhance the security of the hidden data.
The paper reveals some significant insights into the storage mechanism of ZFS. The data tracing can be applied to digital forensics or other researches of ZFS as an analysis tool. Owing to the unique design of ZFS, we can utilize the data tracing to recover data at a previous time. Combined with data scrambling, the data concealment dramatically boosts data security. It can defeat some smart intruders and protect sensitive user data from leaking.
当前磁盘驱动器的容量每9到12个月就会翻倍,按照这个速度,在未来10到15年内需要为文件系统增加64位的寻址能力。传统文件系统将无法满足需求。ZFS是一种创新的适应未来发展需要的海量文件系统,支持128位寻址,同时提供了丰富的特性。但目前关于ZFS的文献并不多,也很少提及切实可行的研究手段。
本文提出了一种对ZFS文件数据进行跟踪和隐藏的方法,通过磁盘级的访问,从目标文件的路径和文件名开始,在磁盘上逐步地找到所有与其相关的源信息和数据信息,实现跟踪的目标。进而,通过直接修改磁盘数据来实现ZFS的文件数据隐藏。
实现ZFS数据跟踪与隐藏的意义在于:通过全面的数据跟踪,直观地揭示了ZFS的存储机制。本文设计的软件可以作为ZFS的分析工具,用于数字取证和其他的相关研究。鉴于ZFS的独特设计,可以使用该软件恢复同一文件过去时间点的数据。而ZFS文件数据隐藏在结合了数据扰乱以后,能够防范系统的入侵者,最大程度地保护用户的敏感数据。
Many researches and applications are based on data-intensive computing. With the advent of the Internet of Things, a massive amount of new data will be uploaded to and downloaded from the cloud. And this is in addition to the burgeoning amount of user-generated content. The data explosion is bigger than Moore's law. More data will be created in the next four years than ever before.
As the volume of disk driver doubles every 9 to 12 months, file systems will be equipped with extra 64-bit addressing capability within 10 to 15 years. Among all the potential wide-address file systems, Zettabyte File System stands out as one of the most innovative, feature-rich, and future-proof 128-bit system. However, the literature on ZFS is very limited and not many researches provide pragmatic approaches.
This paper introduces a solution to implement ZFS data tracing and concealment at disk level. By accessing on-disk data directly, we dig out all the metadata and file content for a designated ZFS file and establish a holistic view of data tracing. Afterward, we modify all relevant metadata to conceal a ZFS file. Meanwhile, data scrambling is adopted to enhance the security of the hidden data.
The paper reveals some significant insights into the storage mechanism of ZFS. The data tracing can be applied to digital forensics or other researches of ZFS as an analysis tool. Owing to the unique design of ZFS, we can utilize the data tracing to recover data at a previous time. Combined with data scrambling, the data concealment dramatically boosts data security. It can defeat some smart intruders and protect sensitive user data from leaking.
引文
[1] Jeff Bonwick, Matt Ahrens, Val Henson, Mark Maybee, Mark Shellenbaum. The Zettabyte File System. [C]//2nd USENIXConference on File and Storage Technologies. CA: USENIX, 2003
[2] Asim Kadav, Abhishek Rajimwale. Reliability Analysis of ZFS. First Annual Big Systems (BS) Conference, 2007
[3] Max Bruning. ZFS On-Disk Data Walk. OpenSolaris Developer Conference. Prague, 2008
[4] Yupu Zhang, Abhishek Rajimwale, Andrea C. Arpaci-Dusseau, and Remzi H. Arpaci-Dusseau. End-to-end Data Integrity for File Systems: A ZFS Case Study. [C]//Proceedings of FAST’10:8th USENIX Conference on File and Storage Technologies. CA: USENIX, 2010
[5] Val Henson, Matt Ahrens, Jeff Bonwick. Automatic Performance Tuning in the Zettabyte File System. [C]//1st. Workshop on Algorithms and Architectures for Self-Managing Systems (SELF- MANAGE03). CA, 2003
[6] Jeff Bonwick. The slab allocator: An object-caching kernel memory allocator. [C]//Proceedings of the 1994 USENIX Summer Technical Conference. 1994
[7] Mendel Rosenblum and John K. Ousterhout. The design and implementation of a log-structured file system. [C]//ACM Transactions on Computer Systems. 1992
[8] Margo Seltzer, Keith Bostic, Marshall K. McKusick, and Carl Staelin. An implementation of a log-structured file system for UNIX. [C]// Proceedings of the 1993 USENIX Winter Technical Conference. 1993
[9] Sun Microsystems. ZFS On-Disk Specification. 2006. http://hub.opensolaris.org/bin/download /Community+Group+zfs/docs/ondiskformat0822.pdf
[10] Jeff Bonwick. ZFS Deduplication. 2009. http://blogs.sun.com/bonwick /entry/zfs_dedup
[11] Jeff Bonwick. Smokin' Mirrors. 2006. http://blogs.sun.com/bonwick /entry/smokin_mirrors
[12] Jeff Bonwick. ZFS Block Allocation. 2006. http://blogs.sun.com/bonwick/entry/zfs_block_ allocation
[13] Ditto Blocks - The Amazing Tape Repellent. 2006. http://blogs.sun.com/bill/entry/ditto_blocks_ the_amazing_tape
[14] Jeff Bonwick, Bill Moore. ZFS: the last word in file systems. [C]//the SNIA Software Developers' Conference. 2008.
[15] Sun Microsystems. Solaris ZFS Administration Guide. http://docs. sun.com/app/docs/doc/819-5461
[16] Sun Microsystems. ZFS FAQ at OpenSolaris.org. http://hub.opensolaris.org/bin/view/Community +Group+zfs/faq
[17] ZFS Best Practices Guide. http://www.solarisinternals.com/wiki/index.php/ZFS_Best_Practices_ Guide
[18] Nicholas A. Solter, Gerald Jelinek, David Miner. OpenSolaris? Bible [M]. IN: Wiley Publishing, 2009
[19] Harry J. Foxwell, PhD and Christine Tran. Pro OpenSolaris [M]. CA: Apress, 2009
[20]邹恒明,有备无患:信息系统之灾难应对,机械工业出版社,2009
[21]邹恒明,计算机的心智:操作系统之哲学原理,机械工业出版社,2009
[22]邹恒明,算法之道,机械工业出版社,2010
[23]顾夏申,轻量级文件隐藏技术,上海交通大学:软件工程,2009
[24]高伟,磁盘数据安全保护技术研究,上海交通大学:计算机系统结构,2008
[25]王玲,钱华林,计算机取证技术及其发展趋势,软件学报,2003
[26]郭云彪,信息隐藏的安全性研究,解放军信息工程大学:军事装备学,2006
[2] Asim Kadav, Abhishek Rajimwale. Reliability Analysis of ZFS. First Annual Big Systems (BS) Conference, 2007
[3] Max Bruning. ZFS On-Disk Data Walk. OpenSolaris Developer Conference. Prague, 2008
[4] Yupu Zhang, Abhishek Rajimwale, Andrea C. Arpaci-Dusseau, and Remzi H. Arpaci-Dusseau. End-to-end Data Integrity for File Systems: A ZFS Case Study. [C]//Proceedings of FAST’10:8th USENIX Conference on File and Storage Technologies. CA: USENIX, 2010
[5] Val Henson, Matt Ahrens, Jeff Bonwick. Automatic Performance Tuning in the Zettabyte File System. [C]//1st. Workshop on Algorithms and Architectures for Self-Managing Systems (SELF- MANAGE03). CA, 2003
[6] Jeff Bonwick. The slab allocator: An object-caching kernel memory allocator. [C]//Proceedings of the 1994 USENIX Summer Technical Conference. 1994
[7] Mendel Rosenblum and John K. Ousterhout. The design and implementation of a log-structured file system. [C]//ACM Transactions on Computer Systems. 1992
[8] Margo Seltzer, Keith Bostic, Marshall K. McKusick, and Carl Staelin. An implementation of a log-structured file system for UNIX. [C]// Proceedings of the 1993 USENIX Winter Technical Conference. 1993
[9] Sun Microsystems. ZFS On-Disk Specification. 2006. http://hub.opensolaris.org/bin/download /Community+Group+zfs/docs/ondiskformat0822.pdf
[10] Jeff Bonwick. ZFS Deduplication. 2009. http://blogs.sun.com/bonwick /entry/zfs_dedup
[11] Jeff Bonwick. Smokin' Mirrors. 2006. http://blogs.sun.com/bonwick /entry/smokin_mirrors
[12] Jeff Bonwick. ZFS Block Allocation. 2006. http://blogs.sun.com/bonwick/entry/zfs_block_ allocation
[13] Ditto Blocks - The Amazing Tape Repellent. 2006. http://blogs.sun.com/bill/entry/ditto_blocks_ the_amazing_tape
[14] Jeff Bonwick, Bill Moore. ZFS: the last word in file systems. [C]//the SNIA Software Developers' Conference. 2008.
[15] Sun Microsystems. Solaris ZFS Administration Guide. http://docs. sun.com/app/docs/doc/819-5461
[16] Sun Microsystems. ZFS FAQ at OpenSolaris.org. http://hub.opensolaris.org/bin/view/Community +Group+zfs/faq
[17] ZFS Best Practices Guide. http://www.solarisinternals.com/wiki/index.php/ZFS_Best_Practices_ Guide
[18] Nicholas A. Solter, Gerald Jelinek, David Miner. OpenSolaris? Bible [M]. IN: Wiley Publishing, 2009
[19] Harry J. Foxwell, PhD and Christine Tran. Pro OpenSolaris [M]. CA: Apress, 2009
[20]邹恒明,有备无患:信息系统之灾难应对,机械工业出版社,2009
[21]邹恒明,计算机的心智:操作系统之哲学原理,机械工业出版社,2009
[22]邹恒明,算法之道,机械工业出版社,2010
[23]顾夏申,轻量级文件隐藏技术,上海交通大学:软件工程,2009
[24]高伟,磁盘数据安全保护技术研究,上海交通大学:计算机系统结构,2008
[25]王玲,钱华林,计算机取证技术及其发展趋势,软件学报,2003
[26]郭云彪,信息隐藏的安全性研究,解放军信息工程大学:军事装备学,2006