基于linux加密文件系统的设计与实现
摘要
随着计算机和通信技术的发展,信息安全技术越来越重要。信息保密是信息安全的一种重要手段,目的是防止非法用户得到机密信息。加密技术是实现信息保密的重要保证,将一些重要数据存储在一台不安全的计算机上,或者在不安全的网络环境中传递,怎样尽可能提高加密技术对系统的安全性是一个很重要的研究问题。
因此,为了彻底保证文件数据的安全,就要采用密码技术,对文件数据进行加密。磁盘上存放的是密文数据,只有密钥拥有者才能得到文件的明文数据。
本文论述了一个加密文件系统的设计与实现。这个加密文件系统能够对文件数据提供机密性和完整性保护,对用户身份进行认证,并根据用户身份对文件的访问进行控制。它采用对称密码技术对文件数据进行加密,来保证数据的机密性;使用消息摘要技术、数字签名技术和HMAC来保证数据的完整性;使用公钥密码技术来对对称密钥和HMAC密钥进行加密保护;使用智能卡进行身份认证,并把私钥存放在智能卡中,以达到安全的目的。
这个加密文件系统采用了堆栈式文件系统的技术,使自己作为一个组件存在于虚拟文件系统和底层具体文件系统之间,因此具有通用性。而且由于它位于操作系统内核中,应用程序仍然通过系统调用来访问文件,感知不到加密操作的存在,因此这个加密文件系统对应用程序透明,具有易用性,在加密文件系统的实现中,采用了堆栈式文件系统开发平台FiST,在Linux中进行开发。FiST降低了加密文件系统的开发难度,并且生成的源代码只需经过少量修改就能移植到其它Unix操作系统。加密文件系统的主要部分实现为一个内核模块,能够根据需要动态载入,无需修改和重新编译Linux内核,因此具有很大的方便性和灵活性。本文最后对这个加密文件系统进行了性能测试,测试结果表明它在保证文件数据安全的同时,还具有较高的性能。
With the development of computer science and the development of communication technology, Information Security was becoming more and more important. Keeping information in secret is an important means to guarantee information security by prohibiting invalid person from achieving secrecy. By encrypting, peoples can store their important data in insecure computers, or can transfer these data in insecure network environment.
Thus,in order to protect the files,cryptographic technology must beintroduced.Files are encrypted and stored as cipher text on the disk.Onlythose who have the keys can get the plain text of the files.
This thesis discusses the design and implementation of an encryption file system.This encryption file system can protect files in several aspects,including the confidentiality,the integration,user authentication andcontrolling access to files according to the identity of the user.Files areencrypted by symmetric cryptographic technology to protect the confidentiality. The encryption file system uses message digest technology,digital signature technology and HMAC to protect the integration of the data.It uses public key cryptographic technology to protect symmetric keys and HMAC keys.Users are authenticated by smart cards,and put their privatekeys in the smart cards,which makes it secure.
This encryption file system employs the stackable file systemtechnology,which makes it a component between VFS and lower specificfile systems.So it can be used universally. Furthermore,as it locates in theoperating system kernel,applications still access files through system calls,and they aren't aware of any encrypting operations.Therefore, thisencryption file system is transparent to applications and easy to use.
The implementation of the encryption file system is under Linux,withthe help of FiST,a stackable file system development platform.FiST lowersthe difficulty of developing the encryption file system.And the generatedsource code can be migrated to other Unix operating systems with just alittle modifications.The major part of the encryption file system is build as akernel module,which can be loaded dynamically when needed.Nomodification or recompilation of Linux kernel is needed.So it's veryconvenient and flexible.
At the end of this thesis,the performance of the encryption file systemis tested.The result indicates that the encryption file system not onlyprotects the files but also has good performance.
因此,为了彻底保证文件数据的安全,就要采用密码技术,对文件数据进行加密。磁盘上存放的是密文数据,只有密钥拥有者才能得到文件的明文数据。
本文论述了一个加密文件系统的设计与实现。这个加密文件系统能够对文件数据提供机密性和完整性保护,对用户身份进行认证,并根据用户身份对文件的访问进行控制。它采用对称密码技术对文件数据进行加密,来保证数据的机密性;使用消息摘要技术、数字签名技术和HMAC来保证数据的完整性;使用公钥密码技术来对对称密钥和HMAC密钥进行加密保护;使用智能卡进行身份认证,并把私钥存放在智能卡中,以达到安全的目的。
这个加密文件系统采用了堆栈式文件系统的技术,使自己作为一个组件存在于虚拟文件系统和底层具体文件系统之间,因此具有通用性。而且由于它位于操作系统内核中,应用程序仍然通过系统调用来访问文件,感知不到加密操作的存在,因此这个加密文件系统对应用程序透明,具有易用性,在加密文件系统的实现中,采用了堆栈式文件系统开发平台FiST,在Linux中进行开发。FiST降低了加密文件系统的开发难度,并且生成的源代码只需经过少量修改就能移植到其它Unix操作系统。加密文件系统的主要部分实现为一个内核模块,能够根据需要动态载入,无需修改和重新编译Linux内核,因此具有很大的方便性和灵活性。本文最后对这个加密文件系统进行了性能测试,测试结果表明它在保证文件数据安全的同时,还具有较高的性能。
With the development of computer science and the development of communication technology, Information Security was becoming more and more important. Keeping information in secret is an important means to guarantee information security by prohibiting invalid person from achieving secrecy. By encrypting, peoples can store their important data in insecure computers, or can transfer these data in insecure network environment.
Thus,in order to protect the files,cryptographic technology must beintroduced.Files are encrypted and stored as cipher text on the disk.Onlythose who have the keys can get the plain text of the files.
This thesis discusses the design and implementation of an encryption file system.This encryption file system can protect files in several aspects,including the confidentiality,the integration,user authentication andcontrolling access to files according to the identity of the user.Files areencrypted by symmetric cryptographic technology to protect the confidentiality. The encryption file system uses message digest technology,digital signature technology and HMAC to protect the integration of the data.It uses public key cryptographic technology to protect symmetric keys and HMAC keys.Users are authenticated by smart cards,and put their privatekeys in the smart cards,which makes it secure.
This encryption file system employs the stackable file systemtechnology,which makes it a component between VFS and lower specificfile systems.So it can be used universally. Furthermore,as it locates in theoperating system kernel,applications still access files through system calls,and they aren't aware of any encrypting operations.Therefore, thisencryption file system is transparent to applications and easy to use.
The implementation of the encryption file system is under Linux,withthe help of FiST,a stackable file system development platform.FiST lowersthe difficulty of developing the encryption file system.And the generatedsource code can be migrated to other Unix operating systems with just alittle modifications.The major part of the encryption file system is build as akernel module,which can be loaded dynamically when needed.Nomodification or recompilation of Linux kernel is needed.So it's veryconvenient and flexible.
At the end of this thesis,the performance of the encryption file systemis tested.The result indicates that the encryption file system not onlyprotects the files but also has good performance.
引文
[1]Steve lipner.Twenty Year of Evaluation Criteria and Commercial Technology.Proceedings of the 1999 IEEE Symposium on Security and Privacy,Oakland,California,May 1999
[2]石文昌.安全操作系统研究的发展(上).计算机科学,2002,VOI.29(6)5-12
[3]CSC-STD-001-83,Department of Defense Standard,Department of Defense Trusted Computer System Evaluation Criteria.DoD Computer Security Center,Aug 1983
[4]DoD 5200.28-STD,Department of Defense Standard.Department of Defense Trusted Computer System Evaluation Criteria.National Computer Security Center,Ft.Meade,MD,USA,Dec 1985
[5]United Kingdom Department for Trade and Industry.Security Functionality Manual,DRAFT Report,v21 version 3.0.Feb 1989
[6]United King Department for Tread and Industry.Evaluation Levels Manual,DRAFT Report,v22 version 3.0.Feb 1989
[7]United King Department for Tread and Industry.Evaluation and Certification Manual,DRAFT Report,v23 version 3.0.Feb 1989
[8]France,Germany,the Netherlands,the United Kingdom.Information Technology Security Evaluation Criteria,Version 1.2.Office for official Publications of the European Communities,Jun 1991
[9]Federal Criteria Project.Federal Criteria for Information Technology Security,Volume 1,Protection Profiles Development,Version 1.0.National Institute of Standards and Technology and National Security Agency,Dec 1992
[10]Federal Criteria Project.Federal Criteria for Information Technology Security,Volume Ⅱ,Registry of Protection Profiles,Version 1.0.National Institute of Standards and Technology and National Security Agency,Dec 1992
[11]Joint Technical Committee I.Evaluation Criteria for iT Security-Part Ⅰ:introduction and General Model.ISO/IEC 15408-1:1999(E),The International Oraganization for Standardization and the International Electrotechnical Commission,1999
[12]GJB2646-96,中华人民共和国国家军用标准。军用计算机安全评估准则。中国国 防科学技术工业委员会,1996年6月4日发布,1996年12月1日实施
[13]GB17859-1999,中华人民共和国国家标准。计算机信息系统安全保护等级划分准则。中国国家质量技术监督局,1999年9月13日发布,2001年1月1日实施
[14]GB/T 18336.1.2001,中华人民共和国推荐标准。信息技术一安全技术一信息技术安全性评估准则一第一部分:简介和一般模型,中国国家质量技术监督局,2001年3月8日发布,2001年12月1日实施
[15]GB/T 18336.2-2001,中华人民共和国推荐标准。信息技术 一安全技术一信息技术安全性评估准则一第二部分:安全功能要求。中国国家质量技术监督局,2001年3月8日发布,2001年12月1日实施
[16]GB/T 18336.3-200l,中华人民共和国推荐标准。信息技术一安全技术一信息技术安全性评估准则一第三部分:安全保证要求。中国国家质量技术监督局,2001年3月8日发布,2001年12月1日实施
[17]M.Blaze,A Cryptographic File System for Unix,In Proceedings of the First ACM Conference onComputer and Communication Security,NY USA,Nov.1993,9-16
[18]http://sourceforge.net/projects/cfsnfs,CFS 官方网站
[19]E.Zadok,I.Badulescu and A.Shender,Cryptfs:A Stackable Vnode Level Ecnryption File System,Technical Report CUCS-021-98,1998
[20]Ermelindo Mauriello,TCFS:Transparent Cryptographic File System,Linux Journal,1997,1997(40es)
[21]G.Cattaneo,L.Catuogno,A.Del Sorbo,etc.,The Design and Implementation of a TransparentCryptographic Filesystem for UNIX,In Proceedings of the Annual USEN1X Technical Conference,FREENIX Track,June 2001,245-252
[22]Microsoft Technet,Protecting Data by Using EFS to Encrypt Hard Drives,http://www.microsoft.com/technet/security/smallbusiness/topics/cryptographyetc/prote et_data_efs.mspx
[23]William Stallings著,刘玉珍等译,密码编码学与网络安全--原理与实践(第二版),北京,电子工业出版社,2004,38-71,103-123,148-166,188-204,218-227,231-253,284-295
[24]Douglas R.Stinson著,冯登国译,密码学原理与实践(第二版),北京,电子工业出版社,2003,78-91,97-117,141-142,193-200,210-220,233-246
[25]M.Blaze,"Key Management in an Encrypting File System",In Proceedings of the Summer 1994USENIX Conference,1994
[26]D.Mazieres,M.Kaminsky,M.kasshoek,etc."Separating Key Management from File SystemSecurity",ACM SIGOPS Operating Systems Review,Apr.2000,34(2),19-20
[27]CUI Jing-Song,Peng Rong,Wang Li-Na,The optimized key distribution scheme in thresholdRSA,In Proceedings of the 3rd international conference on Information security,NY USA,Nov.上海交通大学硕士学位论文 682004,18-21
[28]Tatsuaki Okamoto,Threshold Key-Recovery Systems for RSA,In Proceedings of the 5thInternational Workshop on Security Protocols,London UK,Apr.1997,191-200
[29]Andrew G.Morgan,Pluggable Authentication Modules for Linux:An implementation of auser-authentication API,Linux Journal,1997,1997(44es)
[30]Henri Gilbert,Techniques for Low Cost Authentication and Message Authentication,lnProceedings of the The International Conference Smart Card Research and Applications,LondonUK,Sep.1998,183-192
[31]Michel Abdalla,Emmanuel Bresson,Olivier Chevassut,etc.,Provably secure password-basedauthentication in TLS,In Proceedings of the 2006ACM Symposium on lnformation,computerand communications security,NY USA,Mar.2006,35-45
[32]Timothy M.O'Shea,Mike Lee,Biometric authentication management,Network Computing,Dec.1999,10(26),44-47
[33]Ya-Fen Chang,Chin-Chen Chang,A secure and efficient strong-password authentication protocol,ACM SIGOPS Operating Systems Review,Jul.2004,38(3),79-90
[34]Willem G.de Ru,Jan H.P.Eloff,Enhanced Password Authentication through Fuzzy Logic,IEEE Expert:Intelligent Systems and Their Applications,Nov.1997,12(6),38-45
[35]Lanjun Dang,Weidong Kou,Yuxia Xiao,An Improved Scheme for Unilateral Asymmetric SmartCard Authentication,ln 'Proceedings of the 19th International Conference on Advancedlnformation Networking and Applications,NW Washington,DC USA,Mar.2005,265-268
[36]Chin-Chen Chang,Jung-San Lee,A Smart-Card-Based Remote Authentication Scheme,lnProceedings of the Second International Conference on Embedded Software and Systems,NWWashington,DC USA,Dec.2005,445-449
[37 李立新,陈伟民,黄尚廉,强制访问控制在基于角色的安全系统中的实现,软件学报,2000年,10期
[38]Krzysztof Juszczyszyn,Verifying Enterprise's Mandatory Access Control Policies with ColouredPetri Nets,In Proceedings of the Twelfth International Workshop on Enabling Technoiogies,Jun.2003
[39]Eike Born,Helmut Stiegler,Discretionary access control by means of usage conditions,Computers and Security,Jul.1994,13(5),437-150
[40]Jonathan Moffett,Morris Sloman,evin Twidle,Specifying discretionary access control policy for上海交通大学硕士学位论文69distributed systems,Computer Communications,NOV.1991,13(9),571-580
[41]W.Richard Stevens著,尤晋元等译,Unix环境高级编程,机械工业出版社,北京,2000,54-60
[42]Sherman S.M.Chow,Lucas C.K.Hui,S.M.Yiu,etc.,A generic anti-spyware solution by accesscontrol list at kernel level,Journal of Systems and Software,Feb.2005,75(1-2),227-234
[43]D.Mazieres,A Toolkit for User-Level File Systems,In Proceedings of the Annual USENIXTechnical Conference,Boston MA USA,June 2001,261-274
[44]M.Szeredi,FUSE:Filesystem in Userspace,http://fuse.sourceforge.net
[45]Erez Zadok,Rakesh Iyer,Nikolai Joukov,etc.,On Incremental File System Development,ACMTransactions on Storage,May 2006,2(2),161-196
[46]E.Zadok,I.Badulescu,A stackable file system interface for Linux,In LinuxExpo ConferenceProceedings,Raleigh NC,May 1999,141-151
[47]J.S.Heidemann and G.J.Popek,File system development with stackable layers,ACMTransactions on Computer Systems,February 1994,12(1),58-89
[48]涂文杰,可堆叠安全文件系统SecNFS研究与实现,[学位论文],上海,上海交通大学,2005
[49]D.Coppersmith,D.B.Johnson,S.M.Matyas,A proposed mode for triple-DES encryption,IBMJournal of Research and Development,Mar.1996,40(2),253-262
[50]Advanced Encryption Standard(AES)(FIPS 197),http://csrc.nist.gov/publications/fips/fips 197/tips-197.pdf
[51]Cilardo,A.,Coppolino,L.,Mazzocca,N.,etc.,Elliptic curve cryptography engineering,Proceedings of the IEEE,Feb.2006,94(2),395-406
[52]Lauter,K.,The advantages of elliptic curve cryptography for wireless security,IEEE PersonalCommunications,Feb 2004,11(1),62-67
[53]钟润丰,堆栈式加密文件系统的设计与实现,[学位论文],上海,上海交通大学,2007
[54]Alessandro Rubini,Kernel Korner:The"Virtual File System"in Linux,1997,37es,21-30
[55]Roman Stangel,A prototype implementation of a virtual file system,[Dissertation],University ofNevada,Reno,NV USA,1998
[56]Daniel P.Bovet,Marco Cesati,Understanding the Linux Kernel,3rd Edition,Sebastopol,CA,US,O'Reilly,2005,500-800
[57]Robert Love著,Linux内核设计与实现,北京,机械工业出版社,2004,151-205
[58]M.Ernst,B.Henhapl,S.Klupsch,S.Huss,FPGA based hardware acceleration for elliptic curvepublic key cryptosystems,Journal of Systems and Software,Mar.2004,70(3),299-313
[59]Akashi Satoh,Kohji Takano,A Scalable Dual-Field Elliptic Curve Cryptographic Processor,IEEETransactions on Computers,Apr.2003,52(4),449-460
[60]Alireza Hodjat,Ingrid Verbauwhede,A 21.54 Gbits/s Fully Pipelined AES Processor on FPGA,InProceedings of the 12th Annual IEEE Symposium on Field-Programmable Custom ComputingMachines,NW Washington,DC USA,2004,308-309
[61]J.S.Heidemann,G.J.Popek,Performance of cache coherence in stackable filing,ln Proceedingsof the Fifteenth ACM Symposium on Operating Systems Principles,Copper Mountain Resort,CO,Dec.1995,3-6
[62]Elizabeth J.O'Neil,Patdck E.O'Neil,Gerhard Weikum,The LRU-K page replacement algorithmfor database disk buffering,ACM SIGMOD Record,Jun.1993,22(2),297-306
[63]Gideon Glass,Pei Cao,Adaptive page replacement based on memory reference behavior,ACMSIGMETRICS Performance Evaluation Review,Jun.1997,25(1),115-126
[64]Advanced Page Replacement,http://linux-mm.org/AdvancedPageReplacement
[65]Ali R.Butt,Chris Gniady,Y.Charlie Hu,The performance impact of kernel prefetching on buffercache replacement algorithms,ACM SIGMETRICS Performance Evaluation Review,Jun.2005,33(1),157-168
[2]石文昌.安全操作系统研究的发展(上).计算机科学,2002,VOI.29(6)5-12
[3]CSC-STD-001-83,Department of Defense Standard,Department of Defense Trusted Computer System Evaluation Criteria.DoD Computer Security Center,Aug 1983
[4]DoD 5200.28-STD,Department of Defense Standard.Department of Defense Trusted Computer System Evaluation Criteria.National Computer Security Center,Ft.Meade,MD,USA,Dec 1985
[5]United Kingdom Department for Trade and Industry.Security Functionality Manual,DRAFT Report,v21 version 3.0.Feb 1989
[6]United King Department for Tread and Industry.Evaluation Levels Manual,DRAFT Report,v22 version 3.0.Feb 1989
[7]United King Department for Tread and Industry.Evaluation and Certification Manual,DRAFT Report,v23 version 3.0.Feb 1989
[8]France,Germany,the Netherlands,the United Kingdom.Information Technology Security Evaluation Criteria,Version 1.2.Office for official Publications of the European Communities,Jun 1991
[9]Federal Criteria Project.Federal Criteria for Information Technology Security,Volume 1,Protection Profiles Development,Version 1.0.National Institute of Standards and Technology and National Security Agency,Dec 1992
[10]Federal Criteria Project.Federal Criteria for Information Technology Security,Volume Ⅱ,Registry of Protection Profiles,Version 1.0.National Institute of Standards and Technology and National Security Agency,Dec 1992
[11]Joint Technical Committee I.Evaluation Criteria for iT Security-Part Ⅰ:introduction and General Model.ISO/IEC 15408-1:1999(E),The International Oraganization for Standardization and the International Electrotechnical Commission,1999
[12]GJB2646-96,中华人民共和国国家军用标准。军用计算机安全评估准则。中国国 防科学技术工业委员会,1996年6月4日发布,1996年12月1日实施
[13]GB17859-1999,中华人民共和国国家标准。计算机信息系统安全保护等级划分准则。中国国家质量技术监督局,1999年9月13日发布,2001年1月1日实施
[14]GB/T 18336.1.2001,中华人民共和国推荐标准。信息技术一安全技术一信息技术安全性评估准则一第一部分:简介和一般模型,中国国家质量技术监督局,2001年3月8日发布,2001年12月1日实施
[15]GB/T 18336.2-2001,中华人民共和国推荐标准。信息技术 一安全技术一信息技术安全性评估准则一第二部分:安全功能要求。中国国家质量技术监督局,2001年3月8日发布,2001年12月1日实施
[16]GB/T 18336.3-200l,中华人民共和国推荐标准。信息技术一安全技术一信息技术安全性评估准则一第三部分:安全保证要求。中国国家质量技术监督局,2001年3月8日发布,2001年12月1日实施
[17]M.Blaze,A Cryptographic File System for Unix,In Proceedings of the First ACM Conference onComputer and Communication Security,NY USA,Nov.1993,9-16
[18]http://sourceforge.net/projects/cfsnfs,CFS 官方网站
[19]E.Zadok,I.Badulescu and A.Shender,Cryptfs:A Stackable Vnode Level Ecnryption File System,Technical Report CUCS-021-98,1998
[20]Ermelindo Mauriello,TCFS:Transparent Cryptographic File System,Linux Journal,1997,1997(40es)
[21]G.Cattaneo,L.Catuogno,A.Del Sorbo,etc.,The Design and Implementation of a TransparentCryptographic Filesystem for UNIX,In Proceedings of the Annual USEN1X Technical Conference,FREENIX Track,June 2001,245-252
[22]Microsoft Technet,Protecting Data by Using EFS to Encrypt Hard Drives,http://www.microsoft.com/technet/security/smallbusiness/topics/cryptographyetc/prote et_data_efs.mspx
[23]William Stallings著,刘玉珍等译,密码编码学与网络安全--原理与实践(第二版),北京,电子工业出版社,2004,38-71,103-123,148-166,188-204,218-227,231-253,284-295
[24]Douglas R.Stinson著,冯登国译,密码学原理与实践(第二版),北京,电子工业出版社,2003,78-91,97-117,141-142,193-200,210-220,233-246
[25]M.Blaze,"Key Management in an Encrypting File System",In Proceedings of the Summer 1994USENIX Conference,1994
[26]D.Mazieres,M.Kaminsky,M.kasshoek,etc."Separating Key Management from File SystemSecurity",ACM SIGOPS Operating Systems Review,Apr.2000,34(2),19-20
[27]CUI Jing-Song,Peng Rong,Wang Li-Na,The optimized key distribution scheme in thresholdRSA,In Proceedings of the 3rd international conference on Information security,NY USA,Nov.上海交通大学硕士学位论文 682004,18-21
[28]Tatsuaki Okamoto,Threshold Key-Recovery Systems for RSA,In Proceedings of the 5thInternational Workshop on Security Protocols,London UK,Apr.1997,191-200
[29]Andrew G.Morgan,Pluggable Authentication Modules for Linux:An implementation of auser-authentication API,Linux Journal,1997,1997(44es)
[30]Henri Gilbert,Techniques for Low Cost Authentication and Message Authentication,lnProceedings of the The International Conference Smart Card Research and Applications,LondonUK,Sep.1998,183-192
[31]Michel Abdalla,Emmanuel Bresson,Olivier Chevassut,etc.,Provably secure password-basedauthentication in TLS,In Proceedings of the 2006ACM Symposium on lnformation,computerand communications security,NY USA,Mar.2006,35-45
[32]Timothy M.O'Shea,Mike Lee,Biometric authentication management,Network Computing,Dec.1999,10(26),44-47
[33]Ya-Fen Chang,Chin-Chen Chang,A secure and efficient strong-password authentication protocol,ACM SIGOPS Operating Systems Review,Jul.2004,38(3),79-90
[34]Willem G.de Ru,Jan H.P.Eloff,Enhanced Password Authentication through Fuzzy Logic,IEEE Expert:Intelligent Systems and Their Applications,Nov.1997,12(6),38-45
[35]Lanjun Dang,Weidong Kou,Yuxia Xiao,An Improved Scheme for Unilateral Asymmetric SmartCard Authentication,ln 'Proceedings of the 19th International Conference on Advancedlnformation Networking and Applications,NW Washington,DC USA,Mar.2005,265-268
[36]Chin-Chen Chang,Jung-San Lee,A Smart-Card-Based Remote Authentication Scheme,lnProceedings of the Second International Conference on Embedded Software and Systems,NWWashington,DC USA,Dec.2005,445-449
[37 李立新,陈伟民,黄尚廉,强制访问控制在基于角色的安全系统中的实现,软件学报,2000年,10期
[38]Krzysztof Juszczyszyn,Verifying Enterprise's Mandatory Access Control Policies with ColouredPetri Nets,In Proceedings of the Twelfth International Workshop on Enabling Technoiogies,Jun.2003
[39]Eike Born,Helmut Stiegler,Discretionary access control by means of usage conditions,Computers and Security,Jul.1994,13(5),437-150
[40]Jonathan Moffett,Morris Sloman,evin Twidle,Specifying discretionary access control policy for上海交通大学硕士学位论文69distributed systems,Computer Communications,NOV.1991,13(9),571-580
[41]W.Richard Stevens著,尤晋元等译,Unix环境高级编程,机械工业出版社,北京,2000,54-60
[42]Sherman S.M.Chow,Lucas C.K.Hui,S.M.Yiu,etc.,A generic anti-spyware solution by accesscontrol list at kernel level,Journal of Systems and Software,Feb.2005,75(1-2),227-234
[43]D.Mazieres,A Toolkit for User-Level File Systems,In Proceedings of the Annual USENIXTechnical Conference,Boston MA USA,June 2001,261-274
[44]M.Szeredi,FUSE:Filesystem in Userspace,http://fuse.sourceforge.net
[45]Erez Zadok,Rakesh Iyer,Nikolai Joukov,etc.,On Incremental File System Development,ACMTransactions on Storage,May 2006,2(2),161-196
[46]E.Zadok,I.Badulescu,A stackable file system interface for Linux,In LinuxExpo ConferenceProceedings,Raleigh NC,May 1999,141-151
[47]J.S.Heidemann and G.J.Popek,File system development with stackable layers,ACMTransactions on Computer Systems,February 1994,12(1),58-89
[48]涂文杰,可堆叠安全文件系统SecNFS研究与实现,[学位论文],上海,上海交通大学,2005
[49]D.Coppersmith,D.B.Johnson,S.M.Matyas,A proposed mode for triple-DES encryption,IBMJournal of Research and Development,Mar.1996,40(2),253-262
[50]Advanced Encryption Standard(AES)(FIPS 197),http://csrc.nist.gov/publications/fips/fips 197/tips-197.pdf
[51]Cilardo,A.,Coppolino,L.,Mazzocca,N.,etc.,Elliptic curve cryptography engineering,Proceedings of the IEEE,Feb.2006,94(2),395-406
[52]Lauter,K.,The advantages of elliptic curve cryptography for wireless security,IEEE PersonalCommunications,Feb 2004,11(1),62-67
[53]钟润丰,堆栈式加密文件系统的设计与实现,[学位论文],上海,上海交通大学,2007
[54]Alessandro Rubini,Kernel Korner:The"Virtual File System"in Linux,1997,37es,21-30
[55]Roman Stangel,A prototype implementation of a virtual file system,[Dissertation],University ofNevada,Reno,NV USA,1998
[56]Daniel P.Bovet,Marco Cesati,Understanding the Linux Kernel,3rd Edition,Sebastopol,CA,US,O'Reilly,2005,500-800
[57]Robert Love著,Linux内核设计与实现,北京,机械工业出版社,2004,151-205
[58]M.Ernst,B.Henhapl,S.Klupsch,S.Huss,FPGA based hardware acceleration for elliptic curvepublic key cryptosystems,Journal of Systems and Software,Mar.2004,70(3),299-313
[59]Akashi Satoh,Kohji Takano,A Scalable Dual-Field Elliptic Curve Cryptographic Processor,IEEETransactions on Computers,Apr.2003,52(4),449-460
[60]Alireza Hodjat,Ingrid Verbauwhede,A 21.54 Gbits/s Fully Pipelined AES Processor on FPGA,InProceedings of the 12th Annual IEEE Symposium on Field-Programmable Custom ComputingMachines,NW Washington,DC USA,2004,308-309
[61]J.S.Heidemann,G.J.Popek,Performance of cache coherence in stackable filing,ln Proceedingsof the Fifteenth ACM Symposium on Operating Systems Principles,Copper Mountain Resort,CO,Dec.1995,3-6
[62]Elizabeth J.O'Neil,Patdck E.O'Neil,Gerhard Weikum,The LRU-K page replacement algorithmfor database disk buffering,ACM SIGMOD Record,Jun.1993,22(2),297-306
[63]Gideon Glass,Pei Cao,Adaptive page replacement based on memory reference behavior,ACMSIGMETRICS Performance Evaluation Review,Jun.1997,25(1),115-126
[64]Advanced Page Replacement,http://linux-mm.org/AdvancedPageReplacement
[65]Ali R.Butt,Chris Gniady,Y.Charlie Hu,The performance impact of kernel prefetching on buffercache replacement algorithms,ACM SIGMETRICS Performance Evaluation Review,Jun.2005,33(1),157-168