摘要
针对金融机构83.7%的文档需要多用户安全共享的实际需求,提出了基于文件系统过滤驱动的透明加密方案,设计并实现了一种面向多用户共享的SecFile加密驱动系统。系统采用多层架构设计,实现了包括文件系统过滤驱动框架、多级加密算法、智能缓存机制和基于角色的访问控制(Role-Based Access Control,RBAC)等核心功能。在安全性方面,系统集成了高级加密标准256位密钥-伽罗华/计数器模式(Advanced Encryption Standard-256-Galois/Counter Mode,AES-256-GCM)、流密码算法和消息认证码算法组合的加密算法(ChaCha20-Poly1305)等先进加密算法,并设计了完善的密钥管理和数据保护机制。测试结果表明,系统在50名用户并发访问场景下性能损耗仅增加15.7%,服务可用性达到99.995%,同时具备较强的安全性和可扩展性。研究成果为企业级加密存储提供了可靠的技术方案。
For the practical needs of financial institutions,in which 83.7%of documents should be securely shared among multiple users,a transparent encryption solution is proposed based on file system filtering driver,and a SecFile encryption driver system is designed and implemented for multi-user sharing.A multi-tier architecture is adopted to realize core functions,including file system filtering driver framework,multi-level encryption algorithm,intelligent caching mechanism and Role-Based Access Control(RBAC).In terms of security,advanced encryption algorithms are integrated,such as Advanced Encryption Standard-256-Galois/Counter Mode(AES-256-GCM)and ChaCha20-Poly1305,and improved key management and data protection mechanisms are also designed.The test results show that the system performance loss only increases by 15.7%in the 50-user concurrent access scenario,and the service availability reaches 99.995%,with strong security and scalability at the same time.The research results provide a reliable technical solution for enterprise-level encrypted storage.
作者
王淑芬
WANG Shufen(Pingdingshan Finance and Economics School,Pingdingshan 467001,China)
出处
《计算机与网络》
2025年第3期218-225,共8页
Computer & Network
