Oramfs, yakazara yakavharidzirwa faira faira system

Darkcrizt

4 maminitsi

Mazuva mashoma apfuura kambani Kudelski Security (nyanzvi pakuita ongororo dzekuchengetedza) yakafumura kuburitswa kweiyo Oramfs fileystem pamwe nekumisikidzwa kweORAM (Random Oblivious the Access Machine) tekinoroji, uyeSte rakarongeka faira sisitimu yakagadzirirwa kushandiswa nerekure data zvitoro uye haibvumire chero munhu kuteedzera chimiro cheanonyora uye kuverenga kubva kwavari, zvichiteerana Yakasanganiswa nekunyorera, iyo tekinoroji inopa yakanyanya mwero yekuchengetedzwa kwe data pachivande

Iyo purojekiti inotsvaga module yeFUSE yeLinux pamwe nekumisikidzwa kweiyo FS layer, iyo isingatenderi kutsvaga chimiro cheakaverenga nekunyora mashandiro, iyo Oramfs kodhi yakanyorwa muRust uye ine rezinesi pasi peGPLv3.

Nezve Oramfs

ORAM tekinoroji inosanganisira kugadzirwa kweimwe nhurikidzwa mukuwedzera kunyorera, iyo isingatenderi kuona mhando yechiitiko chiripo kana uchishanda nedata. Semuenzaniso, mune nyaya yekushandisa encryption kana uchichengeta dhata mune yechitatu-bato sevhisi, varidzi veiyi sevhisi havagone kuwana iyo data ivo pachavo, asi vanogona kuona kuti ndeapi mabhuroko anowanikwa uye ndeapi mashandiro anoitwa. KANARAM inovanza ruzivo nezve kuti ndezvipi zvikamu zvefaira system zviri kuwanikwa uye nderupi rwekushanda kuri kuitwa (verenga kana kunyora).

Paunotarisa kuvanzika kwemhinduro dzekuchengetedza, kunyorera chete hakuna kukwana kudzivirira kupinda kweparoti leakage. Kusiyana nemagadzirirwo echinyakare akadai seLUKS kana Bitlocker, chirongwa cheORAM chinodzivirira anorwisa kubva pakuziva kana kuita kuverenga kana kunyora mashandiro uye kune zvikamu zvefaira zvipi zvirikuwanikwa. Iyi nhanho yekuvanzika inowanikwa kuburikidza nekuwedzera zvikumbiro zvekuwana pane zvakafanira, kusanganisa mabhuroko anoumba iyo yekuchengetedza dura, uye kunyora nekunyora zvakare kunyorera dhata kumashure nekudzoka nguva yega, kunyangwe kana pakaverengwa kumwe chete kushanda. Izvi zviri pachena zvinouya nekurasikirwa kwekuita, asi zvinopa imwezve kuchengetedzeka kana ichienzaniswa nedzimwe mhinduro.

Oramfs inopa yepasirese faira system dura iyo inorerutsa musangano wekuchengetedza dhata pane chero chekunze chekuchengetedza Dhata inochengetwa yakavharidzirwa pamwe nesarudzo yekusimbisa yekusarudza. Iyo ChaCha8, AES-CTR, uye AES-GCM algorithms inogona kushandiswa kunyorera. Iyo kuverenga uye kunyora mapatani ekuwanza akavanzwa neiyo ORAM nzira chirongwa. Mune ramangwana, kumisikidzwa kwezvimwe zvirongwa kwakarongwa, asi muchimiro chazvino, budiriro ichiri padanho reprototype, iyo isingakurudzirwe kuti ishandiswe mukugadzira masisitimu.

Oramfs inogona kushandiswa nechero faira system uye haina kutsamira parudzi rwekunze kwekuchengetedza kuri kutariswa: Iwo mafaera anogona kuenzanisirwa nechero sevhisi inogona kukwirwa senge dhairekitori renzvimbo (SSH, FTP, Google Drive, Amazon S3, Dropbox, Google Cloud Storage, Mail.ru Cloud, Yandex uye mamwe masevhisi anotsigirwa nedutu kana kune izvo zviripo FUSE module kukwira). Saizi yekuchengetedza haina kugadziriswa, uye kana paine nzvimbo yakawanda inodiwa, saizi yeORAM inogona kukura zvine simba.

Iyo Oramfs kumisikidza inodonha kutsanangudza madhairekitori maviri, eruzhinji neakavanzika, anoita sevha uye mutengi:

  • Iyo yeruzhinji dhairekitori inogona kuve chero dhairekitori pane yemuno faira system iyo yakabatana kune ekunze storages nekuaisa iwo kuburikidza neSSHFS, FTPFS, Rclone, uye chero imwe FUSE module.
  • Iyo yakavanzika dhairekitori inopihwa neiyo Oramfs FUSE module uye yakagadzirirwa kushanda yakanangana nemafaira akachengetwa muORAM. Dhairekitori reruzhinji rine faira ine iyo ORAM mufananidzo.

Chero basa riine dhairekitori repachivande rinokanganisa mamiriro eichi chifananidzo faira, asi iri faira rinotaridzika sebhokisi dema kune wekunze mucherechedzi, shanduko dzisingagone kuverengerwa nezviitiko mune yakazvimirira dhairekitori, kusanganisira iko kunyora kushanda kana kuverenga, hakugone kutsanangurwa .

Finalmente kana iwe uchifarira kuziva zvakawanda nezvazvo kana kugona kuyedza iyi systemystem, unogona kutarisa ruzivo mune inotevera chinongedzo.

mabviro: https://research.kudelskisecurity.com/


Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa. Raida minda anozivikanwa ne *

*

*

  1. Inotarisira iyo data: Miguel Ángel Gatón
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako