【信息技术】【2017.06】GipherFS:一种GPU加速的加密文件系统

【信息技术】【2017.06】GipherFS:一种GPU加速的加密文件系统_第1张图片

本文为葡萄牙里斯本技术大学(作者:José Duarte Gomes Pires Lourenço)的硕士论文,共88页。

信息安全是计算机系统中的一个重要问题,近年来,由于信息技术在公共活动中的广泛应用,信息安全的重要性才有所增强。未经授权发布机密数据是信息安全的主要威胁之一,通常通过加密机制来解决。然而,加密算法通常需要计算,并且会给机器资源带来沉重的负担,特别是那些没有加速器的资源,从而限制并经常降低多个用户运行并发应用程序的系统的总体性能。另一方面,图形处理单元(GPU)已经从一种专门的计算机图形加速器发展成为通用的协处理器。GPU提供的巨大计算能力,加上其在商用计算机系统中的广泛可用性,为在不降低系统性能的前提下提供计算成本高昂的功能提供了一个巨大的机会。

本文的工作重点是通过透明地将高效的加密机制集成到文件系统的操作中来提高文件系统的安全性,建议使用CUDA将用于保护文件数据的AES加密算法配置到GPU。为此,在ext4文件系统中添加了一个保护层,使用基于FUSE的虚拟文件系统和内置的保密机制,同时采用GPU作为加密协处理器。实验结果表明,将该计算重定位到GPU,可以最大限度地减少引入密码机制对CPU的影响,并将其吞吐量提高3到5倍。

Information security is a major concern incomputer systems and its importance has only increased in recent years due tothe pervasive use of information technology in common activities. Theunauthorized release of confidential data is one the main threats toinformation security and is commonly addressed by cryptographic mechanisms,through encryption. However, encryption algorithms are typicallycomputationally demanding and can place a heavy burden on a machine’sresources, especially those without accelerators, thus limiting and oftendegrading the overall performance in systems with several users runningconcurrent applications. On the other side, the Graphics Processing Unit (GPU)has evolved from a specialized computer graphics accelerator to ageneral-purpose co-processor. The vast amount of computing power provided bythe GPU, combined with its wide availability in commodity computer systems,presents a great opportunity for delivering computationally expensive featureswithout the penalty of degraded system performance. The work presented in thisdissertation focuses on improving the file system security by transparentlyintegrating efficient encryption mechanisms into its operation. It proposes tooffload the AES encryption algorithm, used for protecting file data, to theGPU, using CUDA. For this purpose, a protection layer was added to the ext4file system, using a Virtual File System based on FUSE with built-inconfidentiality mechanisms, using the GPU as a cryptographic co-processor. Theexperimental results obtained show that the relocation of this computation tothe GPU minimizes the impact on the CPU of introducing cryptographic mechanismsand improves its throughput by a factor of 3,5.

  1. 引言
  2. 项目背景与最新进展
  3. 本文提出的解决方案
  4. 具体解决方案的实现
  5. 解决方案评估
  6. 结论与未来工作展望

更多精彩文章请关注公众号:【信息技术】【2017.06】GipherFS:一种GPU加速的加密文件系统_第2张图片

你可能感兴趣的:(【信息技术】【2017.06】GipherFS:一种GPU加速的加密文件系统)