关键词: 信息泄露, 虚拟隔离, 可信存储, 信任根源, 可信存储根, 集中加密

Abstract:

Against the risk of information leakage because of that the data is stored and used in an open network environment, this paper presents a trusted data storage architecture based on virtual isolation. The structure draws on the design idea of trusted root in the trusted computing technology, in the architecture, the credible storage root is used to verify the legitimacy of user identity and manage data access, and the data is stored with centralized encryption in the server; while  the enduser use the data, the local memory and disk virtual isolation techniques are used to ensure data security, preventing nonauthorized users and processes to leak information to nonprotected areas. The security analysis and testing toward the credible data storage system based on virtual isolation which are designed and implemented in this article shows that the structure can guarantee the security of the entire life cycle including storage, use, transfer and destruction when the data locates in the open network environment.

Key words: information leakage;virtual isolation;trusted storage;trusted root;credible storage root;centralized encryption