基于查询热度的密钥索引缓存  

作　　者：金伟[1,2,3] 李凤华 周紫妍[1,2] 孙喜洋 郭云川 JIN Wei;LI Fenghua;ZHOU Ziyan;SUN Xiyang;GUO Yunchuan(Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100093,China;School of Cyber Security,University of Chinese Academy of Sciences,Beijing 100049,China;China Academy of Information and Communications Tec)

机构地区：[1]中国科学院信息工程研究所,北京100093 [2]中国科学院大学网络空间安全学院,北京100049 [3]中国信息通信研究院,北京100191

出　　处：《网络与信息安全学报》2023年第1期83-91,共9页Chinese Journal of Network and Information Security

基　　金：国家自然科学基金(U1836203)。

摘　　要：在当前的分布式文件系统(HDFS,Hadoop distributed file system)密钥管理系统中,加密区密钥在启动时全部加载至内存,提供密钥服务。随着密钥资源的增加,占据的内存空间也随之增长,带来内存空间不足和密钥索引瓶颈,如何组织缓存数据、高效处理未命中密钥的查询,如何调整缓存中的密钥资源,如何精准预测密钥的使用这三大要点是解决该瓶颈的关键所在。为了实现细粒度高效缓存,提高密钥使用效率,从密钥索引数据结构、密钥置换算法、密钥预取策略分析3个方面出发,设计了密钥缓存置换的模块架构,计算密钥热度,设置密钥置换算法。具体地,在密钥热度计算与缓存置换方面,从密钥所绑定的文件系统和用户出发,分析影响密钥缓存热度的潜在影响要素,构建密钥使用热度的基本模型,采用哈希表与小顶堆链表组合的方式,维护在用密钥的热度,基于热度识别设置淘汰算法,由时间控制器调整密钥使用,动态更新缓存中的密钥,从而实现基于热度计算的密钥差异化置换。在密钥预取策略分析方面,综合考虑业务流程和用户访问存在时间周期维度的规律,通过日志挖掘获取密钥使用规律,分析密钥预置策略。实验表明,所提密钥置换算法可在降低内存占用的同时,有效提升缓存命令率和密钥查询效率,降低密钥文件I/O交互对查询性能的影响。In the current HDFS(Hadoop Distributed File System)key management system,the encryption zone keys are all loaded into the memory during startup of key service.With the increase of the key resource,the occupied memory space also grows,bringing the bottleneck of memory space and key indexing.There are three challenges induced:how to organize cached data and efficiently handle queries with missed keys,how to adjust key resources in the cache,and how to accurately predict the use of keys.In order to achieve fine-grained and efficient caching and improve the efficiency of key use,key caching optimization was considered from three aspects:key index data structure,key replacement algorithm,and key prefetching strategy.An architecture of key cache replacement module was designed,and then a key replacement algorithm based on the query frequency was set.Specifically,from the perspective of heat computing and key replacement,the potential influencing factors affecting the popularity of key cache were analyzed which considered the file system and user of key management system.Besides,the basic model of key usage popularity was constructed.The hash table and minheap linked list was combined to maintain the heat of the key in use,and the elimination algorithm was set based on heat identification.The key in the cache was dynamically updated,and key usage was adjusted by the time controller,so as to realize key replacement according to the key heat.For key prefetching,key usage rules were obtained through log mining and periodical usage analyzing of key provisioning policies,which considered business processes and the time period dimension of user accessing.Experimental results show that the proposed key replacement algorithm can effectively improve the hit rate of cache queries,reduce memory usage,and ameliorate the impact of key file I/O interaction on query performance.

关 键 词：密钥管理 缓存管理 使用效率计算 置换算法 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]