基于脚本面向敏感文档的动态指纹溯源架构设计与实现  

作　　者：包立兴 赵峰 黄小罗 王洋[1] BAO Lixing;ZHAO Feng;HUANG Xiaoluo;WANG Yang(Shenzhen Institute of Advanced Technology,Chinese Academy of Sciences,Shenzhen 518055,China;College of Mathematics and Information Science of Hebei University,Baoding 071002,China;Xinjiang Institute of Ecology and Geography,Chinese Academy of Sciences,Urumqi 830011,China)

机构地区：[1]中国科学院深圳先进技术研究院,深圳518055 [2]河北大学数学与信息科学学院,保定071002 [3]中国科学院新疆生态与地理研究所,乌鲁木齐830011

出　　处：《集成技术》2024年第6期1-15,共15页Journal of Integration Technology

基　　金：第三次新疆综合科学考察项目(2021XJKK1300);国家重点研发计划项目(2021YFF1201700);深圳市科技计划项目(SGDX20220530111001003)。

摘　　要：数据溯源技术可以记录和追踪敏感文档的来源,从而防止文档泄露。传统的网络通路溯源对离线文档缺乏有效跟踪机制,基于加密文件的密钥追踪不能保证共享文件的有效溯源,现有的标注法、反向查询和数据水印技术往往需要用户参与,并在应用层实现,导致溯源的安全力度不够,缺乏透明性和灵活性,系统的整体扩展性不足。该文提出了一种创新的基于脚本的动态指纹溯源架构,该架构基于Linux内核实现底层溯源,加强了文档溯源的安全性和透明性;基于用户脚本实现指纹追踪算法,提升了文档溯源的灵活性和有效性。该架构同时面向多负载共享需求设计指纹驱动算法,可确保文档共享的高效性和可扩展性。经验证,该架构对操作系统的影响极小,同时具备出色的可扩展性。在处理单个或多个负载共享的场景时,指纹驱动算法展现了其透明性、实时性和高效性。Data provenance technology is capable of recording and tracking the origins of sensitive documents to prevent their leakage.Traditional network traceability methods are ineffective in tracking offline documents,and key tracing for encrypted files does not ensure reliable provenance for shared files.Existing techniques such as annotation,reverse querying,and data watermarking often require user involvement and are implemented at the application layer,resulting in inadequate security,lack of transparency and flexibility,and insufficient overall system scalability.This paper introduces an innovative script-based dynamic fingerprint provenance architecture that utilizes modifications to the Linux kernel to achieve foundational provenance,enhancing the security and transparency of document tracing.The fingerprint tracking algorithm is implemented through user scripts,improving the flexibility and effectiveness of document provenance.Additionally,the fingerprint-driven algorithm is designed to meet the demands of multi-load sharing,ensuring efficient and scalable document sharing.Upon verification,this architecture has a minimal impact on the operating system and exhibits excellent scalability.In scenarios involving single or multiple load sharing,the fingerprint-driven algorithm demonstrates transparency,real-time performance,and efficiency.

关 键 词：敏感文档 数据泄露 LINUX内核 动态溯源 用户脚本 指纹追踪 

分 类 号：TP302.1[自动化与计算机技术—计算机系统结构]