基于查询热度的密钥索引缓存

doi:10.11959/j.issn.2096-109x.2023008

网络与信息安全学报 ›› 2023, Vol. 9 ›› Issue (1): 83-91.doi: 10.11959/j.issn.2096-109x.2023008

基于查询热度的密钥索引缓存

金伟¹^,²^,³, 李凤华¹^,², 周紫妍¹^,², 孙喜洋¹^,², 郭云川¹^,²

¹ 中国科学院信息工程研究所，北京 100093
² 中国科学院大学网络空间安全学院，北京 100049
³ 中国信息通信研究院，北京 100191

修回日期:2022-10-18 出版日期:2023-02-25 发布日期:2023-02-01
作者简介:金伟（1994- ），女，北京人，中国科学院信息工程研究所博士生，主要研究方向为大数据访问控制与密钥管理
李凤华（1966- ），男，湖北浠水人，博士，中国科学院信息工程研究所研究员、博士生导师，主要研究方向为网络与系统安全、信息保护、隐私计算
周紫妍（1998- ），女，河北秦皇岛人，中国科学院信息工程研究所博士生，主要研究方向为访问控制
孙喜洋（1996- ），女，黑龙江齐齐哈尔人，中国科学院信息工程研究所硕士生，主要研究方向为访问控制
郭云川（1977- ），男，四川营山人，博士，中国科学院信息工程研究所正高级工程师、博士生导师，主要研究方向为访问控制、形式化方法
基金资助:
国家自然科学基金(U1836203)

Cache of cryptographic key based on query popularity

Wei JIN¹^,²^,³, Fenghua LI¹^,², Ziyan ZHOU¹^,², Xiyang SUN¹^,², Yunchuan GUO¹^,²

¹ Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100093, China
² School of Cyber Security, University of Chinese Academy of Sciences, Beijing 100049, China
³ China Academy of Information and Communications Technology, Beijing 100191, China

Revised:2022-10-18 Online:2023-02-25 Published:2023-02-01
Supported by:
The National Natural Science Foundation of China(U1836203)

摘要/Abstract

摘要：

在当前的分布式文件系统（HDFS，Hadoop distributed file system）密钥管理系统中，加密区密钥在启动时全部加载至内存，提供密钥服务。随着密钥资源的增加，占据的内存空间也随之增长，带来内存空间不足和密钥索引瓶颈，如何组织缓存数据、高效处理未命中密钥的查询，如何调整缓存中的密钥资源，如何精准预测密钥的使用这三大要点是解决该瓶颈的关键所在。为了实现细粒度高效缓存，提高密钥使用效率，从密钥索引数据结构、密钥置换算法、密钥预取策略分析3个方面出发，设计了密钥缓存置换的模块架构，计算密钥热度，设置密钥置换算法。具体地，在密钥热度计算与缓存置换方面，从密钥所绑定的文件系统和用户出发，分析影响密钥缓存热度的潜在影响要素，构建密钥使用热度的基本模型，采用哈希表与小顶堆链表组合的方式，维护在用密钥的热度，基于热度识别设置淘汰算法，由时间控制器调整密钥使用，动态更新缓存中的密钥，从而实现基于热度计算的密钥差异化置换。在密钥预取策略分析方面，综合考虑业务流程和用户访问存在时间周期维度的规律，通过日志挖掘获取密钥使用规律，分析密钥预置策略。实验表明，所提密钥置换算法可在降低内存占用的同时，有效提升缓存命令率和密钥查询效率，降低密钥文件I/O交互对查询性能的影响。

关键词: 密钥管理, 缓存管理, 使用效率计算, 置换算法

Abstract:

In the current HDFS (Hadoop Distributed File System) key management system, the encryption zone keys are all loaded into the memory during startup of key service.With the increase of the key resource, the occupied memory space also grows, bringing the bottleneck of memory space and key indexing.There are three challenges induced: how to organize cached data and efficiently handle queries with missed keys, how to adjust key resources in the cache, and how to accurately predict the use of keys.In order to achieve fine-grained and efficient caching and improve the efficiency of key use, key caching optimization was considered from three aspects: key index data structure, key replacement algorithm, and key prefetching strategy.An architecture of key cache replacement module was designed, and then a key replacement algorithm based on the query frequency was set.Specifically, from the perspective of heat computing and key replacement, the potential influencing factors affecting the popularity of key cache were analyzed which considered the file system and user of key management system.Besides, the basic model of key usage popularity was constructed.The hash table and minheap linked list was combined to maintain the heat of the key in use, and the elimination algorithm was set based on heat identification.The key in the cache was dynamically updated, and key usage was adjusted by the time controller, so as to realize key replacement according to the key heat.For key prefetching, key usage rules were obtained through log mining and periodical usage analyzing of key provisioning policies, which considered business processes and the time period dimension of user accessing.Experimental results show that the proposed key replacement algorithm can effectively improve the hit rate of cache queries, reduce memory usage, and ameliorate the impact of key file I/O interaction on query performance.

Key words: key management, cache management, usage frequency calculation, key replacement algorithm

中图分类号:

TP393

金伟, 李凤华, 周紫妍, 孙喜洋, 郭云川. 基于查询热度的密钥索引缓存[J]. 网络与信息安全学报, 2023, 9(1): 83-91.

Wei JIN, Fenghua LI, Ziyan ZHOU, Xiyang SUN, Yunchuan GUO. Cache of cryptographic key based on query popularity[J]. Chinese Journal of Network and Information Security, 2023, 9(1): 83-91.

图/表 5

参考文献 21

[1]	第48次中国互联网络发展状况统计报告[R]. 中国互联网络信息中心. 2021.
	The 48th statistical report on the development of China's internet[R]. China Internet Network Information Center. 2021.
[2]	SHIHABUL H M , PEDDERSEN J , JANAPSATYA A ,et al. DEW:a fast level 1 cache simulation approach for embedded processors with FIFO replacement policy[C]// Proceedings of 2010 Design,Automation ＆ Test in Europe Conference ＆ Exhibition (DATE 2010). 2010: 496-501.
[3]	INOUE H , . Multi-step LRU:SIMD-based cache replacement for lower overhead and higher precision[C]// Proceedings of 2021 IEEE International Conference on Big Data. 2022: 174-180.
[4]	ZHENG Q , YANG T , KAN Y Z ,et al. On the analysis of cache invalidation with LRU replacement[J]. IEEE Transactions on Parallel and Distributed Systems, 2022,33(3): 654-666.
[5]	MATANI D , SHAH K , MITRA A . An O (1) algorithm for implementing the LFU cache eviction scheme[J]. arXiv preprint arXiv:2110.11602, 2021.
[6]	LIU Y , ZHI T , XI H D ,et al. A novel cache replacement scheme against cache pollution attack in content-centric networks[C]// Proceedings of 2019 IEEE/CIC International Conference on Communications in China (ICCC). 2019: 207-212.
[7]	HASSAN C A U , HAMMAD M , UDDIN M ,et al. Optimizing the performance of data warehouse by query cache mechanism[J]. IEEE Access, 2022,10: 13472-13480.
[8]	BALAJI V , CRAGO N , JALEEL A ,et al. P-OPT:practical optimal cache replacement for graph analytics[C]// Proceedings of 2021 IEEE International Symposium on High-Performance Computer Architecture (HPCA). 2021: 668-681.
[9]	CHEN H , XIAO Y , VRBSKY S V . An update-based step-wise optimal cache replacement for wireless data access[J]. Computer Networks, 2013,57(1): 197-212.
[10]	PRIYA B K , KUMAR S , BEGUM S ,et al. Enhancing the lifetime of STT-RAM with MRU replacement algorithm[C]// Proceedings of 4th International Conference on Recent Advances in Information Technology (RAIT). 2018: 1-6.
[11]	MEGIDDO N , MODHA D S . ARC:a self-tuning,low overhead replacement cache[C]// Proceedings of the 2nd USENIX Conference on File and Storage Technologies( FAST'03). 2003:9.
[12]	MEINT D , LIEBALD S . From FIFO to predictive cache replacement[J]. Network, 2019(25).
[13]	BUTT A R , GNIADY C , HU Y C . The performance impact of kernel prefetching on buffer cache replacement algorithms[C]// Proceedings of IEEE Transactions on Computers. 2007: 889-908.
[14]	OSMAN A M , OSMAN N I . A comparison of cache replacement algorithms for video services[J]. International Journal of Computer Science and Information Technology, 2018,10(2): 95-111.
[15]	刘恒, 谭良 . 并行计算框架Spark中一种新的RDD分区权重缓存替换算法[J]. 小型微型计算机系统, 2018,39(10): 2279-2284.
	LIU H , TAN L . New RDD partition weight cache replacement algorithm in spark[J]. Journal of Chinese Computer Systems, 2018,39(10): 2279-2284.
[16]	LEVANDOSKI J J , LARSON P ? , STOICA R . Identifying hot and cold data in main-memory databases[C]// Proceedings of 2013 IEEE 29th International Conference on Data Engineering (ICDE). Piscataway:IEEE Press, 2013: 26-37.
[17]	陈建, 沈潇军, 姚一杨 ,等. 基于密文策略属性基加密系统访问机制的缓存替换策略[J]. 计算机应用, 2017,37(10): 2964-2967.
	CHEN J , SHEN X J , YAO Y Y ,et al. Cache replacement strategy based on access mechanism of ciphertext policy attribute based encryption[J]. Journal of Computer Applications, 2017,37(10): 2964-2967.
[18]	葛微, 罗圣美, 周文辉 ,等. HiBase:一种基于分层式索引的高效HBase查询技术与系统[J]. 计算机学报, 2016,39(1): 140-153.
	GE W , LUO S M , ZHOU W H ,et al. HiBase:a hierarchical indexing mechanism and system for efficient HBase query[J]. Chinese Journal of Computers, 2016,39(1): 140-153.
[19]	王文楚 . 基于相变存储器的平行架构混合内存性能优化研究[D]. 武汉:华中科技大学, 2017.
	WANG W C . Improving the performance of parallel organization of hybrid memory system based on phase change memory[D]. Wuhan:Huazhong University of Science and Technology, 2017.
[20]	李崇杰 . 分布式文件系统缓存技术研究[D]. 南京:南京大学, 2019.
	LI C J . Research on cache techniques for distributed file system[D]. Nanjing:Nanjing University, 2019.
[21]	JIN W , GENG K , YU M J ,et al. Efficiently managing large-scale keys in HDFS[C]// Proceedings of 2021 IEEE 23rd Int Conf on High Performance Computing ＆ Communications; 7th Int Conf on Data Science ＆ Systems; 19th Int Conf on Smart City; 7th Int Conf on Dependability in Sensor,Cloud ＆ Big Data Systems ＆Application (HPCC/ DSS/SmartCity/DependSys). Piscataway:IEEE Press, 2022: 353-360.

基于查询热度的密钥索引缓存

Cache of cryptographic key based on query popularity

在线阅读

pdf下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 5

参考文献 21

相关文章 7

Metrics

推荐阅读 0

[1]	刘军, 袁霖, 冯志尚. 集群网络密钥管理方案研究综述[J]. 网络与信息安全学报, 2022, 8(6): 52-69.
[2]	徐堂炜,张海璐,刘楚环,肖亮,朱珍民. 基于强化学习的低时延车联网群密钥分配管理技术[J]. 网络与信息安全学报, 2020, 6(5): 119-125.
[3]	戴千一,徐开勇,郭松,蔡国明,周致成. 分布式网络环境下基于区块链的密钥管理方案[J]. 网络与信息安全学报, 2018, 4(9): 23-35.
[4]	刘俊杰,赵佳,张强,刘吉强,韩磊. 军事车载网密钥管理方案研究[J]. 网络与信息安全学报, 2018, 4(8): 39-46.
[5]	喻潇,田里,刘喆,王捷. 智能电网PDA终端的密钥管理和认证研究[J]. 网络与信息安全学报, 2018, 4(3): 68-75.
[6]	李德全,张习勇,张婷婷,郭冠军. 具有私钥自愈能力的DTN密钥管理方案[J]. 网络与信息安全学报, 2017, 3(4): 26-31.
[7]	范敏,蒋珏,汤琳,仇莫然,李超. 基于LEACH协议的WSN共享密钥管理方案的研究[J]. 网络与信息安全学报, 2016, 2(8): 32-38.