I-Kudelski Security, inkampani egxile ekucwaningweni kwezokuphepha, ishicilele uhlelo lwefayela le-Oramfs ngokuqaliswa kobuchwepheshe be-ORM (Oblivious Random Access Machine), obufihla iphethini yokufinyelela idatha. Le phrojekthi iphakamisa imojuli ye-FUSE ye-Linux ngokusetshenziswa kongqimba lwesistimu yefayela olungakuvumeli ukulandelela ukwakheka kokubhala nokufunda imisebenzi. Ikhodi ye-Oramfs ibhalwe ngo-Rust futhi ilayisensi ngaphansi kwe-GPLv3.
Ubuchwepheshe be-ORAM bubandakanya ukwakhiwa kwesinye isendlalelo ngaphezu kokubethela, okungavumeli umuntu ukuthi anqume uhlobo lomsebenzi wamanje lapho esebenza nedatha. Isibonelo, uma ukubethela kusetshenziswa lapho kugcinwa idatha kusevisi yenkampani yangaphandle, abanikazi bale sevisi abakwazi ukuthola idatha ngokwayo, kodwa banganquma ukuthi yimaphi amabhulokhi afinyelelwayo nokuthi yimiphi imisebenzi eyenziwayo. I-ORAM ifihla ulwazi mayelana nokuthi yiziphi izingxenye ze-FS ezifinyelelwayo nokuthi hlobo luni lomsebenzi owenziwayo (ukufunda noma ukubhala).
I-Oramfs ihlinzeka ngesendlalelo sesistimu yefayela jikelele esikuvumela ukuthi wenze lula ukuhlelwa kokugcinwa kwedatha kunoma yisiphi isitoreji sangaphandle. Idatha igcinwa ibethelwe ngokuqinisekiswa kokuzithandela. I-ChaCha8, AES-CTR kanye ne-AES-GCM algorithms ingasetshenziselwa ukubethela. Amaphethini ekufinyeleleni kokubhala nokufunda afihliwe kusetshenziswa uhlelo lwe-Path ORAM. Esikhathini esizayo, ezinye izinhlelo zihlelelwe ukuthi zisetshenziswe, kodwa esimweni sayo samanje, ukuthuthukiswa kusesesiteji se-prototype, esinganconywa ukuthi sisetshenziswe ezinhlelweni zokukhiqiza.
I-Oramfs ingasetshenziswa nanoma yiluphi uhlelo lwefayela futhi ayincikile ohlotsheni lwesitoreji sangaphandle esiqondiwe - kungenzeka ukuvumelanisa amafayela kunoma iyiphi isevisi engafakwa ngendlela yohla lwemibhalo yendawo (SSH, FTP, Google Drive, Amazon S3 , I-Dropbox, i-Google Cloud Storage, i-Mail.ru Cloud , i-Yandex.Disk nezinye izinsizakalo ezisekelwa ku-rclone noma okukhona kuzo amamojula we-FUSE wokukhwezwa). Usayizi wesitoreji awulungisiwe futhi uma isikhala esengeziwe sidingeka, usayizi we-ORM ungandiswa ngamandla.
Ukusetha i-Oramfs kwehla ekuchazeni izinkomba ezimbili - zomphakathi neziyimfihlo, ezisebenza njengeseva neklayenti. Uhlu lwemibhalo olusesidlangalaleni lungaba yinoma yiluphi uhla lwemibhalo ohlelweni lwamafayela lwasendaweni oluxhunywe kusitoreji sangaphandle ngokuwakhweza nge-SSHFS, FTPFS, Rclone nanoma imaphi amanye amamojula e-FUSE. Uhla lwemibhalo oluyimfihlo luhlinzekwa yimojula ye-Oramfs FUSE futhi yakhelwe ukusebenza ngokuqondile namafayela agcinwe ku-ORM. Ifayela lesithombe se-ORAM litholakala kuhla lwemibhalo olusesidlangalaleni. Noma yikuphi ukusebenza okunohla lwemibhalo oluyimfihlo kuthinta isimo saleli fayela lesithombe, kodwa leli fayela libheke kobukeli bangaphandle njengebhokisi elimnyama, izinguquko ezingakwazi ukuhlotshaniswa nomsebenzi osohlwini lwemibhalo oluyimfihlo, okuhlanganisa noma ngabe umsebenzi wokubhala noma wokufunda wenziwa. .
Ama-Oramfs angasetshenziswa ezindaweni lapho izinga eliphezulu lobumfihlo lidingeka khona futhi ukusebenza kungadelelwa. Ukusebenza kuyehla ngoba konke ukusebenza kwesitoreji, okuhlanganisa imisebenzi yokufunda idatha, kuholela ekwakhiweni kabusha kwamabhulokhi esithombeni sesistimu yefayela. Isibonelo, ukufunda ifayela le-10MB kuthatha cishe isekhondi elingu-1, futhi i-25MB ithatha imizuzwana emi-3. Ukubhala i-10MB kuthatha imizuzwana engu-15, kanti i-25MB ithatha imizuzwana engu-50. Ngesikhathi esifanayo, i-Oramfs ishesha cishe izikhathi ezingu-9 lapho ifunda futhi ishesha izikhathi ezingu-2 uma iqhathaniswa nesistimu yefayela ye-UtahFS, eyakhiwe yi-Cloudflare futhi isekela imodi ye-ORM ngokuzikhethela.
Source: opennet.ru