Search

US-12619790-B2 - Data writing method, recovery method, and reading method, and corresponding apparatus

US12619790B2US 12619790 B2US12619790 B2US 12619790B2US-12619790-B2

Abstract

Implementations of the present specification provide a data writing, data recovery, and data reading method, and a corresponding secure disk apparatus. The data writing method includes following: User data blocks are first written into a write cache, and a plurality of user data blocks identified by LBAs are read from the write cache under a certain condition. For each user data block, an HBA is allocated to the user data block, authenticated encryption is performed on the user data block to generate an encrypted data block and authentication information, and first metadata corresponding to the user data block is generated, where the first metadata is organized in a form of a KV pair and includes the LBA, the HBA, and the authentication information. A plurality of write commands for the plurality of user data blocks are submitted to a host disk for the disk to store the encrypted data block based on the corresponding HBA. In addition, the first metadata corresponding to each user data block is further written into a first metadata table maintained by using an LSM tree. Then, a synchronization operation command is sent to the LSM tree and the host disk for the LSM tree and the host disk to complete data write persistence.

Inventors

  • Hongliang Tian
  • Qingsong Chen
  • Shaowei SONG
  • Shoumeng Yan

Assignees

  • Alipay (Hangzhou) Information Technology Co., Ltd.

Dates

Publication Date
20260505
Application Date
20241104
Priority Date
20231208

Claims (20)

  1. 1 . A data writing method, comprising: reading a plurality of user data blocks in a write cache under a trigger condition, each user data block including a logical block address (LBA) of the user data block; for each user data block, allocating a host block address (HBA) to the user data block, performing authenticated encryption on the user data block to generate an encrypted data block and authentication information, and generating first metadata corresponding to the user data block, the first metadata including a key-value (KV) pair and including the LBA, the HBA, and the authentication information; submitting a plurality of write commands for the plurality of user data blocks to a disk for the disk to store the encrypted data block in a first storage area of the disk based on the corresponding HBA; writing the first metadata corresponding to each user data block into a first metadata table maintained by using a log-structured merge (LSM) tree; and sending a synchronization operation command to the LSM tree and the disk for the LSM tree and the disk to complete data write persistence.
  2. 2 . The method according to claim 1 , wherein the trigger condition includes: the write cache is full, or an instruction for performing a synchronization operation is received.
  3. 3 . The method according to claim 1 , wherein the authentication information includes an encryption key and a message authentication code (MAC).
  4. 4 . The method according to claim 1 , wherein the allocating the HBA to the user data block includes: searching for and modifying block allocation information that records an allocation state of a block space in the disk, wherein the block allocation information is recorded in a form of a log.
  5. 5 . The method according to claim 4 , wherein the block allocation information includes a block validity table (BVT) in a form of a bitmap and a block allocation log, and pieces of the block allocation log are periodically merged to update the BVT.
  6. 6 . The method according to claim 1 , wherein the writing the first metadata into the first metadata table maintained by using the LSM tree includes: obtaining a current value of a primary synchronization identifier (ID) as a synchronization ID, wherein the primary synchronization ID is set to be incremented in response to the synchronization operation command; and writing the first metadata appended with the synchronization ID into a write-ahead log (WAL), and inserting the first metadata into the LSM tree, wherein the LSM tree performs a sorted string table (SST) operation transaction (Tx) in response to the data insertion, to generate an operation Tx log.
  7. 7 . The method according to claim 6 , wherein the primary synchronization ID is stored in a trusted persistent storage medium independent of the disk.
  8. 8 . The method according to claim 6 , wherein the writing the first metadata into the first metadata table maintained by using the LSM tree includes: allocating a data chunk from the first storage area for target log data in a form of a log, wherein the target log data includes at least one of: the WAL, the operation Tx log, or block allocation information that is used to record an allocation state of a block space in the disk and that is used when the HBA is allocated to each user data block; and encrypting and storing the target log data in the allocated data chunk, and updating second metadata related to the log, wherein the second metadata includes log metadata information that records a storage state of log data and a chunk validity table (CVT) that records an allocation state of each chunk.
  9. 9 . The method according to claim 8 , wherein the log metadata information includes a log information table and a log allocation table, the log information table records at least a log ID and a log category, and the log allocation table records at least a log ID and an ID of a chunk allocated to a log.
  10. 10 . The method according to claim 8 , wherein the encrypting and storing the target log data in the allocated data chunk includes: encrypting the target log data in a first encryption format and storing the target log data as encrypted in a second storage area of the disk, wherein the first encryption format includes organizing data ciphertext in a form of a Merkle tree (MHT).
  11. 11 . The method according to claim 8 , wherein the second metadata is recorded in a form of a journal, wherein the journal includes a record sequence of a plurality of records arranged in time order; and the updating the second metadata related to the log includes: appending a modification record related to incremental content updated this time to the record sequence.
  12. 12 . The method according to claim 11 , wherein the journal is stored in a second storage area of the disk in a second encryption format, wherein the second encryption format is chain encryption, and each of data blocks arranged in sequence stores authentication information of a previous data block.
  13. 13 . The method according to claim 11 , wherein the updating the second metadata related to the log further includes: in response to that a number of recent consecutive modification records reaches a threshold, reading a first snapshot record closest to current time in the record sequence and several modification records subsequent to the first snapshot record, accumulating information about the several modification records on first snapshot data corresponding to the first snapshot record to generate second snapshot data, generating a second snapshot record based on the second snapshot data, and appending the second snapshot record to the record sequence.
  14. 14 . The method according to claim 13 , wherein the first snapshot data is encrypted and stored in a first block space in the first storage area; and the updating the second metadata related to the log further includes: encrypting and storing the second snapshot data in a second block space in the first storage area, wherein the second block space is different from the first block space.
  15. 15 . The method according to claim 13 , wherein the generating the second snapshot record based on the second snapshot data includes: obtaining third metadata of the second snapshot data, and generating the second snapshot record based on the third metadata, wherein the third metadata includes a storage location and authentication information of the second snapshot data.
  16. 16 . The method according to claim 1 , wherein the write cache is a memory segment located in a trusted execution environment (TEE).
  17. 17 . The method according to claim 1 comprising: recovering, from the disk, the first metadata table maintained by using the LSM tree, the first metadata table being appended with a synchronization identifier (ID); determining, based on the synchronization ID in each piece of first metadata, first metadata whose synchronization is not completed; and discarding related data of the first metadata whose synchronization is not completed.
  18. 18 . The method according to claim 17 , wherein the recovering, from the disk, the first metadata table maintained by using the LSM tree includes: reading snapshot data from a predetermined block space in a first storage area of the disk, and reading a record sequence of encrypted journals from a second storage area; recovering latest second metadata by using the snapshot data and the record sequence, wherein the second metadata includes log metadata information that records a storage state of log data; and determining, based on the recovered log metadata information, a storage location of each log constituting a WAL in the disk, to read the WAL from the disk, wherein the WAL records each piece of first metadata in the LSM tree.
  19. 19 . The method according to claim 17 , wherein the determining the first metadata whose synchronization is not completed includes: reading a current primary synchronization ID from a trusted storage medium, and comparing the current primary synchronization ID with the synchronization ID in each piece of first metadata; and determining first metadata whose synchronization ID is equal to the primary synchronization ID as the first metadata whose synchronization is not completed.
  20. 20 . The method according to claim 1 , comprising: receiving a read request, the read request including a target LBA; querying the first metadata table by using the target LBA as a key to read target metadata, the target metadata further including a target HBA and target authentication information; and reading an encrypted data block from the disk based on the target HBA, and decrypting and authenticating the encrypted data block based on the target authentication information to obtain the user data block.

Description

TECHNICAL FIELD One or more implementations of the present specification relate to the field of data reading/writing security in a computer, and in particular, to a secure data writing method and reading method, and a data reading/writing management apparatus. BACKGROUND With development of computing technologies in various industries and an increase in a quantity of cloud and terminal users, a large amount of data is stored in various computer devices. As the industry develops, increasing more attention is paid to device and data security. To ensure security of devices and data, various architecture vendors also respectively propose their own solutions. For example, a secure encrypted virtualization (SEV) technology, or a software guard extension (SGX) technology are used for improving data or device security. These solutions provide users with secure trusted execution environments (TEEs) for confidentially storing and processing data, to prevent the data from being damaged by untrusted kernels and conventional application programs. SUMMARY The specification provides technical solutions that, among others, improve disk data security. One or more implementations of the present specification describe a secure virtual disk solution, and a method and apparatus for performing data writing, data recovery, and data reading based on the secure virtual disk. The solution can, among others, enhance protection of disk data security. According to an aspect, a data writing method is provided, including: reading a plurality of user data blocks in a write cache under a predetermined trigger condition, where each user data block is identified by a logical block address (LBA) of the user block; for each user data block, allocating a host block address (HBA) to the user data block, performing authenticated encryption on the user data block to generate an encrypted data block and authentication information, and generating first metadata corresponding to the user data block, where the first metadata is organized in a form of a key-pair (KV) pair and includes the LBA, the HBA, and the authentication information; submitting a plurality of write commands for the plurality of user data blocks to a host disk for the disk to store the encrypted data block in a first storage area of the disk based on the corresponding HBA; writing the first metadata corresponding to each user data block into a first metadata table maintained by using a log-structured merge (LSM) tree; and sending a synchronization operation command to the LSM tree and the host disk for the LSM tree and the host disk to complete data write persistence. According to an aspect, a data recovery method is provided, including: recovering, from a disk, a first metadata table maintained by using an LSM tree, where the first metadata table records first metadata corresponding to each user data block, and each piece of first metadata includes an LBA, an HBA, and authentication information of the user data block, and is appended with a synchronization ID; determining, based on the synchronization ID in each piece of first metadata, first metadata whose synchronization is not completed; and discarding related data of the first metadata whose synchronization is not completed. According to an aspect, a data reading method is provided, including: receiving a read request, where the read request includes a target LBA; querying a first metadata table by using the target LBA as a key to read target metadata, where the target metadata further includes a target HBA and target authentication information, and the first metadata table is maintained by using an LSM tree and records metadata corresponding to each user data block; and reading an encrypted data block from a disk based on the target HBA, and decrypting and authenticating the encrypted data block based on the target authentication information to obtain the user data block. According to an aspect, a data writing apparatus is provided, including: a reading unit, configured to read a plurality of user data blocks in a write cache under a predetermined trigger condition, where each user data block is identified by an LBA of the user block; a generation unit, configured to: for each user data block, allocate an HBA to the user data block, perform authenticated encryption on the user data block to generate an encrypted data block and authentication information, and generate first metadata corresponding to the user data block, where the first metadata is organized in a form of a KV pair and includes the LBA, the HBA, and the authentication information; a first writing unit, configured to submit a plurality of write commands for the plurality of user data blocks to a host disk for the disk to store the encrypted data block in a first storage area of the disk based on the corresponding HBA; a second writing unit, configured to write the first metadata corresponding to each user data block into a first metadata table maintained by using