Research and Implementation of Distributed Data Synchronization and Revision Control Algorithm for Information Security Evaluation
|Ocean University of China
|Information security evaluation Distributed system Data synchronization Revision control
In the site process of information security evaluation, a huge number of evaluationrecord data would be produced and distributed on staff. Staff can modify evaluationrecord data repetitively and frequently and different versions of date set appear in theprocess of site assessment and report writing. A data synchronization and revisioncontrol algorithm is required to those data for a uniform management and control, tomake convenience for fetch latest evaluation record data from other staff immediatelyand correctly, and increase productivities.Traditional information management systems are usually implemented as B-Sarchitecture system, and a centre server is required to store all data and do all queries andmodify operations for data. Clients are required to keep online for communication to thecentre server, but in the environment of information security evaluation, for securityrestrictions, access to the Internet or intranet is forbidden by the corporation to beevaluated, and because of the large scale of the corporation building, Wi-Fi network canhardly reach every client alive and keep them online all the time.In this situation, this paper proposes an algorithm to synchronize the evaluationdata and control revisions, used for information security evaluation. This method refersto current popular source code revision control system Mercurial and Subversion,modeling with arborescence which is a kind of directed acyclic graph(DAG), uses theconcept revision and branch for evaluation data management, and defines several basicoperation commands, including COMMIT, POST, CHECKOUT, SWITCH, etc. Thisalgorithm is designed for real-world application, makes a better solution forsynchronization data in evaluation site without coverage of Wi-Fi network. Data can be synchronized later after finish site process of evaluation, and be collected by the centreserver and synchronize to all clients. This method decentralizes the architecture usuallyused in traditional Browser-Server information management system architecture makesthe whole system clients work as a distributed system.This algorithm makes revision control for evaluation data, and rollback operation isavailable for staff when some uncorrected data is found in current revision. For everychanges can be logged by revision control system, this system can also work as a securityauditing system.We implement a prototype system for evaluation data records management andsynchronization, working with this algorithm. It is spoken highly by the test team whenthis prototype was tested with real-world evaluation data, productivity is increased.The algorithm of data synchronization and revision control in this paper, can usefor not only data of information security evaluation, but also for systems workingwithout real-time network connection and data synchronization and revision control arerequired. Otherwise, this algorithm can modified for a general-purposed source coderevision control system familiar with Subversion and Mercurial.