A cryptographic file system for UNIX
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Separating key management from file system security
Proceedings of the seventeenth ACM symposium on Operating systems principles
EROS: a fast capability system
Proceedings of the seventeenth ACM symposium on Operating systems principles
Programming semantics for multiprogrammed computations
Communications of the ACM
Fast and secure distributed read-only file system
ACM Transactions on Computer Systems (TOCS)
Strong Security for Network-Attached Storage
FAST '02 Proceedings of the Conference on File and Storage Technologies
Venti: A New Approach to Archival Storage
FAST '02 Proceedings of the Conference on File and Storage Technologies
A Framework for Evaluating Storage System Security
FAST '02 Proceedings of the Conference on File and Storage Technologies
The Design and Implementation of a Transparent Cryptographic File System for UNIX
Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
Security Considerations When Designing a Distributed File System Using Object Storage Devices
SISW '02 Proceedings of the First International IEEE Security in Storage Workshop
WMCSA '02 Proceedings of the Fourth IEEE Workshop on Mobile Computing Systems and Applications
Energy-aware demand paging on NAND flash-based embedded storages
Proceedings of the 2004 international symposium on Low power electronics and design
Farsite: federated, available, and reliable storage for an incompletely trusted environment
OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
Plutus: Scalable Secure File Sharing on Untrusted Storage
FAST '03 Proceedings of the 2nd USENIX Conference on File and Storage Technologies
Design, implementation and evaluation of security in iSCSI-based network storage systems
Proceedings of the second ACM workshop on Storage security and survivability
ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
Linux Device Drivers, 3rd Edition
Linux Device Drivers, 3rd Edition
Providing tunable consistency for a parallel file store
FAST'05 Proceedings of the 4th conference on USENIX Conference on File and Storage Technologies - Volume 4
Secure untrusted data repository (SUNDR)
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
OSDI '06 Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation - Volume 7
Design and implementation of modular key management protocol and IP secure tunnel on AIX
SSYM'95 Proceedings of the 5th conference on USENIX UNIX Security Symposium - Volume 5
Integrity checking in cryptographic file systems with constant trusted storage
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
From trusted to secure: building and executing applications that enforce system security
ATC'07 2007 USENIX Annual Technical Conference on Proceedings of the USENIX Annual Technical Conference
| Hi-index | 0.00 |
As computing models change, so too do the demands on storage. Distributed and virtualized systems introduce new vulnerabilities, assumptions, and performance requirements on disks. However,traditional storage systems have very limited capacity to implement needed "advanced storage" features such as integrity and dataisolation. This is largely due to the simple interfaces and limited computing resources provided by commodity hard-drives. A new generation of storage devices affords better opportunities to meet these new models, but little is known about how to exploit them. In this paper, we show that the recently introduced fast-accessnon-volatile RAM-enhanced hybrid (HHD) disk architectures can be used to implement a range of valuable storage-security services. We specifically discuss the use of these new architectures to provide data integrity, capability-based access control, and labeled information flow at the disk access layer. In this, we introduce systems that place a security perimeter at the disk interface--and deal with the parent operating system only as a largely untrusted entity.