A cost-effective, high-bandwidth storage architecture
Proceedings of the eighth international conference on Architectural support for programming languages and operating systems
Cost profile of a highly assured, secure operating system
ACM Transactions on Information and System Security (TISSEC)
Reincarnating PCs with portable SoulPads
Proceedings of the 3rd international conference on Mobile systems, applications, and services
Semantically-Smart Disk Systems
FAST '03 Proceedings of the 2nd USENIX Conference on File and Storage Technologies
Pioneer: verifying code integrity and enforcing untampered code execution on legacy systems
Proceedings of the twentieth ACM symposium on Operating systems principles
Self-securing storage: protecting data in compromised system
OSDI'00 Proceedings of the 4th conference on Symposium on Operating System Design & Implementation - Volume 4
Storage-based intrusion detection: watching storage activity for suspicious behavior
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Establishing the genuinity of remote computer systems
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Side effects are not sufficient to authenticate software
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Design and implementation of a TCG-based integrity measurement architecture
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Secure coprocessors in electronic commerce applications
WOEC'95 Proceedings of the 1st conference on USENIX Workshop on Electronic Commerce - Volume 1
Rapid Trust Establishment for Pervasive Personal Computing
IEEE Pervasive Computing
On the difficulty of validating voting machine software with software
EVT'07 Proceedings of the USENIX Workshop on Accurate Electronic Voting Technology
Turtles all the way down: research challenges in user-based attestation
HOTSEC'07 Proceedings of the 2nd USENIX workshop on Hot topics in security
OSLO: improving the security of trusted computing
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Trustworthy and personalized computing on public kiosks
Proceedings of the 6th international conference on Mobile systems, applications, and services
Trust '08 Proceedings of the 1st international conference on Trusted Computing and Trust in Information Technologies: Trusted Computing - Challenges and Applications
Proceedings of the 15th ACM conference on Computer and communications security
Bootstrapping trust in a "trusted" platform
HOTSEC'08 Proceedings of the 3rd conference on Hot topics in security
A Logic of Secure Systems and its Application to Trusted Computing
SP '09 Proceedings of the 2009 30th IEEE Symposium on Security and Privacy
On the difficulty of software-based attestation of embedded devices
Proceedings of the 16th ACM conference on Computer and communications security
Scalable Web Content Attestation
ACSAC '09 Proceedings of the 2009 Annual Computer Security Applications Conference
Unicorn: two-factor attestation for data security
Proceedings of the 18th ACM conference on Computer and communications security
GANGRENE: exploring the mortality of flash memory
HotSec'12 Proceedings of the 7th USENIX conference on Hot Topics in Security
| Hi-index | 0.02 |
Portable storage devices, such as key-chain USB devices, are ubiquitous. These devices are often used with impunity, with users repeatedly using the same storage device in open computer laboratories, Internet cafes, and on office and home computers. Consequently, they are the target of malware that exploit the data present or use them as a means to propagate malicious software. This paper presents the Kells mobile storage system. Kells limits untrusted or unknown systems from accessing sensitive data by continuously validating the accessing host's integrity state. We explore the design and operation of Kells, and implement a proof-of-concept USB 2.0 storage device on experimental hardware. Our analysis of Kells is twofold. We first prove the security of device operation (within a freshness security parameter Δt) using the LS2 logic of secure systems. Second, we empirically evaluate the performance of Kells. These experiments indicate nominal overheads associated with host validation, showing a worst case throughput overhead of 1.22% for read operations and 2.78% for writes.