An efficient way to build secure disk

Authors:
Fangyong Hou;Hongjun He;Zhiying Wang;Kui Dai
Affiliations:
School of Computer, National University of Defense Technology, Changsha, P.R. China;School of Computer, National University of Defense Technology, Changsha, P.R. China;School of Computer, National University of Defense Technology, Changsha, P.R. China;School of Computer, National University of Defense Technology, Changsha, P.R. China
Venue:
ISPEC'06 Proceedings of the Second international conference on Information Security Practice and Experience
Year:
2006

Citing 10
Cited 1

Scale and performance in a distributed file system

ACM Transactions on Computer Systems (TOCS)
Checking the correctness of memories

SFCS '91 Proceedings of the 32nd annual symposium on Foundations of computer science
A cryptographic file system for UNIX

CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Unifying File System Protection

Proceedings of the General Track: 2002 USENIX Annual Technical Conference
AEGIS: architecture for tamper-evident and tamper-resistant processing

ICS '03 Proceedings of the 17th annual international conference on Supercomputing
Caches and Hash Trees for Efficient Memory Integrity Verification

HPCA '03 Proceedings of the 9th International Symposium on High-Performance Computer Architecture
Protecting the Integrity of an Entire File System

IEEE-IWIA '03 Proceedings of the First IEEE International Workshop on Information Assurance (IWIA'03)
Don't Trust Your File Server

HOTOS '01 Proceedings of the Eighth Workshop on Hot Topics in Operating Systems
Fast and secure distributed read-only file system

OSDI'00 Proceedings of the 4th conference on Symposium on Operating System Design & Implementation - Volume 4
A new paradigm for collision-free hashing: incrementality at reduced cost

EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques

Protect Disk Integrity: Solid Security, Fine Performance and Fast Recovery

ISA '09 Proceedings of the 3rd International Conference and Workshops on Advances in Information Security and Assurance

Quantified Score

Hi-index	0.00

Visualization

Abstract

Protecting data confidentiality and integrity is important to ensure secure computing. Approach that integrates encryption and hash tree based verification is proposed here to protect disk data. Together with sector-level operation, it can provide protection with characters as online checking, high resistance against attacks, any data protection and unified low-level mechanism. To achieve satisfied performance, it adopts a special structure hash tree, and defines hash sub-trees corresponding to the frequently accessed disk regions as hot-access-windows. Utilizing hot-access-windows, simplifying the layout of tree structure and correctly buffering portion nodes of hash tree, it can reduce the cost of protection sufficiently. At the same time, it is convenient for fast recovery to maintain consistency effectively. Related model, approach and system realization are elaborated, as well as testing results. Theoretical analysis and experimental simulation show that it is a practical and available way to build secure disk.