A linux kernel cryptographic framework: decoupling cryptographic keys from applications

Authors:
Nikos Mavrogiannopoulos;Miloslav Trmač;Bart Preneel
Affiliations:
COSIC/ESAT - IBBT Katholieke Universiteit Leuven;Red Hat;COSIC/ESAT - IBBT Katholieke Universiteit Leuven
Venue:
Proceedings of the 27th Annual ACM Symposium on Applied Computing
Year:
2012

Citing 8
Cited 0

A digital signature scheme secure against adaptive chosen-message attacks

SIAM Journal on Computing - Special issue on cryptography
API-Level Attacks on Embedded Systems

Computer
Key Agreement Protocols and Their Security Analysis

Proceedings of the 6th IMA International Conference on Cryptography and Coding
A secure and reliable bootstrap architecture

SP '97 Proceedings of the 1997 IEEE Symposium on Security and Privacy
Preventing privilege escalation

SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Formal Analysis of PKCS#11

CSF '08 Proceedings of the 2008 21st IEEE Computer Security Foundations Symposium
Operating System Security

Operating System Security
Attacking and fixing PKCS#11 security tokens

Proceedings of the 17th ACM conference on Computer and communications security

Quantified Score

Hi-index	0.00

Visualization

Abstract

This paper describes a cryptographic service framework for the Linux kernel. The framework enables user-space applications to perform operations with cryptographic keys, while at the same time ensuring that applications cannot directly access or extract the keys from storage. The framework makes use of the higher privilege levels of the operating system in order to provide this isolation. The paper discusses the relevant security requirements and expectations, and presents the design of the framework. A comparison with alternative designs is also provided.