Providing secure services for a virtual infrastructure
ACM SIGOPS Operating Systems Review
Hardware security appliances for trust
iTrust'03 Proceedings of the 1st international conference on Trust management
Towards accountability for electronic patient records
CBMS'03 Proceedings of the 16th IEEE conference on Computer-based medical systems
| Hi-index | 0.00 |
Many important security properties can be gained byencrypting stored data. However, these properties can besignificantly undermined if the encryption keys are notwell managed. This paper discusses how encryptionstrategies can be used to provide stronger segregation ofdata, remove "back door" access to data, and to reducethe reliance and trust placed in administrators of SANsystems. The focus is on the key management thatnecessarily forms a part of a secure encryption strategy.The work described is based on the use of a hardwaresecurity appliance (HSA) which augments traditionalHSMs with additional functionality to control the waykeys are used rather than just providing a secureenvironment for crypto functions. This allows securitycritical components or services to be pushed into trustedhardware thereby providing wider application or systemlevel securityThe paper shows how the HSA can be applied tosecurely managing the keys for the encryption strategiesneeded for SAN security.