Virtual memory primitives for user programs
ASPLOS IV Proceedings of the fourth international conference on Architectural support for programming languages and operating systems
Authentication and authenticated key exchanges
Designs, Codes and Cryptography
A cryptographic file system for UNIX
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
File-system development with stackable layers
ACM Transactions on Computer Systems (TOCS) - Special issue on operating systems principles
Modern Cryptography, Probabilistic Proofs, and Pseudorandomness
Modern Cryptography, Probabilistic Proofs, and Pseudorandomness
How to Make Replicated Data Secure
CRYPTO '87 A Conference on the Theory and Applications of Cryptographic Techniques on Advances in Cryptology
From Differential Cryptoanalysis to Ciphertext-Only Attacks
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Description of a New Variable-Length Key, 64-bit Block Cipher (Blowfish)
Fast Software Encryption, Cambridge Security Workshop
Cryptographic support for secure logs on untrusted machines
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Software generation of practically strong random numbers
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Secure deletion of data from magnetic and solid-state memory
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
ATEC '99 Proceedings of the annual conference on USENIX Annual Technical Conference
Cryptography in OpenBSD: an overview
ATEC '99 Proceedings of the annual conference on USENIX Annual Technical Conference
Linear statistical weakness of alleged RC4 keystream generator
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
File system encryption with integrated user management
ACM SIGOPS Operating Systems Review
Zero-interaction authentication
Proceedings of the 8th annual international conference on Mobile computing and networking
How to Manage Persistent State in DRM Systems
DRM '01 Revised Papers from the ACM CCS-8 Workshop on Security and Privacy in Digital Rights Management
Journal of Systems Architecture: the EUROMICRO Journal
On the performance, feasibility, and use of forward-secure signatures
Proceedings of the 10th ACM conference on Computer and communications security
Protecting applications with transient authentication
Proceedings of the 1st international conference on Mobile systems, applications and services
Securing distributed storage: challenges, techniques, and systems
Proceedings of the 2005 ACM workshop on Storage security and survivability
Cryptography as an operating system service: A case study
ACM Transactions on Computer Systems (TOCS)
The case for transient authentication
EW 10 Proceedings of the 10th workshop on ACM SIGOPS European workshop
Data lifetime is a systems problem
Proceedings of the 11th workshop on ACM SIGOPS European workshop
Scrubbing Stubborn Data: An Evaluation of Counter-Forensic Privacy Tools
IEEE Security and Privacy
Mobile Device Security Using Transient Authentication
IEEE Transactions on Mobile Computing
Cryptographic device support for FreeBSD
BSDC'03 Proceedings of the BSD Conference 2003 on BSD Conference
Security analysis of the palm operating system and its weaknesses against malicious code threats
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
SC-CFS: smartcard secured cryptographic file system
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Establishing the genuinity of remote computer systems
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Understanding data lifetime via whole system simulation
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
Shredding your garbage: reducing data lifetime through secure deallocation
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Security analysis of the palm operating system and its weaknesses against malicious code threats
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
SC-CFS: smartcard secured cryptographic file system
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
GnatDb: a small-footprint, secure database system
VLDB '02 Proceedings of the 28th international conference on Very Large Data Bases
A data outsourcing architecture combining cryptography and access control
Proceedings of the 2007 ACM workshop on Computer security architecture
Bunker: a privacy-oriented platform for network tracing
NSDI'09 Proceedings of the 6th USENIX symposium on Networked systems design and implementation
Information protection via environmental data tethers
NSPW '07 Proceedings of the 2007 Workshop on New Security Paradigms
Vanish: increasing data privacy with self-destructing data
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Keypad: an auditing file system for theft-prone devices
Proceedings of the sixth conference on Computer systems
Information seesaw: availability vs. security management in the UbiComp world
SDM'05 Proceedings of the Second VDLB international conference on Secure Data Management
A method for safekeeping cryptographic keys from memory disclosure attacks
INTRUST'09 Proceedings of the First international conference on Trusted Systems
Data node encrypted file system: efficient secure deletion for flash memory
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Eternal sunshine of the spotless machine: protecting privacy with ephemeral channels
OSDI'12 Proceedings of the 10th USENIX conference on Operating Systems Design and Implementation
CleanOS: limiting mobile data exposure with idle eviction
OSDI'12 Proceedings of the 10th USENIX conference on Operating Systems Design and Implementation
| Hi-index | 0.00 |
In modern operating systems, cryptographic file systems can protect confidential data from unauthorized access. However, once an authorized process has accessed data from a cryptographic file system, the data can appear as plaintext in the unprotected virtual memory backing store, even after system shutdown. The solution described in this paper uses swap encryption for processes in possession of confidential data. Volatile encryption keys are chosen randomly, and remain valid only for short time periods. Invalid encryption keys are deleted, effectively erasing all data that was encrypted with them. The swap encryption system has been implemented for the UVM [7] virtual memory system and its performance is acceptable.