Skip to main content
SpringerLink
Log in

An Efficient Way to Build Secure Disk

  • Conference paper
Information Security Practice and Experience (ISPEC 2006)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 3903))

Abstract

Protecting data confidentiality and integrity is important to ensure secure computing. Approach that integrates encryption and hash tree based verification is proposed here to protect disk data. Together with sector-level operation, it can provide protection with characters as online checking, high resistance against attacks, any data protection and unified low-level mechanism. To achieve satisfied performance, it adopts a special structure hash tree, and defines hash sub-trees corresponding to the frequently accessed disk regions as hot-access-windows. Utilizing hot-access-windows, simplifying the layout of tree structure and correctly buffering portion nodes of hash tree, it can reduce the cost of protection sufficiently. At the same time, it is convenient for fast recovery to maintain consistency effectively. Related model, approach and system realization are elaborated, as well as testing results. Theoretical analysis and experimental simulation show that it is a practical and available way to build secure disk.

This work is supported by National Laboratory for Modern Communications (No. 51436050505KG0101).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Merkle, R.C.: Protocols for public key cryptography. In: IEEE Symposium on Security and Privacy, pp. 122–134 (1980)

    Google Scholar 

  2. Blum, M., Evans, W.S., Gemmell, P., Kannan, S., Naor, M.: Checking the correctness of memories. In: IEEE Symposium on Foundations of Computer Science, pp. 90–99 (1991)

    Google Scholar 

  3. Gassend, B., Suh, G.E., Clarke, D., van Dijk, M., Devadas, S.: Caches and merkle trees for efficient memory authentication. In: Ninth International Symposium on High Performance Computer Architecture (2003)

    Google Scholar 

  4. Suh, G.E., Clarke, D., Gassend, B., van Dijk, M., Devadas, S.: Hardware Mechanisms for Memory Integrity Checking. Technical report, MIT LCS TR-872 (2003)

    Google Scholar 

  5. Blaze, M.: A cryptographic file system for unix. In: 1st ACM Conference on Communications and Computing Security, pp. 9–16 (1993)

    Google Scholar 

  6. Zadok, E., Badulescu, I., Shender, A.: Cryptfs: A stackable vnode level encryption file system. Technical report, Computer Science Department, Columbia University (1998)

    Google Scholar 

  7. Tripwire, http://www.tripwire.org

  8. Fu, K., kaashoek, F., Mazieres, D.: Fast and secure distributed read-only file system. In: Proceedings of OSDI 2000 (2000)

    Google Scholar 

  9. Mazieres, D., Shasha, D.: Don’t trust your file server. In: 8th Workshop on Hot Topics in Operating Systems (2001)

    Google Scholar 

  10. Stein, C.A., Howard, J.H., Seltzer, M.I.: Unifying file system protection. In: 2001 USENIX Annual Technical Conference, pp. 79–90 (2001)

    Google Scholar 

  11. Tomonori, F., Masanori, O.: Protecting the Integrity of an Entire File System. In: First IEEE International Workshop on Information Assurance (2003)

    Google Scholar 

  12. Suh, G.E., Clarke, D., Gassend, B., van Dijk, M., Devadas, S.: Aegis: Architecture for tamper- evident and tamper-resistant processing. 17th Int’l Conference on Supercomputing (2003)

    Google Scholar 

  13. Hou, F., Wang, Z., Tang, Y., Liu, J.: Verify Memory Integrity Basing on Hash Tree and MAC Combined Approach. In: International Conference on Embedded and Ubiquitous Computing (2004)

    Google Scholar 

  14. Howard, J.H., Kazar, M.L., Menees, S.G., Nichols, D.A., Satyanarayanan, M., Sidebotham, R.N., West, M.J.: Scale and performance in a distributed file system. ACM Transactions on Computer Systems 6, 51–81 (February 1988)

    Article  Google Scholar 

  15. HP Labs. Tools and traces, http://www.hpl.hp.com/research/

  16. Bellare, M., Micciancio, D.: A New Paradigm for collision-free hashing: Incrementality at reduced cost. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 163–192. Springer, Heidelberg (1997)

    Chapter  Google Scholar 

  17. Wang, X., Feng, D., Lai, X., Yu, H.: Collisions for hash functions MD4, MD5, HAVAL-128 and RIPEMD. In: Crypto 2004 (2004)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computer, National University of Defense Technology, Changsha, 410073, P.R. China

    Fangyong Hou, Hongjun He, Zhiying Wang & Kui Dai

Authors
  1. Fangyong Hou
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hongjun He
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Zhiying Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Kui Dai
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science and Engineering, Shanghai Jiao Tong University, 200240, Shanghai, China

    Kefei Chen  & Xuejia Lai  & 

  2. Singapore Management University (SMU), 80 Stamford Road, 178902, Singapore

    Robert Deng

  3. Cryptography and Security Department Institute for Infocomm Research, Singapore

    Jianying Zhou

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Hou, F., He, H., Wang, Z., Dai, K. (2006). An Efficient Way to Build Secure Disk. In: Chen, K., Deng, R., Lai, X., Zhou, J. (eds) Information Security Practice and Experience. ISPEC 2006. Lecture Notes in Computer Science, vol 3903. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11689522_27

Download citation

  • DOI: https://doi.org/10.1007/11689522_27

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-33052-3

  • Online ISBN: 978-3-540-33058-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation