Transparent mobile storage protection in trusted virtual domains

Proceedings of the 23rd Large Installation System Administration Conference, LISA 2009

Volumn , Issue , 2009, Pages 159-172

  Catuogno, Luigi ^a   Löhr, Hans ^a   Manulis, Mark ^b   Sadeghi, Ahmad Reza ^a   Winandy, Marcel ^a  

^a RUHR UNIVERSITY BOCHUM   (Germany)

^b DARMSTADT UNIVERSITY OF TECHNOLOGY   (Germany)

Author keywords

Mobile storage devices; Security; Trusted virtual domains; USB storage

Indexed keywords

CRYPTOGRAPHY; DATA PRIVACY; VIRTUAL STORAGE;

ACCESS CONTROL POLICIES; ARCHITECTURAL COMPONENTS; FEATURE IDENTIFICATION; IT INFRASTRUCTURES; POLICY ENFORCEMENT; PROTOTYPE IMPLEMENTATIONS; TRUSTED VIRTUAL DOMAINS; UNAUTHORIZED ACCESS;

ACCESS CONTROL;

EID: 84924573886     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (45)

1. ARMKNECHT, F., GASMI, Y., SADEGHI, A.-R., STEWIN, P., UNGER, M., RAMUNNO, G., AND VERNIZZI, D. An efficient implementation of trusted channels based on OpenSSL. In Proceedings of the 3rd ACM Workshop on Scalable Trusted Computing (STC 2008) (2008), ACM Press, pp. 41-50.
2. BACKES, M., CACHIN, C., AND OPREA, A. Lazy revocation in cryptographic file systems. In 3rd International IEEE Security in Storage Workshop (SISW 2005), December 13, 2005, San Francisco, California, USA (2005), pp. 1-11.
3. BACKES, M., CACHIN, C., AND OPREA, A. Secure key-updating for lazy revocation. In Computer Security - ESORICS 2006, 11th European Symposium on Research in Computer Security, Hamburg, Germany, September 18-20, 2006, Proceedings (2006), vol. 4189 of Lecture Notes in Computer Science, Springer, pp. 327-346.
4. BEAUTEMENT, A., COLES, R., J., IOANNIDIS, C., MONAHAN, B., PYM, D., SASSE, A., AND WONHAM, M. Modeling the human and technological costs and benefits of USB memory stick security. In Workshop on the Economics of Information Security (WISE) (2008).
5. BERGER, S., CÁCERES, R., PENDARAKIS, D. E., SAILER, R., VALDEZ, E., PEREZ, R., SCHILDHAUER, W., AND SRINIVASAN, D. TVDc: Managing security in the trusted virtual data-center. Operating Systems Review 42, 1 (2008), 40-47.
6. BERLINER, AND POLK. Concurrent versions system (cvs), 2001. http://www.cvshome.org/.
7. BLAZE, M. A cryptographic file system for unix. In ACM Conference on Computer and Communications Security (1993), pp. 9-16.
8. BRAY, T. Bonnie - filesystem benchmark tool. http://www.textuality.com/bonnie.
9. BUSSANI, A., GRIFFIN, J. L., JANSEN, B., JULISCH, K., KARJOTH, G., MARUYAMA, H., NAKAMURA, M., PEREZ, R., SCHUNTER, M., TANNER, A., DOORN, L. V., HERREWEGHEN, E. A. V., WAIDNER, M., AND YOSHIHAMA, S. Trusted Virtual Domains: Secure foundations for business and IT services. Tech. Rep. RC23792, IBM Research, 2005.
10. CABUK, S., DALTON, C. I., RAMASAMY, H. V., AND SCHUNTER, M. Towards automated provisioning of secure virtualized networks. In Proceedings of the 2007 ACM Conference on Computer and Communications Security, CCS 2007, Alexandria, Virginia, USA, October 28-31, 2007 (2007), ACM, pp. 235-245.
11. CACHIN, C., AND GEISLER, M. Integrity Protection for Revision Control. In Applied Cryptography and Network Security: 7th International Conference, ACNS 2009, Paris-Rocquencourt, France, June 2-5, 2009, Proceedings (2009), Springer, p. 382.
12. CATTANEO, G., CATUOGNO, L., SORBO, A. D., AND PERSIANO, P. The design and implementation of a transparent cryptographic file system for unix. In Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference, June 25-30, 2001, Boston, Massachusetts, USA (2001), USENIX, pp. 199-212.
13. CORNELL, B., DINDA, P., AND BUSTAMANTE, F. Wayback: A user-level versioning file system for linux. In Proceedings of Usenix Annual Technical Conference, FREENIX Track (2004), pp. 19-28.
14. DISTRIBUTED MANAGEMENT TASK FORCE.”web-based enterprise management (wbem)”. http://www.dmtf.org.
15. EUROPEAN MULTILATERALLY SECURE COMPUTING BASE(EMSCB) PROJECT. Towards trustworthy systems with open standards and trusted computing, 2008. http://www.emscb.de/.
16. EUROPEAN NETWORK AND INFORMATION SECURITY AGENCY (ENISA). Secure USB Flash Drives, June 2008. http://www.enisa.europa.eu/doc/pdf/publications/SecureUSBdrives_180608.pdf.
17. FABIAN, M. Endpoint security: managing USB-based removable devices with the advent of portable applications. In InfoSecCD '07: Proceedings of the 4th annual conference on Information security curriculum development (New York, NY, USA, 2007), ACM, pp. 1-5.
18. GALINDO, D., HERRANZ, J., AND KILTZ, E. On the generic construction of identity-based signatures with additional properties. In Advances in Cryptology - ASIACRYPT 2006, 12th International Conference on the Theory and Application of Cryptology and Information Security, Shanghai, China, December 3-7, 2006, Proceedings (2006), vol. 4284 of Lecture Notes in Computer Science, Springer, pp. 178-193.
19. GASMI, Y., SADEGHI, A.-R., STEWIN, P., UNGER, M., AND ASOKAN, N. Beyond secure channels. In Proceedings of the 1st ACM Workshop on Scalable Trusted Computing (STC'07) (2007), ACM Press, pp. 30-40.
20. GASMI, Y., SADEGHI, A.-R., STEWIN, P., UNGER, M., WINANDY, M., HUSSEIKI, R., AND STÜBLE, C. Flexible and secure enterprise rights management based on trusted virtual domains. In Proceedings of the 3rd ACM Workshop on Scalable Trusted Computing, STC 2008, Alexandria, VA, USA, October 31, 2008 (2008), ACM, pp. 71-80.
21. GOLDMAN, K., PEREZ, R., AND SAILER, R. Linking remote attestation to secure tunnel endpoints. In Proceedings of the First ACM Workshop on Scalable Trusted Computing (STC'06) (2006), pp. 21-24.
22. GRIFFIN, J. L., JAEGER, T., PEREZ, R., SAILER, R., VAN DOORN, L., AND CÁCERES, R. Trusted Virtual Domains: Toward secure distributed services. In Proceedings of the 1st IEEE Workshop on Hot Topics in System Dependability (HotDep'05) (June 2005).
23. GUILLOU, L. C., AND QUISQUATER, J.-J. A”paradoxical” indentity-based signature scheme resulting from zero-knowledge. In Advances in Cryptology - CRYPTO'88, 8th Annual International Cryptology Conference, Santa Barbara, California, USA, August 21-25, 1988, Proceedings (1990), vol. 403 of Lecture Notes in Computer Science, Springer, pp. 216-231.
24. HALDERMAN, J. A., SCHOEN, S. D., HENINGER, N., CLARK-SON, W., PAUL, W., CALANDRINO, J. A., FELDMAN, A. J., APPELBAUM, J., AND FELTEN, E. W. Lest we remember: cold-boot attacks on encryption keys. Commun. ACM 52, 5 (2009), 91-98.
25. KALLAHALLA, M., RIEDEL, E., SWAMINATHAN, R., WANG, Q., AND FU, K. Plutus: Scalable secure file sharing on untrusted storage. In Proceedings of the FAST'03 Conference on File and Storage Technologies, March 31 - April 2, 2003, Cathedral Hill Hotel, San Francisco, California, USA (2003), USENIX.
26. KATSUNO, Y., KUDO, M., PEREZ, P., AND SAILER, R. Towards Multi-Layer Trusted Virtual Domains. In The 2nd Workshop on Advances in Trusted Computing (WATC 2006 Fall) (Tokyo, Japan, Nov. 2006), Japanese Ministry of Economy, Trade and Industry (METI).
27. LI, J., KROHN, M. N., MAZIÈRES, D., AND SHASHA, D. Secure untrusted data repository (sundr). In OSDI (2004), pp. 121-136.
28. LIEDTKE, J. On micro-kernel construction. In SOSP (1995), pp. 237-250.
29. LÖHR, H., SADEGHI, A.-R., VISHIK, C., AND WINANDY, M. Trusted privacy domains - challenges for trusted computing in privacy-protecting information sharing. In Information Security Practice and Experience, 5th International Conference, ISPEC 2009 (2009), vol. 5451 of Lecture Notes in Computer Science, Springer, pp. 396-407.
30. MICROSFOT CORP. Bitlocker drive encryption, 2006. http://technet.microsoft.com/en- us/windows/ aa905065.aspx.
31. MUNISWAMY-REDDY, K., WRIGHT, C. P., HIMMER, A., AND ZADOK, E. A Versatile and User-Oriented Versioning File System. In Proceedings of the Third USENIX Conference on File and Storage Technologies (FAST 2004) (San Francisco, CA, March/April 2004), USENIX Association, pp. 115-128.
32. NAOR, D., SHENHAV, A., AND WOOL, A. Toward securing untrusted storage without public-key operations. In Proceedings of the 2005 ACM Workshop On Storage Security And Survivability, StorageSS 2005, Fairfax, VA, USA, November 11, 2005 (2005), ACM, pp. 51-56.
33. PARKIN, S. E., KASSAB, R. Y., AND VAN MOORSEL, A. P. A. The impact of unavailability on the effectiveness of enterprise information security technologies. In Service Availability, 5th International Service Availability Symposium, ISAS 2008, Tokyo, Japan, May 19-21, 2008, Proceedings (2008), vol. 5017 of Lecture Notes in Computer Science, Springer, pp. 43-58.
34. PETERSON, Z., AND BURNS, R. Ext3cow: a time-shifting file system for regulatory compliance. ACM Transactions on Storage (TOS) 1, 2 (2005), 190-212.
35. PETERSON, Z., BURNS, R., ATENIESE, G., AND BONO, S. Design and implementation of verifiable audit trails for a versioning file system. In Proceedings of the 5th USENIX conference on File and Storage Technologies table of contents (2007), USENIX Association Berkeley, CA, USA, pp. 20-20.
36. SHAPIRO, J. S., AND VANDERBURGH, J. Access and integrity control in a public-access, high-assurance configuration management system. In Proceedings of the 11th USENIX Security Symposium, San Francisco, CA, USA, August 5-9, 2002 (2002), USENIX, pp. 109-120.
37. SINGARAJU, G., AND KANG, B. H. Concord: A secure mobile data authorization framework for regulatory compliance. In Proceedings of the 22nd Large Installation System Administration Conference, LISA 2008, November 9-14, 2008, San Diego, CA, USA (2008), USENIX Association, pp. 91-102.
38. SOULES, C., GOODSON, G., STRUNK, J., AND GANGER, G. Metadata Efficiency in Versioning File Systems. In Proceedings of the 2nd USENIX Conference on File and Storage Technologies (2003), USENIX Association Berkeley, CA, USA, pp. 43-58.
39. STUMPF, F., TAFRESCHI, O., RÖDER, P., AND ECKERT, C. A robust integrity reporting protocol for remote attestation. In 2nd Workshop on Advances in Trusted Computing (WATC'06 Fall) (Tokyo, December 2006).
40. SZEREDI, M. File system in user space. http://sourceforge.net/projects/fuse.
41. TICHY, W. Design, implementation, and evaluation of a Revision Control System. In Proceedings of the 6th international conference on Software engineering (1982), IEEE Computer Society Press Los Alamitos, CA, USA, pp. 58-67.
42. TRUECRYPT FOUNDATION. Truecrypt - free open-source on-the-fly encryption, 2004. http://www.truecrypt.org/.
43. TRUSTED COMPUTING GROUP. TPM main specification, version 1.2 rev. 103, July 2007. https://www.trustedcomputinggroup.org.
44. WEINHOLD, C., AND HÄRTIG, H. VPFS: Building a virtual private file system with a small trusted computing base. In Proceedings of the 2008 EuroSys Conference, Glasgow, Scotland, UK, April 1-4, 2008 (2008), ACM, pp. 81-93.
45. WIRED. Under worm assault, military bans disks, USB drives, Nov. 2008. http://www.wired.com/dangerroom/2008/11/army-bans-usb-d.