Upload
meghan-patterson
View
214
Download
0
Embed Size (px)
Citation preview
Feb. 16th 2012 FAST’12 WiP [email protected]
Trusted Storage
Anjo Vahldiek, Eslam Elnikety, Ansley Post, Peter Druschel, Deepak Garg, Johannes Gehrke, Rodrigo Rodrigues
MPI-SWS
Feb. 16th 2012 FAST’12 WiP [email protected]
ApplicationDatabase
Complex storage system
Operating SystemNFS
Lines of code
50K-10M10-50M30-100K
10KNet ProtocolNet Driver 10K
Operating SystemNFS
File SystemDisk Driver
Bugs, exploits, operator error threaten data integrity, durability, confidentiality
File SystemDisk Driver
3rd-party storage service
Feb. 16th 2012 FAST’12 WiP [email protected]
Certificate:Full path namePolicyContent hashPhysical layoutAccess history
Policy:IdentityHW/SW ConfigurationQuotaTimeLocation
Trusted StorageTrusted primitives provided by storage device
ApplicationDatabase
Operating System
Trusted storage deviceEnsure data integrity, confidentiality, accountability
independent of higher software layers
File SystemDisk Driver
Feb. 16th 2012 FAST’12 WiP [email protected]
Example: Ensuring integrity of backup data
Threat:Software bug, virus or operator error corrupts online backup data
Time-based Policy: No writes before a pre-determined expiration date of the backup
Feb. 16th 2012 FAST’12 WiP [email protected]
Example: Ensuring integrity of executable files
Threat:Virus replaces executable file with a Trojan
Identity-based Policy: Disallow writes unless signed by vendorand version number is at least current - 1
Feb. 16th 2012 FAST’12 WiP [email protected]
Summary
• Trusted storage provides storage level accountability and enforcement of application policies
• Guarantees independent of higher software layers• Implementation in progress– 0.05% NAND flash memory– < 3% performance overhead
Please come see our poster!!!