1 / 6

Trusted Storage

Trusted Storage. Anjo Vahldiek , Eslam Elnikety , Ansley Post, Peter Druschel , Deepak Garg , Johannes Gehrke, Rodrigo Rodrigues MPI-SWS. Complex storage system. Lines of code. Application. 50K-10M. Database. 10-50M. Operating System. 30-100K. NFS. File System. 10K. Disk Driver.

carlyn
Télécharger la présentation

Trusted Storage

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Trusted Storage AnjoVahldiek, EslamElnikety, Ansley Post, Peter Druschel, DeepakGarg, Johannes Gehrke, Rodrigo Rodrigues MPI-SWS

  2. Complex storage system Lines of code Application 50K-10M Database 10-50M Operating System 30-100K NFS File System 10K Disk Driver Net Protocol 10K Net Driver 3rd-party storage service NFS Operating System File System Disk Driver Bugs, exploits, operator error threaten data integrity, durability, confidentiality

  3. Trusted Storage Trusted primitives provided by storage device Certificate: Full path name Policy Content hash Physical layout Access history Policy: Identity HW/SW Configuration Quota Time Location Application Database Operating System File System Disk Driver Trusted storage device Ensure data integrity, confidentiality, accountability independent of higher software layers

  4. Example: Ensuring integrity of backup data Threat: Software bug, virus or operator error corrupts online backup data Time-based Policy: No writes before a pre-determined expiration date of the backup

  5. Example: Ensuring integrity of executable files Threat: Virus replaces executable file with a Trojan Identity-based Policy: Disallow writes unless signed by vendor and version number is at least current - 1

  6. Summary • Trusted storage provides storage level accountability and enforcement of application policies • Guarantees independent of higher software layers • Implementation in progress • 0.05% NAND flash memory • < 3% performance overhead Please come see our poster!!!

More Related