Non-repudiable disk I/O in untrusted kernels
| Autor: | Thomas Bytheway, Andy Hopper, Lucian Carata, Ripduman Sohan, Nikilesh Balakrishnan |
|---|---|
| Rok vydání: | 2017 |
| Předmět: |
021110 strategic
defence & security studies business.industry Computer science 0211 other engineering and technologies 02 engineering and technology Data loss computer.software_genre Precondition Trustworthiness Kernel (image processing) 020204 information systems Data integrity Computer data storage 0202 electrical engineering electronic engineering information engineering Operating system Core system Verifiable secret sharing business computer |
| Zdroj: | APSys |
| DOI: | 10.1145/3124680.3124745 |
| Popis: | It is currently impossible for an application to verify that the data it passes to the kernel for storage is actually submitted to an underlying device or that the data returned to an application by the kernel has actually originated from an underlying device. A compromised or malicious OS can silently discard data written by the application or return fabricated data during a read operation. This is a serious data integrity issue for use-cases where verifiable storage and retrieval of data is a necessary precondition for ensuring correct operation, for example with secure logging, APT monitoring and compliance. We outline a solution for verifiable data storage and retrieval by providing a trustworthy mechanism, based on Intel SGX, to authenticate and verify request data at both the application and storage device endpoints. Even in the presence of a malicious OS our design ensures the authenticity and integrity of data while performing disk I/O and detects any data loss attributable to the untrusted OS fabricating or discarding read and write requests respectively. We provide a nascent prototype implementation for the core system together with an evaluation highlighting the temporal overheads imposed by this mechanism. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|