论文信息 - XExt3: The Design and Implementation of a Security Enhanced Ext3 File System

XExt3: The Design and Implementation of a Security Enhanced Ext3 File System

In this paper we develop an extended Ext3(XExt3) which means security enhanced file system. It can be used in generic Linux systems or trusted operating systems (TOS) as a file system. The XExt3 file system can protect data of a computer system from physical theft by encrypting them. We concentrate on balancing security, transparency and portability while minimizing computational overheads. For security and transparency, the XExt3 supports file protection, Linux group sharing, and the minimization of interactions between users and the system. In the aspect of performance, we minimize the overheads by implementing the proposed method on a native Ext3 file system in a Linux operating system. Finally we implement our system as a Linux kernel module for high portability. Our experimental results show that the XExt3 is about 3 or 4 times faster than previous cryptographic file systems.

Kouichi Sakurai | Dong-Hoon Yoo | Ji-Ho Cho | Hyung-Chan Kim

[1] Ronald L. Rivest,et al. The MD5 Message-Digest Algorithm , 1992, RFC.

[2] Bruce Schneier,et al. Description of a New Variable-Length Key, 64-bit Block Cipher (Blowfish) , 1993, FSE.

[3] Erez Zadok,et al. Cryptfs: A Stackable Vnode Level Encryption File System , 1998 .

[4] Erez Zadok,et al. Proceedings of the General Track: 2003 Usenix Annual Technical Conference Ncryptfs: a Secure and Convenient Cryptographic File System , 2022 .

[5] Vincent Rijmen,et al. The Design of Rijndael: AES - The Advanced Encryption Standard , 2002 .

[6] P. Samarati,et al. Access control: principle and practice , 1994, IEEE Communications Magazine.

[7] Andy Oram,et al. Understanding the Linux Kernel, Second Edition , 2002 .

[8] Daniel Pierre Bovet,et al. Understanding the Linux Kernel , 2000 .

[9] Matt Bishop,et al. Computer Security: Art and Science , 2002 .

[10] Vincent Rijmen,et al. The Design of Rijndael , 2002, Information Security and Cryptography.

[11] Charles P. Pfleeger,et al. Security in computing , 1988 .

[12] Matt Blaze,et al. A cryptographic file system for UNIX , 1993, CCS '93.

[13] Robert Love,et al. Linux Kernel Development , 2003 .

[14] Cynthia E. Irvine. The Reference Monitor Concept as a Unifying Principle in Computer Security Education , 1999 .