On 01/15/2015 01:43 PM, Michael Halcrow wrote: > I previously presented on ext4 encryption at the 2014 Linux Security > Summit: > > http://kernsec.org/wiki/index.php/Linux_Security_Summit_2014/Abstracts/Halcrow > > http://kernsec.org/files/lss2014/Halcrow_EXT4_Encryption.pdf > > Our first prototype implementation has been in Ted Ts'o's unstable git > branch since November 2014. My team has made significant progress in > the months since, developing encryption policy and file name > encryption capabilities. We have completed the first major phase of > development and are preparing a patchset to iterate on the prototype. > > I will present our approach at applying different encryption policies > to different segments of the file system via a policy inheritance > scheme. I will discuss how file-granular policies can sythesize > multiple keys to cryptographically protect files. For example, both > logon credentials and off-device keys can together preclude access. > This work represents efforts by Ildar Muslukhov. > > I will also present the challenges involved in file name encryption on > a multi-tenant system and will discuss novel solutions spearheaded by > Uday Savagaonkar. This approach involves treating the user domain, > HTree domain, and disk domains for the file names separately and > applying different transformations depending upon whether or not the > encryption keys for the file names are available. > > Finally, I will discuss what our future plans are with respect to > encryption with integrity, which will include leveraging ext4 > transactions to enforce cryptographic consistency while managing > additional per-block authentication data. Are there any controversial topics that require a discussion here? It really sounds like just a presentation about ext4 encryption. Thanks, Sasha -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
