Re: [Lsf-pc] [LSF/MM TOPIC] ext4 Encryption Update: Policies, File Names, and Integrity

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 01/15/2015 01:43 PM, Michael Halcrow wrote:
> I previously presented on ext4 encryption at the 2014 Linux Security
> Summit:
> 
> http://kernsec.org/wiki/index.php/Linux_Security_Summit_2014/Abstracts/Halcrow
> 
> http://kernsec.org/files/lss2014/Halcrow_EXT4_Encryption.pdf
> 
> Our first prototype implementation has been in Ted Ts'o's unstable git
> branch since November 2014. My team has made significant progress in
> the months since, developing encryption policy and file name
> encryption capabilities. We have completed the first major phase of
> development and are preparing a patchset to iterate on the prototype.
> 
> I will present our approach at applying different encryption policies
> to different segments of the file system via a policy inheritance
> scheme. I will discuss how file-granular policies can sythesize
> multiple keys to cryptographically protect files. For example, both
> logon credentials and off-device keys can together preclude access.
> This work represents efforts by Ildar Muslukhov.
> 
> I will also present the challenges involved in file name encryption on
> a multi-tenant system and will discuss novel solutions spearheaded by
> Uday Savagaonkar. This approach involves treating the user domain,
> HTree domain, and disk domains for the file names separately and
> applying different transformations depending upon whether or not the
> encryption keys for the file names are available.
> 
> Finally, I will discuss what our future plans are with respect to
> encryption with integrity, which will include leveraging ext4
> transactions to enforce cryptographic consistency while managing
> additional per-block authentication data.

Are there any controversial topics that require a discussion here? It really
sounds like just a presentation about ext4 encryption.


Thanks,
Sasha

--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [Samba]     [Device Mapper]     [CEPH Development]
  Powered by Linux