On Thu, Jan 15, 2015 at 01:56:43PM -0500, Sasha Levin wrote: > On 01/15/2015 01:43 PM, Michael Halcrow wrote: > > I previously presented on ext4 encryption at the 2014 Linux Security > > Summit: > > > > http://kernsec.org/wiki/index.php/Linux_Security_Summit_2014/Abstracts/Halcrow > > > > http://kernsec.org/files/lss2014/Halcrow_EXT4_Encryption.pdf > > > > Our first prototype implementation has been in Ted Ts'o's unstable git > > branch since November 2014. My team has made significant progress in > > the months since, developing encryption policy and file name > > encryption capabilities. We have completed the first major phase of > > development and are preparing a patchset to iterate on the prototype. > > > > I will present our approach at applying different encryption policies > > to different segments of the file system via a policy inheritance > > scheme. I will discuss how file-granular policies can sythesize > > multiple keys to cryptographically protect files. For example, both > > logon credentials and off-device keys can together preclude access. > > This work represents efforts by Ildar Muslukhov. > > > > I will also present the challenges involved in file name encryption on > > a multi-tenant system and will discuss novel solutions spearheaded by > > Uday Savagaonkar. This approach involves treating the user domain, > > HTree domain, and disk domains for the file names separately and > > applying different transformations depending upon whether or not the > > encryption keys for the file names are available. > > > > Finally, I will discuss what our future plans are with respect to > > encryption with integrity, which will include leveraging ext4 > > transactions to enforce cryptographic consistency while managing > > additional per-block authentication data. > > Are there any controversial topics that require a discussion here? It really > sounds like just a presentation about ext4 encryption. Yes, it's largely a presentation. I'd be very happy to see this topic rejected on the grounds that there's too little controversy. -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
