FAST 2002 Abstract
A framework for evaluating storage system security
Erik Riedel, Mahesh Kallahalla, and Ram Swaminathan
There are a variety of ways to ensure the security of data
and the integrity of data transfer, depending on the set of
anticipated attacks, the level of security desired by data
owners, and the level of inconvenience users are willing
to tolerate. Current storage systems secure data either by
encrypting data on the wire, or by encrypting data on the
disk. These systems seem very different, and currently
there are no common parameters for comparing them. In
this paper we propose a framework in which both types
of systems can be evaluated along the security and performance
axes. In particular, we show that all of the
existing systems merely make different trade-offs along a
single continuum and among a set of related security
primitives. We use a trace from a time-sharing UNIX
server used by a medium-sized workgroup to quantify the
costs associated with each of these secure storage systems.
We show that encrypt-on-disk systems offer both
increased security and improved performance over
encrypt-on-wire in the traced environment.
- View the full text of this paper in
PDF. Until January 2003, you will need your USENIX membership identification in order to access the full papers.
The Proceedings are published as a collective work, © 2002 by the USENIX Association. All Rights Reserved. Rights to individual papers remain with the author or the author's employer. Permission is granted for the noncommercial reproduction of the complete work for educational or research purposes. USENIX acknowledges all trademarks within this paper.
- If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.
- To become a USENIX Member, please see our Membership Information.