The immersion of personal devices throughout our daily life is changing the nature of computer security: It is getting personal. Many people are now concerned about the loss of privacy, the financial consequences or even the personal risks that could result from device theft or hacker attacks. To counter such threats, and to remain trustworthy, personal devices should enforce storage security. State-of-the-art storage security solutions rely on hardware protected encryption. They cannot be deployed, as such, on personal devices either because they require additional hardware (e.g., NetApp’s SafeNet), or because they are constrained to specific hardware/software combinations (e.g., McAfee’s DeepSafe). In this paper, we propose a solution for personal devices equipped with a Trusted Execution Environment and a Secure Element. We propose Trusted Integrity Modules, separated by hardware from the operating system and applications, that guarantee the durability, confidentiality and integrity of a configurable subset of the filesystem data and meta-data. While, we detail our design with the Linux virtual file system, we expect that our results can be applied to a range of different file systems. As Trusted Execution Environments also become available in Cloud environments, we envisage that Trusted Integrity Modules could constitute the solution of choice for endpoint storage security on both clients and servers.
|Udgivet - 2014