TY - GEN
T1 - DISKSHIELD
T2 - 15th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2020
AU - Ahn, Jinwoo
AU - Lee, Junghee
AU - Ko, Yungwoo
AU - Min, Donghyun
AU - Park, Jiyun
AU - Park, Sungyong
AU - Kim, Youngjae
N1 - Funding Information:
This research was supported in part by Samsung Semiconductor research grant and by Next-Generation Information Computing Development Program through National Research Foundation of Korea (NRF) funded by the Ministry of Science, ICT (2017M3C4A7080243). Y. Kim is the corresponding author.
Publisher Copyright:
© 2020 ACM.
PY - 2020/10/5
Y1 - 2020/10/5
N2 - With the increasing importance of data, the threat of malware which destroys data has been increasing. If malware acquires the highest software privilege, any attempt to detect and remove malware can be disabled. In this paper, we propose DISKSHIELD, a secure storage framework. DISKSHIELD uses Intel SGX to provide Trusted Execution Environment (TEE) to the host, implements the file system into SSD firmware that provides a Trusted Computing Base (TCB), and uses a two-way authentication mechanism to securely transfer data from the host TEE to the SSD TCB against data tampering attacks. This design frees DISKSHIELD from attacks to the kernel. To show the efficacy of DISKSHIELD, we prototyped a DISKSHIELD system by modifying Intel IPFS and developing a device file system on the Jasmine OpenSSD Platform in a Linux environment. Our results show that DISKSHIELD provides strong data tamper resistance the throughput of read and write is on average to 28%, 19% lower than IPFS.
AB - With the increasing importance of data, the threat of malware which destroys data has been increasing. If malware acquires the highest software privilege, any attempt to detect and remove malware can be disabled. In this paper, we propose DISKSHIELD, a secure storage framework. DISKSHIELD uses Intel SGX to provide Trusted Execution Environment (TEE) to the host, implements the file system into SSD firmware that provides a Trusted Computing Base (TCB), and uses a two-way authentication mechanism to securely transfer data from the host TEE to the SSD TCB against data tampering attacks. This design frees DISKSHIELD from attacks to the kernel. To show the efficacy of DISKSHIELD, we prototyped a DISKSHIELD system by modifying Intel IPFS and developing a device file system on the Jasmine OpenSSD Platform in a Linux environment. Our results show that DISKSHIELD provides strong data tamper resistance the throughput of read and write is on average to 28%, 19% lower than IPFS.
KW - OS security
KW - storage security
KW - trusted computing
UR - http://www.scopus.com/inward/record.url?scp=85096392196&partnerID=8YFLogxK
U2 - 10.1145/3320269.3384717
DO - 10.1145/3320269.3384717
M3 - Conference contribution
AN - SCOPUS:85096392196
T3 - Proceedings of the 15th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2020
SP - 799
EP - 812
BT - Proceedings of the 15th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2020
PB - Association for Computing Machinery, Inc
Y2 - 5 October 2020 through 9 October 2020
ER -