Skip to main content
Springer Nature Link
Log in

Integration of a Cryptographic File System and Access Control

  • Conference paper
Intelligence and Security Informatics (WISI 2006)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 3917))

Included in the following conference series:

  • 696 Accesses

Abstract

The importance of kernel-level security mechanisms such as a file system and access control has been increasingly emphasized as weaknesses in user-level applications. However, when using only access control, including role-based access control (RBAC), a system is vulnerable to a low-level or physical attack. In addition, when using only a cryptographic file system, a system also has a weakness that it is unable to protect itself. To overcome these vulnerabilities, we integrated a cryptographic file system into the access control, and developed a prototype.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. National Computer Security Center, A Guide to understanding Discretionary Access Control in Trusted Systems (December 30 , 1987)

    Google Scholar 

  2. Hitchens, M., Varadharajan, V.: Design and specification of role based access control policies. IEE Proceedings Software 147(4), 117–129 (2000)

    Article  Google Scholar 

  3. Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST standard for role-based access control. ACM Transactions on Information and System Security 4(3), 224–274 (2001)

    Article  Google Scholar 

  4. Blaze, M.: A cryptographic file system for UNIX. In: First ACM Conference on Communication and Computing Security, Fairfax VA, pp. 158–165 (1993)

    Google Scholar 

  5. Cattaneo, G., Persiano, G.: Design and Implementation of a transparent cryptographic file system for UNIX. In: Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference, pp. 199–212 (2001)

    Google Scholar 

  6. Zadok, E., Badulescu, I., Shender, A.: Cryptfs: A stackable vnode level encryption file system, Technical Report CUCS-021-98, Computer Science Department, Columbia University (1998)

    Google Scholar 

  7. Ferraiolo, D.F., Cugini, J., Kuhn, D.R.: Role-based access control: features and motivations. In: Proceedings of The 11th Annual Computer Security Applications Conference, New Orleans, USA, December 1995, pp. 241–248 (1995)

    Google Scholar 

  8. Wright, C.P., Dave, J., Zadok, E.: Cryptographic file systems performance: What you don’t know can hurt you. In: Proceedings of the 2003 IEEE Security In Storage Workshop (SISW 2003) (October 2003)

    Google Scholar 

  9. Zadok, E., Nieh, J.: FiST: A language for stackable file systems. In: USENIX Annual Conference (June 2000)

    Google Scholar 

  10. Heidemann, J.S., Popek, G.J.: File system development with stackable layers. Source ACM Transactions on Computer Systems (TOCS) Archive 12(1), 58–89 (1994)

    Article  Google Scholar 

  11. Schneier, B.: Applied Cryptography, 2nd edn. Wiley & Sons, Chichester (1995)

    MATH  Google Scholar 

  12. Koch, M., Mancini, L.V., Parisi-Presicce, F.: A graph-based formalism for RBAC. ACM Transactions on Information and System Security (TISSEC) Archive 5(3), 332–365 (2002)

    Article  Google Scholar 

  13. Telecommunication Technology Association, 128-bit Symmetric Block Cipher (SEED) (September 1999)

    Google Scholar 

  14. Spencer, R., Smalley, S., Loscocco, P., Hibler, M., Andersen, D., Lepreau, J.: The Flask security architecture: system support for diverse security policies. In: Proceedings of the 8th USENIX Security Symposium, Washington, DC, August 1999, pp. 123–139 (1999)

    Google Scholar 

  15. Loscocco, P., Smalley, S.: Integrating flexible support for security policies into the Linux operating system. In: Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference (FREENIX 2001) (June 2001)

    Google Scholar 

  16. Niemi, D.C.: Unixbench 4.1.0, http://www.tux.org/pub/tux/niemi/unixbench

  17. Katcher, J.: PostMark, http://www.netapp.com/techlibrary/3022.html

  18. Mauro, J., McDougall, R.: Solaris Internals Core Kernel Architecture (2001)

    Google Scholar 

  19. Samar, V., Lai, C.: Making login services independent of authentication technologies. In: Proceedings of the SunSoft Developer’s Conference (March 1996)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computer Science and Engineering, Seoul National University, 56-1 Shinlim, Kwanak, Seoul, 151-742, Korea

    SeongKi Kim, WanJin Park, SeokKyoo Kim, SunIl Ahn & SangYong Han

Authors
  1. SeongKi Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. WanJin Park
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. SeokKyoo Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. SunIl Ahn
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. SangYong Han
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Management Information Systems, Eller College of Management, The University of Arizona, 85721, AZ, USA

    Hsinchun Chen

  2. Chinese Academy of Sciences, 100190, Beijing, China

    Fei-Yue Wang

  3. Drexel University, 19104, Philadelphia, PA, USA

    Christopher C. Yang

  4. MIS Department, University of Arizona, and Chinese Academy of Sciences, Tucson, AZ, USA

    Daniel Zeng

  5. The University of Hong Kong, Hong Kong, China

    Michael Chau

  6. School of Computer Engineering, Nanyang Technological University, 639798, Singapore

    Kuiyu Chang

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Kim, S., Park, W., Kim, S., Ahn, S., Han, S. (2006). Integration of a Cryptographic File System and Access Control. In: Chen, H., Wang, FY., Yang, C.C., Zeng, D., Chau, M., Chang, K. (eds) Intelligence and Security Informatics. WISI 2006. Lecture Notes in Computer Science, vol 3917. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11734628_17

Download citation

  • DOI: https://doi.org/10.1007/11734628_17

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-33361-6

  • Online ISBN: 978-3-540-33362-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation