Skip to main content
Springer Nature Link
Log in

Protect Disk Integrity: Solid Security, Fine Performance and Fast Recovery

  • Conference paper
Advances in Information Security and Assurance (ISA 2009)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5576))

Included in the following conference series:

  • 1826 Accesses

Abstract

Hash tree based verification can give solid data integrity protection to disk data; however, it suffers from performance penalty and consistency difficulty. AFI-HTree is proposed to solve such problems. To optimize performance, it utilizes hot-access-windows to buffer the frequently used hash tree nodes to quicken the checking speed. To maintain consistency without compromising security and performance, it fixes the structure of hash tree to make it very regular; then, it applies incremental hash to reduce the update cost of synchronization between the tree and the data; at the end, it records any possible inconsistent states to make fast recovery. In such way, AFI-HTree realizes both high performance and fine consistency, while preserving the required security at the same time. Related approach is elaborated, as well as experiment result. Theoretical analysis and experimental simulation show that it is an optimized way to protect disk data integrity.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Suh, G.E., Clarke, D., Gassend, B., van Dijk, M., Devadas, S.: Hardware Mechanisms for Memory Integrity Checking. Technical report, MIT LCS TR-872 (2003)

    Google Scholar 

  2. Merkle, R.C.: Protocols for public key cryptography. In: IEEE Symposium on Security and Privacy, pp. 122–134. IEEE Press, Los Alamitos (1980)

    Google Scholar 

  3. Tripwire, http://www.tripwire.org

  4. Security Model for the Next-Generation Secure Computing Base. Microsoft white paper (2003)

    Google Scholar 

  5. Kevin Fu, M., Kaashoek, F., Mazieres, D.: Fast and secure distributed read-only file system. ACM Transactions on Computer Systems 20, 1–24 (2002)

    Article  Google Scholar 

  6. Mazires, D., Shasha, D.: Don’t trust your file server. In: Workshop on Hot Topics in Operating Systems, pp. 113–118 (2001)

    Google Scholar 

  7. Maheshwari, U., Vingralek, R., Shapiro, W.: How to build a trusted database system on untrusted storage. In: Symp. Operating System Design & Implementation (OSDI), San Diego, p. 10 (2000)

    Google Scholar 

  8. Stein, C.A., Howard, J.H., Seltzer, M.I.: Unifying file system protection. In: USENIX Annual Technical Conference, pp. 79–90 (2001)

    Google Scholar 

  9. Tomonori, F., Masanori, O.: Protecting the integrity of an entire file system. In: Workshop on Information Assurance (IWIA), Darmstadt, Germany, pp. 95–105 (2003)

    Google Scholar 

  10. Kallahalla, M., Riedel, E., Swaminathan, R., Wang, Q., Fu, K.: PLUTUS: Scalable secure file sharing on untrusted storage. In: USENIX Conference on File and Storage Technologies (FAST), San Francisco, pp. 29–42 (2003)

    Google Scholar 

  11. Pletka, R., Cachin, C.: Cryptographic security for a high-performance distributed file system. In: Mass Storage Systems and Technologies (MSST), San Diego, pp. 227–232 (2007)

    Google Scholar 

  12. Oprea, A., Reiter, M.K.: Integrity checking in cryptographic file systems with constant trusted storage. In: USENIX Security Symposium, Boston, pp. 183–198 (2007)

    Google Scholar 

  13. Ferguson, N.: AES-CBC + Elephant diffiuser, A Disk Encryption Algorithm for Windows Vista Bitlocker. Technical report, Microsoft (2006)

    Google Scholar 

  14. IEEE P1619, .x. IEEE Security in Storage Workgroup, http://ieee-p1619.wetpaint.com/

  15. Gassend, B., Suh, G.E., Clarke, D., van Dijk, M., Devadas, S.: Caches and hash trees for efficient memory integrity verification. In: International Symposium on High-Performance Computer Architecture (HPCA), Anaheim, CA, pp. 295–306 (2003)

    Google Scholar 

  16. Hou, F., He, H., Wang, Z., Dai, K.: An Efficient Way to Build Secure Disk. In: Chen, K., Deng, R., Lai, X., Zhou, J. (eds.) ISPEC 2006. LNCS, vol. 3903, pp. 290–301. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  17. Clarke, D., Suh, G.E., Gassend, B., Sudan, A., van Dijk, M., Devadas, S.: Towards constant bandwidth overhead integrity checking of untrusted data. In: IEEE Symposium Security and Privacy, pp. 139–153. IEEE Press, Oakland (2005)

    Google Scholar 

  18. McGrew, D.: Efficient authentication of large, dynamic data sets using Galois/Counter Mode (GCM). In: IEEE International Security in Storage Workshop, San Francisco, pp. 88–94 (2005)

    Google Scholar 

  19. Phan, R.C.-W., Wagner, D.: Security considerations for incremental hash functions based on pair block chaining. Computers & Security 25, 131–136 (2006)

    Article  Google Scholar 

  20. Bisson, T., Brandt, S.A.: Reducing Hybrid Disk Write Latency with Flash-Backed I/O Requests. Technical report, TR UCSC-SSRC-07-03, University of California (2007)

    Google Scholar 

  21. Howard, J.H., et al.: Scale and performance in a distributed file system. ACM Transactions on Computer Systems (TOCS), 51–81 (1988)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. School of Computer, National University of Defense Technology, Changsha, China

    Fangyong Hou, Nong Xiao, Yuhua Tang, Hongjun He & Fang Liu

Authors
  1. Fangyong Hou
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Nong Xiao
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yuhua Tang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Hongjun He
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Fang Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Computer Engineering Department, Kyungnam University, 449, Wolyong-dong, 631-701, Kyungnam, Masan, Korea

    Jong Hyuk Park

  2. Institute of Communications Engineering, National Sun Yat-Sen University, Kaohsiung City, Taiwan

    Hsiao-Hwa Chen

  3. School of Computer Science,, University of Oklahoma, 200 Felgar Street, 73019, P.O. Box, Norman, OK, USA

    Mohammed Atiquzzaman

  4. School of Computer Engineering, Hanshin University, Kyeong-Gi, Osan, Korea

    Changhoon Lee

  5. Division of Multimedia, Hannam University, Daejeon, Korea

    Tai-hoon Kim

  6. Division of Computer Engineering, Mokwon University, Daejeon, Korea

    Sang-Soo Yeo

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Hou, F., Xiao, N., Tang, Y., He, H., Liu, F. (2009). Protect Disk Integrity: Solid Security, Fine Performance and Fast Recovery. In: Park, J.H., Chen, HH., Atiquzzaman, M., Lee, C., Kim, Th., Yeo, SS. (eds) Advances in Information Security and Assurance. ISA 2009. Lecture Notes in Computer Science, vol 5576. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-02617-1_18

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-02617-1_18

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-02616-4

  • Online ISBN: 978-3-642-02617-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics