TY - GEN
T1 - Kells
T2 - A protection framework for portable data
AU - Butler, Kevin R.B.
AU - McLaughlin, Stephen E.
AU - McDaniel, Patrick D.
N1 - Copyright:
Copyright 2011 Elsevier B.V., All rights reserved.
PY - 2010
Y1 - 2010
N2 - Portable storage devices, such as key-chain USB devices, are ubiquitous. These devices are often used with impunity, with users repeatedly using the same storage device in open computer laboratories, Internet cafes, and on office and home computers. Consequently, they are the target of malware that exploit the data present or use them as a means to propagate malicious software. This paper presents the Kells mobile storage system. Kells limits untrusted or unknown systems from accessing sensitive data by continuously validating the accessing host's integrity state. We explore the design and operation of Kells, and implement a proof-of-concept USB 2.0 storage device on experimental hardware. Our analysis of Kells is twofold. We first prove the security of device operation (within a freshness security parameter Δt) using the LS2 logic of secure systems. Second, we empirically evaluate the performance of Kells. These experiments indicate nominal overheads associated with host validation, showing a worst case throughput overhead of 1.22% for read operations and 2.78% for writes.
AB - Portable storage devices, such as key-chain USB devices, are ubiquitous. These devices are often used with impunity, with users repeatedly using the same storage device in open computer laboratories, Internet cafes, and on office and home computers. Consequently, they are the target of malware that exploit the data present or use them as a means to propagate malicious software. This paper presents the Kells mobile storage system. Kells limits untrusted or unknown systems from accessing sensitive data by continuously validating the accessing host's integrity state. We explore the design and operation of Kells, and implement a proof-of-concept USB 2.0 storage device on experimental hardware. Our analysis of Kells is twofold. We first prove the security of device operation (within a freshness security parameter Δt) using the LS2 logic of secure systems. Second, we empirically evaluate the performance of Kells. These experiments indicate nominal overheads associated with host validation, showing a worst case throughput overhead of 1.22% for read operations and 2.78% for writes.
UR - http://www.scopus.com/inward/record.url?scp=78751542940&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=78751542940&partnerID=8YFLogxK
U2 - 10.1145/1920261.1920296
DO - 10.1145/1920261.1920296
M3 - Conference contribution
AN - SCOPUS:78751542940
SN - 9781450301336
T3 - Proceedings - Annual Computer Security Applications Conference, ACSAC
SP - 231
EP - 240
BT - Proceedings - 26th Annual Computer Security Applications Conference, ACSAC 2010
PB - IEEE Computer Society
ER -