TY - GEN
T1 - Non-volatile memory and disks
T2 - 1st ACM Computer Security Architectures Workshop, CSAW'07, held in association with the 14th ACM Computer and Communications Security Conference, CCS'07
AU - Butler, Kevin R.B.
AU - McLaughlin, Stephen E.
AU - McDaniel, Patrick D.
PY - 2007
Y1 - 2007
N2 - As computing models change, so too do the demands on storage. Distributed and virtualized systems introduce new vulnerabilities, assumptions, and performance requirements on disks. However, traditional storage systems have very limited capacity to implement needed "advanced storage" features such as integrity and data isolation. This is largely due to the simple interfaces and limited computing resources provided by commodity hard-drives. A new generation of storage devices affords better opportunities to meet these new models, but little is known about how to exploit them. In this paper, we show that the recently introduced fast-access non-volatile RAM-enhanced hybrid (HHD) disk architectures can be used to implement a range of valuable storage-security services. We specifically discuss the use of these new architectures to provide data integrity, capability-based access control, and labeled information flow at the disk access layer. In this, we introduce systems that place a security perimeter at the disk interface - and deal with the parent operating system only as a largely untrusted entity.
AB - As computing models change, so too do the demands on storage. Distributed and virtualized systems introduce new vulnerabilities, assumptions, and performance requirements on disks. However, traditional storage systems have very limited capacity to implement needed "advanced storage" features such as integrity and data isolation. This is largely due to the simple interfaces and limited computing resources provided by commodity hard-drives. A new generation of storage devices affords better opportunities to meet these new models, but little is known about how to exploit them. In this paper, we show that the recently introduced fast-access non-volatile RAM-enhanced hybrid (HHD) disk architectures can be used to implement a range of valuable storage-security services. We specifically discuss the use of these new architectures to provide data integrity, capability-based access control, and labeled information flow at the disk access layer. In this, we introduce systems that place a security perimeter at the disk interface - and deal with the parent operating system only as a largely untrusted entity.
UR - http://www.scopus.com/inward/record.url?scp=74049149531&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=74049149531&partnerID=8YFLogxK
U2 - 10.1145/1314466.1314479
DO - 10.1145/1314466.1314479
M3 - Conference contribution
AN - SCOPUS:74049149531
SN - 9781595938909
T3 - Proceedings of the ACM Conference on Computer and Communications Security
SP - 77
EP - 84
BT - CSAW'07 - Proceedings of the 2007 ACM Computer Security Architecture Workshop
PB - Association for Computing Machinery
Y2 - 2 November 2007 through 2 November 2007
ER -