TY - GEN
T1 - Securing disk-resident data through application level encryption
AU - Prabhakar, Ramya
AU - Son, Seung Woo
AU - Patrick, Christina
AU - Narayanan, Sri Hari Krishna
AU - Kandemir, Mahmut
PY - 2007
Y1 - 2007
N2 - Confidentiality of disk-resident data is critical for end-to-end security of storage systems. While there are several widely used mechanisms for ensuring confidentiality of data in transit, techniques for providing confidentiality when data is stored in a disk subsystem are relatively new. As opposed to prior file system based approaches to this problem, this paper proposes an application-level solution, which allows encryption of select data blocks. We make three major contributions: 1) quantifying the tradeoffs between confidentiality and performance; 2) evaluating a reuse distance oriented approach for selective encryption of disk-resident data; and 3) proposing a profile-guided approach that approximates the behavior of the reuse distance oriented approach. The experiments with five applications that manipulate disk-resident data sets clearly show that our approach enables us to study the confidentiality/performance tradeoffs. Using our approach it is possible to reduce the performance degradation due to encryption/decryption overheads on an average by 46.5%, when DES is used as the encryption mechanism, and the same by 30.63%, when AES is used as the encryption mechanism.
AB - Confidentiality of disk-resident data is critical for end-to-end security of storage systems. While there are several widely used mechanisms for ensuring confidentiality of data in transit, techniques for providing confidentiality when data is stored in a disk subsystem are relatively new. As opposed to prior file system based approaches to this problem, this paper proposes an application-level solution, which allows encryption of select data blocks. We make three major contributions: 1) quantifying the tradeoffs between confidentiality and performance; 2) evaluating a reuse distance oriented approach for selective encryption of disk-resident data; and 3) proposing a profile-guided approach that approximates the behavior of the reuse distance oriented approach. The experiments with five applications that manipulate disk-resident data sets clearly show that our approach enables us to study the confidentiality/performance tradeoffs. Using our approach it is possible to reduce the performance degradation due to encryption/decryption overheads on an average by 46.5%, when DES is used as the encryption mechanism, and the same by 30.63%, when AES is used as the encryption mechanism.
UR - http://www.scopus.com/inward/record.url?scp=49449091409&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=49449091409&partnerID=8YFLogxK
U2 - 10.1109/SISW.2007.4389744
DO - 10.1109/SISW.2007.4389744
M3 - Conference contribution
AN - SCOPUS:49449091409
SN - 0769530524
SN - 9780769530529
T3 - Proceedings - SISW 2007: 4th International IEEE Security in Storage Workshop
SP - 46
EP - 57
BT - Proceedings - CIS Workshops 2007, 2007 International Conference on Computational Intelligence and Security Workshops, CISW 2007
T2 - 4th International IEEE Security in Storage Workshop, SISW 2007
Y2 - 27 September 2007 through 27 September 2007
ER -