Securing disk-resident data through application level encryption

Ramya Prabhakar; Seung Woo Son; Christina Patrick; Sri Hari Krishna Narayanan; Mahmut Kandemir

doi:10.1109/SISW.2007.4389744

Securing disk-resident data through application level encryption

Ramya Prabhakar, Seung Woo Son, Christina Patrick, Sri Hari Krishna Narayanan, Mahmut Kandemir

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

5 Scopus citations

Abstract

Confidentiality of disk-resident data is critical for end-to-end security of storage systems. While there are several widely used mechanisms for ensuring confidentiality of data in transit, techniques for providing confidentiality when data is stored in a disk subsystem are relatively new. As opposed to prior file system based approaches to this problem, this paper proposes an application-level solution, which allows encryption of select data blocks. We make three major contributions: 1) quantifying the tradeoffs between confidentiality and performance; 2) evaluating a reuse distance oriented approach for selective encryption of disk-resident data; and 3) proposing a profile-guided approach that approximates the behavior of the reuse distance oriented approach. The experiments with five applications that manipulate disk-resident data sets clearly show that our approach enables us to study the confidentiality/performance tradeoffs. Using our approach it is possible to reduce the performance degradation due to encryption/decryption overheads on an average by 46.5%, when DES is used as the encryption mechanism, and the same by 30.63%, when AES is used as the encryption mechanism.

Original language	English (US)
Title of host publication	Proceedings - CIS Workshops 2007, 2007 International Conference on Computational Intelligence and Security Workshops, CISW 2007
Pages	46-57
Number of pages	12
DOIs	https://doi.org/10.1109/SISW.2007.4389744
State	Published - 2007
Event	4th International IEEE Security in Storage Workshop, SISW 2007 - San Diego, CA, United States Duration: Sep 27 2007 → Sep 27 2007

Publication series

Name	Proceedings - SISW 2007: 4th International IEEE Security in Storage Workshop

Other

Other	4th International IEEE Security in Storage Workshop, SISW 2007
Country/Territory	United States
City	San Diego, CA
Period	9/27/07 → 9/27/07

All Science Journal Classification (ASJC) codes

Computer Networks and Communications
Communication
Control and Systems Engineering

Access to Document

10.1109/SISW.2007.4389744

Cite this

Prabhakar, R., Son, S. W., Patrick, C., Narayanan, S. H. K., & Kandemir, M. (2007). Securing disk-resident data through application level encryption. In Proceedings - CIS Workshops 2007, 2007 International Conference on Computational Intelligence and Security Workshops, CISW 2007 (pp. 46-57). Article 4389744 (Proceedings - SISW 2007: 4th International IEEE Security in Storage Workshop). https://doi.org/10.1109/SISW.2007.4389744

@inproceedings{eab4af4ed4334490a3c5bf24ba050595,

title = "Securing disk-resident data through application level encryption",

abstract = "Confidentiality of disk-resident data is critical for end-to-end security of storage systems. While there are several widely used mechanisms for ensuring confidentiality of data in transit, techniques for providing confidentiality when data is stored in a disk subsystem are relatively new. As opposed to prior file system based approaches to this problem, this paper proposes an application-level solution, which allows encryption of select data blocks. We make three major contributions: 1) quantifying the tradeoffs between confidentiality and performance; 2) evaluating a reuse distance oriented approach for selective encryption of disk-resident data; and 3) proposing a profile-guided approach that approximates the behavior of the reuse distance oriented approach. The experiments with five applications that manipulate disk-resident data sets clearly show that our approach enables us to study the confidentiality/performance tradeoffs. Using our approach it is possible to reduce the performance degradation due to encryption/decryption overheads on an average by 46.5%, when DES is used as the encryption mechanism, and the same by 30.63%, when AES is used as the encryption mechanism.",

author = "Ramya Prabhakar and Son, {Seung Woo} and Christina Patrick and Narayanan, {Sri Hari Krishna} and Mahmut Kandemir",

year = "2007",

doi = "10.1109/SISW.2007.4389744",

language = "English (US)",

isbn = "0769530524",

series = "Proceedings - SISW 2007: 4th International IEEE Security in Storage Workshop",

pages = "46--57",

booktitle = "Proceedings - CIS Workshops 2007, 2007 International Conference on Computational Intelligence and Security Workshops, CISW 2007",

note = "4th International IEEE Security in Storage Workshop, SISW 2007 ; Conference date: 27-09-2007 Through 27-09-2007",

}

Prabhakar, R, Son, SW, Patrick, C, Narayanan, SHK & Kandemir, M 2007, Securing disk-resident data through application level encryption. in Proceedings - CIS Workshops 2007, 2007 International Conference on Computational Intelligence and Security Workshops, CISW 2007., 4389744, Proceedings - SISW 2007: 4th International IEEE Security in Storage Workshop, pp. 46-57, 4th International IEEE Security in Storage Workshop, SISW 2007, San Diego, CA, United States, 9/27/07. https://doi.org/10.1109/SISW.2007.4389744

Securing disk-resident data through application level encryption. / Prabhakar, Ramya; Son, Seung Woo; Patrick, Christina et al.
Proceedings - CIS Workshops 2007, 2007 International Conference on Computational Intelligence and Security Workshops, CISW 2007. 2007. p. 46-57 4389744 (Proceedings - SISW 2007: 4th International IEEE Security in Storage Workshop).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Securing disk-resident data through application level encryption

AU - Prabhakar, Ramya

AU - Son, Seung Woo

AU - Patrick, Christina

AU - Narayanan, Sri Hari Krishna

AU - Kandemir, Mahmut

PY - 2007

Y1 - 2007

N2 - Confidentiality of disk-resident data is critical for end-to-end security of storage systems. While there are several widely used mechanisms for ensuring confidentiality of data in transit, techniques for providing confidentiality when data is stored in a disk subsystem are relatively new. As opposed to prior file system based approaches to this problem, this paper proposes an application-level solution, which allows encryption of select data blocks. We make three major contributions: 1) quantifying the tradeoffs between confidentiality and performance; 2) evaluating a reuse distance oriented approach for selective encryption of disk-resident data; and 3) proposing a profile-guided approach that approximates the behavior of the reuse distance oriented approach. The experiments with five applications that manipulate disk-resident data sets clearly show that our approach enables us to study the confidentiality/performance tradeoffs. Using our approach it is possible to reduce the performance degradation due to encryption/decryption overheads on an average by 46.5%, when DES is used as the encryption mechanism, and the same by 30.63%, when AES is used as the encryption mechanism.

AB - Confidentiality of disk-resident data is critical for end-to-end security of storage systems. While there are several widely used mechanisms for ensuring confidentiality of data in transit, techniques for providing confidentiality when data is stored in a disk subsystem are relatively new. As opposed to prior file system based approaches to this problem, this paper proposes an application-level solution, which allows encryption of select data blocks. We make three major contributions: 1) quantifying the tradeoffs between confidentiality and performance; 2) evaluating a reuse distance oriented approach for selective encryption of disk-resident data; and 3) proposing a profile-guided approach that approximates the behavior of the reuse distance oriented approach. The experiments with five applications that manipulate disk-resident data sets clearly show that our approach enables us to study the confidentiality/performance tradeoffs. Using our approach it is possible to reduce the performance degradation due to encryption/decryption overheads on an average by 46.5%, when DES is used as the encryption mechanism, and the same by 30.63%, when AES is used as the encryption mechanism.

UR - http://www.scopus.com/inward/record.url?scp=49449091409&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=49449091409&partnerID=8YFLogxK

U2 - 10.1109/SISW.2007.4389744

DO - 10.1109/SISW.2007.4389744

M3 - Conference contribution

AN - SCOPUS:49449091409

SN - 0769530524

SN - 9780769530529

T3 - Proceedings - SISW 2007: 4th International IEEE Security in Storage Workshop

SP - 46

EP - 57

BT - Proceedings - CIS Workshops 2007, 2007 International Conference on Computational Intelligence and Security Workshops, CISW 2007

T2 - 4th International IEEE Security in Storage Workshop, SISW 2007

Y2 - 27 September 2007 through 27 September 2007

ER -

Prabhakar R, Son SW, Patrick C, Narayanan SHK, Kandemir M. Securing disk-resident data through application level encryption. In Proceedings - CIS Workshops 2007, 2007 International Conference on Computational Intelligence and Security Workshops, CISW 2007. 2007. p. 46-57. 4389744. (Proceedings - SISW 2007: 4th International IEEE Security in Storage Workshop). doi: 10.1109/SISW.2007.4389744

Securing disk-resident data through application level encryption

Abstract

Publication series

Other

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this