With the increasing importance of data, the threat of malware which destroys data has been increasing. If malware acquires the highest software privilege, any attempt to detect and remove malware can be disabled. In this paper, we propose DISKSHIELD, a secure storage framework. DISKSHIELD uses Intel SGX to provide Trusted Execution Environment (TEE) to the host, implements the file system into SSD firmware that provides a Trusted Computing Base (TCB), and uses a two-way authentication mechanism to securely transfer data from the host TEE to the SSD TCB against data tampering attacks. This design frees DISKSHIELD from attacks to the kernel. To show the efficacy of DISKSHIELD, we prototyped a DISKSHIELD system by modifying Intel IPFS and developing a device file system on the Jasmine OpenSSD Platform in a Linux environment. Our results show that DISKSHIELD provides strong data tamper resistance the throughput of read and write is on average to 28%, 19% lower than IPFS.
|Title of host publication||Proceedings of the 15th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2020|
|Publisher||Association for Computing Machinery, Inc|
|Number of pages||14|
|Publication status||Published - 2020 Oct 5|
|Event||15th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2020 - Virtual, Online, Taiwan, Province of China|
Duration: 2020 Oct 5 → 2020 Oct 9
|Name||Proceedings of the 15th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2020|
|Conference||15th ACM Asia Conference on Computer and Communications Security, ASIA CCS 2020|
|Country/Territory||Taiwan, Province of China|
|Period||20/10/5 → 20/10/9|
Bibliographical noteFunding Information:
This research was supported in part by Samsung Semiconductor research grant and by Next-Generation Information Computing Development Program through National Research Foundation of Korea (NRF) funded by the Ministry of Science, ICT (2017M3C4A7080243). Y. Kim is the corresponding author.
© 2020 ACM.
- OS security
- storage security
- trusted computing
ASJC Scopus subject areas
- Computer Networks and Communications