Browse > Article
http://dx.doi.org/10.3745/KIPSTC.2003.10C.4.387

Automatic Encryption Method within Kernel Level using Various Access Control Policy in UNIX system  

Lim, Jae-Deok (한국전자통신연구원)
Yu, Joon-Suk (한국전자통신연구원)
Kim, Jeong-Nyeo (한국전자통신연구원 보안운영체제연구팀)
Publication Information
The KIPS Transactions:PartC / v.10C, no.4, 2003 , pp. 387-396 More about this Journal
Abstract
Many studies have been done on secure kernel and encryption filesystem for system security. Secure kernel can protect user or system data from unauthorized and/or illegal accesses by applying various access control policy like ACL, MAC, RBAC and so on, but cannot protect user or system data from stealing backup media or disk itself. In addition to access control policy, there are many studies on encryption filesystem that encrypt file data within system level. However few studies have been done on combining access control policy and encryption filesystem. In this paper we proposed a new encryption filesystem that provides a transparency to the user by integrating encryption service into virtual filesystem layer within secure kernel that has various access control policies. Proposed encryption filesystem can provide a simple encryption key management architecture by using encryption keys based on classes of MAC policy and overcome a limit of physical data security of access control policy for stealing.
Keywords
Encryption Filesystem; Access Control; Secure Operating System; Information Protection;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 David F. Ferraiolo, Ravi Sandu & Serban Gavrila, 'A Proposed Standard for Role-Based Access Control,' ACM transaction on Information and System Security, Vol.4, No.3, pp.224-274, Aug., 2001   DOI
2 'Common Criteria for Information Technology Security Evaluation, Part 2 : Security functional requirements,' Version 2.1, 1999
3 M. Blaze, 'A Cryptographic File System for Unix,' Proc. of the first ACM Conference on Computer and Communications Security, Fairfax, VA, Nov., 1993
4 G. Cattaneo & G. Persiano, 'Design and Implementation of a Transparent Cryptographic File System for Unix,' Unpublished Technical Report. Dip. Informatica ed Appl, Universita di Salerno, July, 1997
5 E. Zadok, I. Badulescu & A. Shender, 'Cryptfs : A Stackable Vnode Level Encryption File System,' Technical Report CUCS-021-98, Computer Science Department, Columbia University, July, 1998
6 Andrew D. McDonald & Markus G. Kuhn, 'StegFS : A Steganographic File System for Linux,' IH '99 LNCS 1768, pp.463-477, 2000
7 J. G. Ko, J. N. Kim & K. I. Jeong, 'Access Control for Secure FreeBSD Operating System,' Proc. of WISA2001, The Second International Workshop on Information Security Applications, Seoul, KOREA, pp.247-254, Sep., 2001
8 Bell, David Elliott & Leonard J. La Padula, 'Secure computer system: Unified exposition and multics interpretation,' MITRE Technical Report 2997, MITRE Corp, Bedford, MA, 1975
9 B. Schneier, 'Algorithm Types and Modes: In Applied Cryptography,' 2nd Ed. John Wiley & Sons, pp.189-197, 1996
10 B. Schneier, 'Blowfish: In Applied Cryptography,' 2nd Ed., John Wiley & Sons, pp.336-339, 1996