Zhou Qiang,Li Shanping

DOI: https://doi.org/10.3969/j.issn.1000-386X.2007.10.033

2007-01-01

Abstract:A design of user mode file system based on Linux is introduced.A kernel module and a user mode daemon are adopted.The user mode file system can improve the flexibility of file system,and it is easy for redevelopment.The detailed issues about the design are presented,and the practical example and application scope are proposed.

LIN Hao-xiang,DONG Yuan,ZHANG Wei,ZHANG Su-qin,HU Chang-jun

DOI: https://doi.org/10.3969/j.issn.1000-1220.2007.01.026

2007-01-01

Abstract:Recently it has been a focus to protect personal sensitive information. Using cryptographic technique is a promising way. This paper describes the design and implementation of Waycryptic, a versatile cryptographic file system for Linux. By integrating cryptographic technique into file system level, users obtain transparent, dynamic, efficient and secure encryption function without modifying their applications. Encrypted files could be saved on any physical file system which supports extended attributes (XATTR). Waycryptic also permits encrypted files to be shared among multi users and to be easily recovered by designating an account in advance. The results of Iozone and Bonnie benchmarks show that Waycryptic is comparatively efficient and is suitable for personal or multi-user systems which require enhanced security.

Xu Guodong,Bai Yingcai

DOI: https://doi.org/10.3969/j.issn.1007-757X.2006.05.020

2006-01-01

Abstract:In this paper, we firstly introduce a symmetric algorithm Crypto system and Public Key Cryptosystem with the Key Management. Then we propose an Encrypted File System under Windows, and analyze its availability and security.

MAO Weifeng,PING Lingdi,JIANG Li,CHEN Xiaoping

DOI: https://doi.org/10.3969/j.issn.1000-3428.2006.12.068

2006-01-01

Abstract:SECOS is a secure operating system with independent intellectual property right,which accords with the requirements of level 4 secure operation system technology.This paper illustrates some key issues of the system,including design method for enchancement of security,improved model from the Bell-La Padula MAC(mandatory access control) implementation,the realization of the model,formal method during the system development,conversiion channel analysis and its prevention,and secure deletion.The performance evaluation shows the design and implementation of SECOS is effective.

顾正义,黄皓

DOI: https://doi.org/10.16208/j.issn1000-7024.2009.14.050

2009-01-01

Abstract:To solve the problem of file encryption storage in Windows system, the system's lack of Windows EFS is analyzed. In-depth studied key technologies used on development of a file system filter driver, including data processing of I/O request packet in the filter driver, tracing file statues, avoid the system re-entry. Using the teelmology of file system filter driver, a new enerypting file system is designed and implemented. The system is completely transparent to the users. It encrypt specified files, folders or a certain type of files according to the policy placed flexibly by the users. It supports different kinds of file system such as NTFS and FAT. It can also select the encryption algorithm according to the policy. Experiments show that the system has good performance and extend the Windows EFS in both features and applications.

Nizomiddin Ochilov

DOI: https://doi.org/10.37394/23202.2022.21.24

2022-11-24

WSEAS TRANSACTIONS ON SYSTEMS

Abstract:The relevance of this study is determined by insecure data storage on personal computers, as it is the main operating system that performs authentication and file access control. Bypassing these security rules is possible in case of using another open-source operating system on the same personal computer. The aim of this work is the research and development of file encryptors, disk encryptors and file system encryptors. Each of them has its shortcomings which manifest themselves during development. Combining the advantages of file encryptors and file system encryptors helped to overcome those shortcomings. The userspace filesystem library was used for this purpose. The study involved the methods aimed at designing and developing the Udev daemon file system for Linux using the OpenSSL library. The file system design was mathematically modelled and formally verified through a test parser. The file system also has its own authentication and authorization procedures to provide uniform access across multiple operating systems. The Udev daemon file system is the result of this work. Each file is encrypted with a separate key to protect against cryptanalysis. This key is encrypted with the owner’s private key, thereby enabling him/her to change the ownership. The passphrase is used to decrypt the user’s private key. The developed file system has passed authentication and access control testing successfully. The file system shows best performance with file sizes 1 KB to 256 MB. Encryption-caused performance degradation was also measured and found to be within acceptable limits. This Udev daemon stackable file system is available for all Unix clones with OpenSSL libraries. The prospects for further work are the development of a file system using several combined methods from a list of existing design and development methods for file systems.

ZHENG Lei,MA Zhao-feng,GU Ming

DOI: https://doi.org/10.3969/j.issn.1000-1220.2007.07.006

2007-01-01

Abstract:User-mode encryption systems require users manually do encryption or decryption when they want to access a file,in some of those systems the file may reside in cleartext on disk while the user is actively working on it.Encryption file systems decrease the user interaction and guarantee the files in disk is in cipher-text,but those systems are complex in design and realization.In this paper the encryption system is based on Windows NT driver model and file system filter driver to deal with data on the fly.It overcomes the disadvantages of both usermode encryption systems and encryption file systems.Additionally,through storing the encryption key in the smart card the system security is enhanced.

Dr. Shishir Kumar,U.S. Rawat,Sameer Kumar Jasra,Akshay Kumar Jain

DOI: https://doi.org/10.48550/arXiv.0908.0551

2009-08-05

Abstract:The Encrypted File System (EFS) pushes encryption services into the file system itself. EFS supports secure storage at the system level through a standard UNIX file system interface to encrypted files. User can associate a cryptographic key with the directories they wish to protect. Files in these directories (as well as their pathname components) are transparently encrypted and decrypted with the specified key without further user intervention; clear text is never stored on a disk or sent to a remote file server. EFS can use any available file system for its underlying storage without modifications, including remote file servers such as NFS. System management functions, such as file backup, work in a normal manner and without knowledge of the key. Performance is an important factor to users since encryption can be time consuming. This paper describes the design and implementation of EFS in user space using faster cryptographic algorithms on UNIX Operating system. Implementing EFS in user space makes it portable and flexible; Kernel size will also not increase resulting in more reliable & efficient Operating System. Encryption techniques for file system level encryption are described, and general issues of cryptographic system interfaces to support routine secure computing are discussed.

Cryptography and Security

Luo Hui,Guan Haibing,Bai Yingcai

DOI: https://doi.org/10.3969/j.issn.1000-386X.2007.08.062

2007-01-01

Abstract:Secure network file system can secure the stored data and provide confidence and integrity in opening environment.It should consider such factors as security,performance and convenience when designing a secure file system.The design and implementation of a secure network file system:SecNFS,including its design idea,system architecture,key management,security analysis,share schema and implementation techniques is described.

Yang Jianxin

DOI: https://doi.org/10.3969/j.issn.2095-2783.2011.04.003

2011-01-01

Abstract:Many access control mechanisms are employed in modern operating system to safeguard confidentiality and integrity of data.However,if malicious users can get around these mechanisms,then these mechanisms will be useless.Cryptographic technology should be applied to add a last line of defense.Encrypted file system is one of the important methods,and the storage of file key has top priority in encrypted file system.However,current storage methods of file key cannot satisfy the need of expansibility.A storage method of file key based on extended file attribute is proposed.By implementing this method in ext2 file system we can see that it can be easily integrated into current file systems and satisfy the efficiency requirement of data encryption.

ZHANG Qin,LIU Shu-ming

DOI: https://doi.org/10.3969/j.issn.1002-2279.2008.01.014

2008-01-01

Microprocessors

Abstract:Ordinary encrypted file system can protect the content of files,and the encrypted file is bound with the relevant key.But,the key is just protected securely by the short password.This is a defect for the system and this question need to be solved exigently.This paper proposes a method based on TPM key-tree and data check-up with HMAC.The TPM key-tree encrypts all keys in file system and binds the keys with the TPM platform,thus,keys are protected safely and security of the whole system is enhanced.The data check-up with HMAC not only ensures security but also improves the performance of integrality check-up.

Manting Shen,Yinyan Yu,Zhi Tang,Xiaoyu Cui

DOI: https://doi.org/10.1109/compsac.2016.56

2016-01-01

Abstract:Sensitive information leakage in files is one of the biggest concerns in people's life. Considering this situation, people have designed lots of tools to protect sensitive files. However, these specialized tools are not applicable when the user amount is small. This paper proposes a novel light-weight mechanism that provides efficient and fast cryptographic-based file protection to meet the need of small organizations. The highlights are its ability to provide protection for all types of files, and the usage of an efficient access control approach for file sharing. Operations in the directory are monitored in real time and files are protected automatically. Moreover, encryption keys are generated and well preserved by a hierarchical key generation algorithm. For further estimation, we conducted experiments and analyzed the security and performance of our mechanism as well as other file protection software, and then we made a comparison among them. Experimental results show that our mechanism performs well both in security and performance and outperforms those other file protection software when applied in small organizations.

Xiaosong Zhang,Fei Liu,Ting Chen,Hua Li

DOI: https://doi.org/10.1109/cis.2009.107

2009-01-01

Abstract:Traditional data leakage prevention strategies encompass access control, audit logon and authority management. They have some effects on preventing sensitive information from leakage, while the system’ s availability may be degraded seriously by their limitation. To solve this problem, a novel model based on Windows file system filter driver is proposed in this paper, in which system encrypts files automatically according to encryption strategies. Leaking confidential information out of enterprise environment, intentionally or unintentionally, will be prevented effectively. Moreover, it has the characteristic of mandatory and transparent encryption, which can compromise the contradiction between data security and user flexibility.

ZHANG Jing,CHEN Wen-yuan,ZHANG Wei-ping

DOI: https://doi.org/10.3969/j.issn.1008-0570.2008.26.064

2008-01-01

Abstract:With the explosion of information,information security increasingly becomes evident. A complete data encryption system must consists of a reliable authentication mechanism and an advanced encryption algorithm. In this paper,we will introduce a new fast encryption system based on MEMS stronglink,USB controller and FPGA and its crypto algorithm is AES. A common IDE harddisk attached on this system becomes a very safe USB mobile encrypted harddisk,and the data throughput rate of it achieves 10MB/s,closed to any common USB flash disk in the market.

L. Jin-gang

Abstract:This paper introduces a new security and reliability mechanism of the file system of Linux-limiting OS physical storage space,and make it can’t be rewritten.Will be relatively independent of the operating system installed in the physical space,and other applications software in the physical separation of space,the operating system will be installed into a physical storage medium limited to read-only,so that the operating system installed can not be rewritten on the physical layer,so as to achieve secure and reliable;at the same time,user space and system space isolated from each other in the physical space,when users need to install software or preserve documents,can be transparent in the storage space.Then describes its design principle and implement details,and comes to the conclusion of providing security and reliability without performance loss by giving fully test results.

Computer Science,Engineering

ZHANG Ning,LIU Jin-gang

DOI: https://doi.org/10.3969/j.issn.2095-6835.2010.12.035

2010-01-01

Abstract:This paper introduces a new security and reliability mechanism of the file system of Linux-limiting OS physical storage space,and make it can’t be rewritten.Will be relatively independent of the operating system installed in the physical space,and other applications software in the physical separation of space,the operating system will be installed into a physical storage medium limited to read-only,so that the operating system installed can not be rewritten on the physical layer,so as to achieve secure and reliable;at the same time,user space and system space isolated from each other in the physical space,when users need to install software or preserve documents,can be transparent in the storage space.Then describes its design principle and implement details,and comes to the conclusion of providing security and reliability without performance loss by giving fully test results.

SONG Qiang,QI Gui-bao,CAO Chong,SONG Zhan-wei

DOI: https://doi.org/10.3969/j.issn.1671-5896.2012.04.011

2012-01-01

Abstract:In order to transmit network datas safely among terminal devices,the design of secure file transfer system based on embedded Linux is introduced.The architecture of secure file transfer system is introduced,the way of designing system software of server and client is explained based on SSL(Secure Socket Layer)protocol,and system security is analyzed.The file between server and client is encrypted through the ssl protocol during the transportation,and the server is connected by several clients because of multi-threading.The design can help solve the problems in transmitting network datas safely and facilitate to develop network security in the mobile internet.

Jiwu Shu,Zhirong Shen,Wei Xue

DOI: https://doi.org/10.1016/j.jpdc.2014.06.003

IF: 4.542

2014-01-01

Journal of Parallel and Distributed Computing

Abstract:With the increasing amount of personal data stored in public storage, users are losing control of their physical data, putting their data information at risk of theft or being compromised. Traditional secure storage systems either require users to completely trust the storage provider or impose the considerable burden of managing files on file owners; such systems are inapplicable in the practical cloud environment. This paper addresses these challenging problems by proposing a new secure system architecture and implementing a stackable secure storage system named Shield, in which a proxy server is introduced to be in charge of authentication and access control. We propose a new variant of the Merkle Hash Tree to support efficient integrity checking and file content update; further, we have designed a hierarchical key organization to achieve convenient keys management and efficient permission revocation. Shield supports concurrent write access by employing a virtual linked list; it also provides secure file sharing without any modification to the underlying file systems. A series of evaluations over various real benchmarks show that Shield causes about 7%∼13% performance degradation when compared with eCryptfs but provides enhanced security for user’s data.

DAI Xing-ke,SHE Kun,SHANG Qing-hong

DOI: https://doi.org/10.3969/j.issn.1009-8054.2007.08.055

2007-01-01

Abstract:A method based on file system filter driver to achieve the security of confidential data storage in the windows environment is proposed. The method can be used for confidential data encryption and decryption, and this process for legitimate users is real-time and transparent. It can be also used to control the visit to the files in detail. All operations on confidential files are logged. Compared with other methods, all of the above are realized in the kernel state. This method is comparatively safe and unrelated to the specific application.

Wu Qingtao,Hu Yuanyuan,Yang Xintong

DOI: https://doi.org/10.3969/j.issn.1009-6833.2010.06.016

2010-01-01

Abstract:Aiming at the information leakage on the Intranet,an electronic documents protective system based on Windows NT Core operating system-driver framework is developed,which implement transparent encryption and decryption on the electronic documents with file system filter.System evaluation shows that it is effective for protecting the electronic documents on the itrnanet.