Multi-level Crypto Disk: Secondary Storage with Improved Performance vs Security Trade-offs
نویسندگان
چکیده
Hard disk drives are becoming increasingly vulnerable to security attacks as they are now accessed remotely, attached to mobile devices or used in other previously unanticipated operating environments. Protecting data while at rest has emerged as a chief concern for storage vendors who have introduced secure disks in the market. These devices are capable of encrypting data on the fly before recording on the media. In this work, we show the inadequacies of current single level encryption hard disk drives in exploiting performance vs security trade-offs and propose secure disks with multiple crypto levels. We focus on modeling such devices and propose stochastically optimal policies to dynamically select crypto levels for disk data in order to maximize a notion of security that we call ”goodness of Security” while adhering to performance bounds. Simulation studies using synthetic and real disk traces show that our proposed policies achieve better levels of security than the best current practices without violating the performance bounds.
منابع مشابه
Exploiting Cryptographic Architectures over Hardware Vs. Software Implementations: Advantages and Trade-Offs
Cryptographic modules can be implemented in both hardware and software. Although software cryptographic implementations are cost-effective and more flexible, they seem to provide a much lower level of security in relation to their hardware equivalents. The uncontrolled memory access, the vulnerabilities imposed by the OS and the facility of modifying software implementations are some of the sec...
متن کاملA Framework for Evaluating Storage System Security
There are a variety of ways to ensure the security of data and the integrity of data transfer, depending on the set of anticipated attacks, the level of paranoia on the part of the data owners, and the level of inconvenience users are willing to tolerate. Current storage systems secure data either by encrypting data on the wire, or by encrypting data on the disk. These systems seem very differe...
متن کاملA Multi-Resolution Block Storage Model for Database Design
We propose a new storage model called MBSM (Multiresolution Block Storage Model) for laying out tables on disks. MBSM is intended to speed up operations such as scans that are typical of data warehouse workloads. Disk blocks are grouped into “super-blocks,” with a single record stored in a partitioned fashion among the blocks in a superblock. The intention is that a scan operation that needs to...
متن کاملDesign of Parallel Self-timer Adder without Carry Chain Propagation
Many pipelined adaptive signal processing systems are subject to a trade-off between throughput and signal processing performance incurred by the pipelined adaptation feedback loops. In the conventional synchronous design regime, such throughput/performance trade-off is typically fixed since the pipeline depth is usually determined in the design phase and remains unchanged in the run time. Neve...
متن کاملNitro: A Capacity-Optimized SSD Cache for Primary Storage
For many primary storage customers, storage must balance the requirements for large capacity, high performance, and low cost. A well studied technique is to place a solid state drive (SSD) cache in front of hard disk drive (HDD) storage, which can achieve much of the performance benefit of SSDs and the cost per gigabyte efficiency of HDDs. To further lower the cost of SSD caches and increase ef...
متن کامل