1,460 research outputs found
Java File Security System JFSS
Nowadays, storage systems are increasingly subject to attacks. So the security system is quickly becoming mendatory feature of the data storage systems. For the security purpose we are always dependent on the cryptography techniques. These techniques take the performance costs for the complete system. So we have proposed the Java File Security System(JFSS). It is based on the on-demand computing system concept, because of the performance issues. It is a greate comback for the system performance. The concept is used because, we are not always in need the secure the files, but the selected one only. In this paper, we have designed a file security system on Windows XP. When we use the operating system, we have to secure some important data. The date is always stored in the files, so we secure the important files well. To check the proposed functionality, we experiment the above said system on the Windows operating system. With these experiments, we have found that the proposed system is working properly, according to the needs of the users
MemShield: GPU-assisted software memory encryption
Cryptographic algorithm implementations are vulnerable to Cold Boot attacks,
which consist in exploiting the persistence of RAM cells across reboots or
power down cycles to read the memory contents and recover precious sensitive
data. The principal defensive weapon against Cold Boot attacks is memory
encryption. In this work we propose MemShield, a memory encryption framework
for user space applications that exploits a GPU to safely store the master key
and perform the encryption/decryption operations. We developed a prototype that
is completely transparent to existing applications and does not require changes
to the OS kernel. We discuss the design, the related works, the implementation,
the security analysis, and the performances of MemShield.Comment: 14 pages, 2 figures. In proceedings of the 18th International
Conference on Applied Cryptography and Network Security, ACNS 2020, October
19-22 2020, Rome, Ital
Cryptfs: A Stackable Vnode Level Encryption File System
Data encryption has become an increasingly important factor in everyday work. Users seek a method of securing their data with maximum comfort and minimum additional requirements on their part; they want a security system that protects any files used by any of their applications, without resorting to application-specific encryption methods. Performance is an important factor to users since encryption can be time consuming. Operating system vendors want to provide this functionality but without incurring the large costs of developing a new file system. This paper describes the design and implementation of Cryptfs -- a file system that was designed as a stackable Vnode layer loadable kernel module. Cryptfs operates by 'encapsulating' a client file system with a layer of encryption transparent to the user. Being kernel resident, Cryptfs performs better than user-level or NFS based file servers such as CFS and TCFS. It is 2 to 37 times faster on micro-benchmarks such as read and write; this translates to 12-52\%application speedup, as exemplified by a large build. Cryptfs offers stronger security by basing its keys on process session IDs as well as user IDs, and by the fact that kernel memory is harder to access. Working at and above the vnode level, Cryptfs is more portable than a file system which works directly with native media such as disks and networks. Cryptfs can operate on top of any other native file system such as UFS/FFS and NFS. Finally, Cryptfs requires no changes to client file systems or remote servers
Quire: Lightweight Provenance for Smart Phone Operating Systems
Smartphone apps often run with full privileges to access the network and
sensitive local resources, making it difficult for remote systems to have any
trust in the provenance of network connections they receive. Even within the
phone, different apps with different privileges can communicate with one
another, allowing one app to trick another into improperly exercising its
privileges (a Confused Deputy attack). In Quire, we engineered two new security
mechanisms into Android to address these issues. First, we track the call chain
of IPCs, allowing an app the choice of operating with the diminished privileges
of its callers or to act explicitly on its own behalf. Second, a lightweight
signature scheme allows any app to create a signed statement that can be
verified anywhere inside the phone. Both of these mechanisms are reflected in
network RPCs, allowing remote systems visibility into the state of the phone
when an RPC is made. We demonstrate the usefulness of Quire with two example
applications. We built an advertising service, running distinctly from the app
which wants to display ads, which can validate clicks passed to it from its
host. We also built a payment service, allowing an app to issue a request which
the payment service validates with the user. An app cannot not forge a payment
request by directly connecting to the remote server, nor can the local payment
service tamper with the request
- …