Guardat: A foundation for policy-protected data
作者: Anjo Vahldiek Eslam Elnikety Aastha Mehta , Deepak Garg Peter Druschel Ansley Post , Rodrigo Rodrigues , Johannes Gehrke
DOI:
关键词:
摘要: We present Guardat, an architecture that enforces rich data access policies at the storage layer. Users, application developers and system administrators can provide per-file to Guardat. Guardat these provides attestations about state of stored files. With integrity, confidentiality accounting rules for a collection files be stated as single declarative policy. Policy enforcement relies only on integrityof controller any external policy dependencies; it does not depend correct software, configuration operator actions in other parts system. allows developers, third-party hosting platform providers enforce concise, system-wide protection based small trusted computing base (TCB), demonstrate their compliance party trusts design prototype implementation show experimentally space time overhead making checks is low, discuss applications policies.
mpi-sws.org参考文章(31)
Vivek Haldar, Michael Franz, Deepak Chandra, Semantic remote attestation: a virtual machine directed approach to trusted computing VM'04 Proceedings of the 3rd conference on Virtual Machine Research And Technology Symposium - Volume 3. pp. 3- 3 ,(2004)
M. Mesnier, G.R. Ganger, E. Riedel, Object-based storage IEEE Communications Magazine. ,vol. 41, pp. 84- 90 ,(2003) , 10.1109/MCOM.2003.1222722
Andrew Pimlott, Oleg Kiselyov, Soutei, a logic-based trust-management system international symposium on functional and logic programming. pp. 130- 145 ,(2006) , 10.1007/11737414_10
Ninghui Li, John C. Mitchell, DATALOG with Constraints: A Foundation for Trust Management Languages practical aspects of declarative languages. pp. 58- 73 ,(2003) , 10.1007/3-540-36388-2_6
Patrick Stuedi, Ramakrishna Kotla, Benjamin Wester, Indrajit Roy, Tom Rodeheffer, Pasture: secure offline data access using commodity trusted hardware operating systems design and implementation. pp. 321- 334 ,(2012) , 10.5555/2387880.2387912
Krishna P. Gummadi, Nuno Santos, Rodrigo Rodrigues, Stefan Saroiu, Policy-sealed data: a new abstraction for building trusted cloud services usenix security symposium. pp. 10- 10 ,(2012)
Chandramohan A. Thekkath, Mark Lillibridge, Erwin Oertli, Timothy Mann, Minwen Ji, John MacCormick, Marcos K. Aguilera, Mike Burrows, Dave Andersen, Block-Level Security for Network-Attached Disks file and storage technologies. pp. 159- 174 ,(2003)
Fred Schneider, Kevin Walsh, Costs of Security in the PFS File System ,(2012)
J. DeTreville, Binder, a logic-based security language ieee symposium on security and privacy. pp. 105- 113 ,(2002) , 10.1109/SECPRI.2002.1004365
Kevin R. B. Butler, Stephen E. McLaughlin, Patrick D. McDaniel, Kells: a protection framework for portable data annual computer security applications conference. pp. 231- 240 ,(2010) , 10.1145/1920261.1920296