Leveraging Emerging Disk Functionality for New Security Services

Open Access
Author:
Butler, Kevin Raymond Boyce
Graduate Program:
Computer Science and Engineering
Degree:
Doctor of Philosophy
Document Type:
Dissertation
Date of Defense:
June 25, 2010
Committee Members:
  • Dr Patrick Mc Daniel, Dissertation Advisor
  • Patrick Drew Mcdaniel, Committee Chair
  • Trent Ray Jaeger, Committee Member
  • Bhuvan Urgaonkar, Committee Member
  • Stephen George Simpson, Committee Member
  • Matthew Blaze, Committee Member
Keywords:
  • security
  • storage
  • operating systems
Abstract:
The complexity of modern operating systems makes securing them a challenging problem. However, changes in the computing model, such as the rise of cloud computing and smarter peripherals, have presented opportunities to reconsider system architectures, as we move from traditional ``stove-pipe' computing to distributed systems. In particular, we can build trustworthy components that act to provide security in complex systems. The focus of this dissertation is on how new disk architectures may be exploited to aid the protection of systems by acting as policy decision and enforcement points. We prototype disks that enforce data immutability at the block level on critical system data, preventing malicious code from inserting itself into system configuration and boot files. We then examine how storage may be used to ensure the integrity state of hosts prior to allowing access to data, and how such a design improves the security of portable storage devices. Through the continual measuring of system state, we show through formal reasoning that such a device enforces guarantees that data is read and written while the host is in a good state. Finally, we discuss future directions and how secure disk architectures can be used as the basis for large-scale and distributed system security.