An Efficient Way to Build Secure Disk

  • Fangyong Hou
  • Hongjun He
  • Zhiying Wang
  • Kui Dai
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3903)


Protecting data confidentiality and integrity is important to ensure secure computing. Approach that integrates encryption and hash tree based verification is proposed here to protect disk data. Together with sector-level operation, it can provide protection with characters as online checking, high resistance against attacks, any data protection and unified low-level mechanism. To achieve satisfied performance, it adopts a special structure hash tree, and defines hash sub-trees corresponding to the frequently accessed disk regions as hot-access-windows. Utilizing hot-access-windows, simplifying the layout of tree structure and correctly buffering portion nodes of hash tree, it can reduce the cost of protection sufficiently. At the same time, it is convenient for fast recovery to maintain consistency effectively. Related model, approach and system realization are elaborated, as well as testing results. Theoretical analysis and experimental simulation show that it is a practical and available way to build secure disk.


Root Node Leaf Node Hard Disk File System Fast Recovery 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Merkle, R.C.: Protocols for public key cryptography. In: IEEE Symposium on Security and Privacy, pp. 122–134 (1980)Google Scholar
  2. 2.
    Blum, M., Evans, W.S., Gemmell, P., Kannan, S., Naor, M.: Checking the correctness of memories. In: IEEE Symposium on Foundations of Computer Science, pp. 90–99 (1991)Google Scholar
  3. 3.
    Gassend, B., Suh, G.E., Clarke, D., van Dijk, M., Devadas, S.: Caches and merkle trees for efficient memory authentication. In: Ninth International Symposium on High Performance Computer Architecture (2003)Google Scholar
  4. 4.
    Suh, G.E., Clarke, D., Gassend, B., van Dijk, M., Devadas, S.: Hardware Mechanisms for Memory Integrity Checking. Technical report, MIT LCS TR-872 (2003)Google Scholar
  5. 5.
    Blaze, M.: A cryptographic file system for unix. In: 1st ACM Conference on Communications and Computing Security, pp. 9–16 (1993)Google Scholar
  6. 6.
    Zadok, E., Badulescu, I., Shender, A.: Cryptfs: A stackable vnode level encryption file system. Technical report, Computer Science Department, Columbia University (1998)Google Scholar
  7. 7.
  8. 8.
    Fu, K., kaashoek, F., Mazieres, D.: Fast and secure distributed read-only file system. In: Proceedings of OSDI 2000 (2000)Google Scholar
  9. 9.
    Mazieres, D., Shasha, D.: Don’t trust your file server. In: 8th Workshop on Hot Topics in Operating Systems (2001)Google Scholar
  10. 10.
    Stein, C.A., Howard, J.H., Seltzer, M.I.: Unifying file system protection. In: 2001 USENIX Annual Technical Conference, pp. 79–90 (2001)Google Scholar
  11. 11.
    Tomonori, F., Masanori, O.: Protecting the Integrity of an Entire File System. In: First IEEE International Workshop on Information Assurance (2003)Google Scholar
  12. 12.
    Suh, G.E., Clarke, D., Gassend, B., van Dijk, M., Devadas, S.: Aegis: Architecture for tamper- evident and tamper-resistant processing. 17th Int’l Conference on Supercomputing (2003)Google Scholar
  13. 13.
    Hou, F., Wang, Z., Tang, Y., Liu, J.: Verify Memory Integrity Basing on Hash Tree and MAC Combined Approach. In: International Conference on Embedded and Ubiquitous Computing (2004)Google Scholar
  14. 14.
    Howard, J.H., Kazar, M.L., Menees, S.G., Nichols, D.A., Satyanarayanan, M., Sidebotham, R.N., West, M.J.: Scale and performance in a distributed file system. ACM Transactions on Computer Systems 6, 51–81 (February 1988)CrossRefGoogle Scholar
  15. 15.
    HP Labs. Tools and traces,
  16. 16.
    Bellare, M., Micciancio, D.: A New Paradigm for collision-free hashing: Incrementality at reduced cost. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 163–192. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  17. 17.
    Wang, X., Feng, D., Lai, X., Yu, H.: Collisions for hash functions MD4, MD5, HAVAL-128 and RIPEMD. In: Crypto 2004 (2004)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Fangyong Hou
    • 1
  • Hongjun He
    • 1
  • Zhiying Wang
    • 1
  • Kui Dai
    • 1
  1. 1.School of ComputerNational University of Defense TechnologyChangshaP.R. China

Personalised recommendations