Integration of a Cryptographic File System and Access Control

  • SeongKi Kim
  • WanJin Park
  • SeokKyoo Kim
  • SunIl Ahn
  • SangYong Han
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3917)


The importance of kernel-level security mechanisms such as a file system and access control has been increasingly emphasized as weaknesses in user-level applications. However, when using only access control, including role-based access control (RBAC), a system is vulnerable to a low-level or physical attack. In addition, when using only a cryptographic file system, a system also has a weakness that it is unable to protect itself. To overcome these vulnerabilities, we integrated a cryptographic file system into the access control, and developed a prototype.


Access Control File System System Call Access Control Model Role Base Access Control 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    National Computer Security Center, A Guide to understanding Discretionary Access Control in Trusted Systems (December 30 , 1987)Google Scholar
  2. 2.
    Hitchens, M., Varadharajan, V.: Design and specification of role based access control policies. IEE Proceedings Software 147(4), 117–129 (2000)CrossRefGoogle Scholar
  3. 3.
    Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed NIST standard for role-based access control. ACM Transactions on Information and System Security 4(3), 224–274 (2001)CrossRefGoogle Scholar
  4. 4.
    Blaze, M.: A cryptographic file system for UNIX. In: First ACM Conference on Communication and Computing Security, Fairfax VA, pp. 158–165 (1993)Google Scholar
  5. 5.
    Cattaneo, G., Persiano, G.: Design and Implementation of a transparent cryptographic file system for UNIX. In: Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference, pp. 199–212 (2001)Google Scholar
  6. 6.
    Zadok, E., Badulescu, I., Shender, A.: Cryptfs: A stackable vnode level encryption file system, Technical Report CUCS-021-98, Computer Science Department, Columbia University (1998)Google Scholar
  7. 7.
    Ferraiolo, D.F., Cugini, J., Kuhn, D.R.: Role-based access control: features and motivations. In: Proceedings of The 11th Annual Computer Security Applications Conference, New Orleans, USA, December 1995, pp. 241–248 (1995)Google Scholar
  8. 8.
    Wright, C.P., Dave, J., Zadok, E.: Cryptographic file systems performance: What you don’t know can hurt you. In: Proceedings of the 2003 IEEE Security In Storage Workshop (SISW 2003) (October 2003)Google Scholar
  9. 9.
    Zadok, E., Nieh, J.: FiST: A language for stackable file systems. In: USENIX Annual Conference (June 2000)Google Scholar
  10. 10.
    Heidemann, J.S., Popek, G.J.: File system development with stackable layers. Source ACM Transactions on Computer Systems (TOCS) Archive 12(1), 58–89 (1994)CrossRefGoogle Scholar
  11. 11.
    Schneier, B.: Applied Cryptography, 2nd edn. Wiley & Sons, Chichester (1995)MATHGoogle Scholar
  12. 12.
    Koch, M., Mancini, L.V., Parisi-Presicce, F.: A graph-based formalism for RBAC. ACM Transactions on Information and System Security (TISSEC) Archive 5(3), 332–365 (2002)CrossRefGoogle Scholar
  13. 13.
    Telecommunication Technology Association, 128-bit Symmetric Block Cipher (SEED) (September 1999)Google Scholar
  14. 14.
    Spencer, R., Smalley, S., Loscocco, P., Hibler, M., Andersen, D., Lepreau, J.: The Flask security architecture: system support for diverse security policies. In: Proceedings of the 8th USENIX Security Symposium, Washington, DC, August 1999, pp. 123–139 (1999)Google Scholar
  15. 15.
    Loscocco, P., Smalley, S.: Integrating flexible support for security policies into the Linux operating system. In: Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference (FREENIX 2001) (June 2001)Google Scholar
  16. 16.
    Niemi, D.C.: Unixbench 4.1.0,
  17. 17.
  18. 18.
    Mauro, J., McDougall, R.: Solaris Internals Core Kernel Architecture (2001)Google Scholar
  19. 19.
    Samar, V., Lai, C.: Making login services independent of authentication technologies. In: Proceedings of the SunSoft Developer’s Conference (March 1996)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • SeongKi Kim
    • 1
  • WanJin Park
    • 1
  • SeokKyoo Kim
    • 1
  • SunIl Ahn
    • 1
  • SangYong Han
    • 1
  1. 1.School of Computer Science and EngineeringSeoul National UniversitySeoulKorea

Personalised recommendations