By Topic

Security in Storage Workshop, 2002. Proceedings. First International IEEE

Date 11-11 Dec. 2002

Filter Results

Displaying Results 1 - 12 of 12
  • Proceedings First International IEEE Security in Storage Workshop

    Publication Year: 2002
    Request permission for commercial reuse | PDF file iconPDF (261 KB)
    Freely Available from IEEE
  • Author index

    Publication Year: 2002, Page(s): 107
    Request permission for commercial reuse | PDF file iconPDF (149 KB)
    Freely Available from IEEE
  • On a new way to read data from memory

    Publication Year: 2002, Page(s):65 - 69
    Cited by:  Papers (13)  |  Patents (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (411 KB) | HTML iconHTML

    This paper explains a new family of techniques to extract data from semiconductor memory, without using the read-out circuitry provided for the purpose. What these techniques have in common is the use of semi-invasive probing methods to induce measurable changes in the analogue characteristics of the memory cells of interest. The basic idea is that when a memory cell, or read-out amplifier, is sca... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Security considerations when designing a distributed file system using object storage devices

    Publication Year: 2002, Page(s):24 - 34
    Cited by:  Papers (3)  |  Patents (6)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (312 KB) | HTML iconHTML

    We present the design goals that led us to developing a distributed object-based secure file system, Brave. Brave uses mutually authenticated object storage devices, SCARED, to store file system data. Rather than require a new authentication infrastructure. we show how we use a simple authentication protocol that is bridged into existing security infrastructures, even if there is more than one aut... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Network security and storage security: symmetries and symmetry-breaking

    Publication Year: 2002, Page(s):3 - 9
    Cited by:  Papers (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (1034 KB) | HTML iconHTML

    It has been hypothesized that storage security and network security are essentially the same, at least insofar as mapping solutions from one domain in a straightforward manner to the other We discuss similarities and differences that shed some doubt on the propriety of equaling the two. While there are many ways to apply methods from one domain to another, there are fundamental differences between... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Streamed or detached triple integrity for a time stamped secure storage system

    Publication Year: 2002, Page(s):53 - 64
    Cited by:  Papers (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (358 KB) | HTML iconHTML

    Organizations and companies with integrity concerns for their archivals are currently left with very few and unconvenient solutions. To cope with those needs, a Time Stamped Virtual WORM system has been proposed previously, but only its concepts and theory have been examined yet. Hence, this paper focuses on defining practical block formats to help implement this system in reality. But there are s... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Encryption and key management in a SAN

    Publication Year: 2002, Page(s):35 - 44
    Cited by:  Papers (1)  |  Patents (6)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (337 KB) | HTML iconHTML

    Many important security properties can be gained by encrypting stored data. However, these properties can be significantly undermined if the encryption keys are not well managed. This paper discusses how encryption strategies can be used to provide stronger segregation of data, remove "back door" access to data, and to reduce the reliance and trust placed in administrators of SAN systems. The focu... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Performance study of software-based iSCSI security

    Publication Year: 2002, Page(s):70 - 79
    Cited by:  Papers (7)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (353 KB) | HTML iconHTML

    In this paper, we study possible iSCSI security different security requirements. To evaluate the performance of different security schemes, we conduct performance experiments using a software-based iSCSI implementation with proper security extensions. In data encryption schemes, we consider two alternatives, IP Security Protocol (IPSec) and Secure Socket Layer (SSL), and compare the resulting iSCS... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A two layered approach for securing an object store network

    Publication Year: 2002, Page(s):10 - 23
    Cited by:  Papers (5)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (812 KB) | HTML iconHTML

    Storage Area Networks (SAN) are based on direct interaction between clients and storage servers. This unmediated access exposes the storage server to network attacks, necessitating a verification, by the server, that the client requests conform with the system protection policy. Solutions today can only enforce access control at the granularity of entire storage servers. This is an outcome of the ... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Exposure-resilience for free: the hierarchical ID-based encryption case

    Publication Year: 2002, Page(s):45 - 52
    Cited by:  Patents (4)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (379 KB) | HTML iconHTML

    In the problem of gradual key exposure, the secret key is assumed to be slowly compromised over time, so that more and more information about a secret key is eventually leaked. This models the general situation in the real world where memory, storage systems and devices cannot perfectly hide all information for long time. In this setting, in order to protect against exposure threats, the secret ke... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Verifiable secret redistribution for archive systems

    Publication Year: 2002, Page(s):94 - 105
    Cited by:  Papers (9)  |  Patents (3)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (410 KB) | HTML iconHTML

    We present a new verifiable secret redistribution protocol for threshold sharing schemes that forms a key component of a proposed archival storage system. Our protocol supports redistribution from (m,n) to (m',n') threshold sharing schemes without requiring reconstruction of the original data. The design is motivated by archive systems for which the added security of threshold sharing of data must... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Secure group services for storage area networks

    Publication Year: 2002, Page(s):80 - 93
    Cited by:  Papers (3)  |  Patents (1)
    Request permission for commercial reuse | Click to expandAbstract | PDF file iconPDF (587 KB) | HTML iconHTML

    Storage Area Networks, with their ability to offer high data availability, reliability and scalability, are a promising solution for the large scale storage needs of many enterprises. As with any distributed storage system, a major design challenge for a Storage Area Network (SAN) is to provide data integrity and confidentiality. In this paper we propose a solution which addresses these core secur... View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.