Increasing thefts of sensitive data owned by individuals and organizations call for an integrated solution to the problem of storage security. Most existing systemsare designed for personal use and do not address the unique demands of enterprise environments. An enterprise-class encrypting file system must take a cohesive approach towards solving the issues associated with data security in organizations. These include flexibility for multi-user scenarios, transparent remote access of shared file systems and defense against an array of threats including insider attacks while trusting the fewest number of entities.
In this thesis, we formalize a general threat model for storage security and discuss how existing systems that tackle a narrow threat model are thus susceptible to attacks. We present the conceptualization, design and implementation of {\em TransCrypt,} a kernel-space encrypting file system that incorporates an advanced key management scheme to provide a high grade of security while remaining transparent and easily usable. It examines difficult problems not considered by any existing system such as avoiding trusting the superuser account or privileged user-space process and proposes novel solutions for them. These enhancements enable TransCrypt to protect against a wider threat model and address several lacunae in existing systems.
Back to the list of MTech theses
Satyam Sharma can be reached at ssatyam[AT]cse.iitk.ac.in.