-Term Project Final Presentation- 20103453 Sang-Ho Lee 20103575 Dae-Jin Jung.

Slides:

Advertisements

Similar presentations

Software Bundle ViPNet Secure Remote Access Arrangement using ViPNet Mobile © Infotecs.

Advertisements

Windows XP File System Management Group D. 3 Layers of Drivers Filter Drivers Filter Drivers –Virus protection, compression, encryption File System Drivers.

Security at the Operating System Level (Microsoft) By Birinder Dhillon.

Chapter 2: Operating-System Structures

File management in UNIX and windows 2000

Operating Systems. What is an Operating System? A layer of software between users/applications and the hardware. The first program loaded onto a computer.

Encrypted File System (EFS) Sankara Narayanan. CSE 785 Computer Security, Syracuse University, NY Spring 2003 – 2004.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 7: Advanced File System Management.

I/O Systems CS 3100 I/O Hardware1. I/O Hardware Incredible variety of I/O devices Common concepts ◦Port ◦Bus (daisy chain or shared direct access) ◦Controller.

Figure 1.1 Interaction between applications and the operating system.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 7: Advanced File System Management.

File System Security Jason Eick and Evan Nelson. What does a file system do? A file system is a method for storing and organizing computer files and the.

Module 6: Managing Data Storage. Overview Managing File Compression Configuring File Encryption Implementing Disk Quotas.

Operating Systems.

Operating Systems Concepts 1. A Computer Model An operating system has to deal with the fact that a computer is made up of a CPU, random access memory.

Secure File Storage Nathanael Paul CRyptography Applications Bistro March 25, 2004.

EFS: Encrypted File system An Introduction & Final Project For CSE785: Computer Security Syracuse University Spring 2005.

1 Using Compressed Files and Folders Applications and operating systems read and write to compressed files. NTFS uncompresses the file before making it.

EFS: encrypted File system Project by: Andrew Grossman Gaurav Gupta CMSC 691X-Summer 2002 University of Maryland Baltimore County.

File System and Full Volume Encryption Sachin Patel CSE 590TU 3/9/2006.

STANFORD UNIVERSITY INFORMATION TECHNOLOGY SERVICES Windows Encryption File System (EFS) Tech Briefing July 18 th 2008

Basics of Operating Systems March 4, 2001 Adapted from Operating Systems Lecture Notes, Copyright 1997 Martin C. Rinard.

Lecture 19 Page 1 CS 111 Online Security for Operating Systems: Cryptography, Authentication, and Protecting OS Resources CS 111 On-Line MS Program Operating.

MS systems use one of the following: LanManager Hash (LM) LanManager Hash (LM) NT LanManager (NTLM) NT LanManager (NTLM) Cached passwords Cached passwords.

Chapter 8 Windows Outline Programming Windows 2000 System structure Processes and threads in Windows 2000 Memory management The Windows 2000 file.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 7: Advanced File System Management.

A+ Guide to Managing and Maintaining Your PC Fifth Edition Chapter 15 Installing and Using Windows XP Professional.

Session 4 Windows Platform Dina Alkhoudari. Learning Objectives Configure disk quotas Repairing and Defragmenting Set permissions to files and folders.

Jim McLeod MyDBA  SQL Server Performance Tuning Consultant with MyDBA  Microsoft Certified Trainer with SQLskills Australia 

Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.

By: Surapheal Belay ITEC ABSTRACT According to NIST SP : “ Mail servers are often the most targeted and attacked servers on an organization’s.

Systems Security & Audit Operating Systems security.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 7: Advanced File System Management.

Roy Ernest Database Administrator Pinnacle Sports Worldwide SQL Server 2008 Transparent Data Encryption.

Configuring Encryption and Advanced Auditing

OS provide a user-friendly environment and manage resources of the computer system. Operating systems manage: –Processes –Memory –Storage –I/O subsystem.

DIT314 ~ Client Operating System & Administration CHAPTER 2 INTRODUCTION TO WINDOWS XP PROFESSIONAL Prepared By : Suraya Alias.

153 Brooks Road, Rome, NY | | 153 Brooks Road, Rome, NY | |

CSCE 201 Introduction to Information Security Fall 2010 Data Protection.

Windows Operating System Internals - by David A. Solomon and Mark E. Russinovich with Andreas Polze Unit OS8: File System 8.3. Encrypting File System Security.

Password authentication Basic idea –User has a secret password –System checks password to authenticate user Issues –How is password stored? –How does system.

CE Operating Systems Lecture 3 Overview of OS functions and structure.

Agenda Introduction. Design. Trust and Threat Model. Key-Encrypting Keys. Token Vulnerabilities. Token-Laptop Interaction. Assigning File keys & Handling.

Operating System What is an Operating System? A program that acts as an intermediary between a user of a computer and the computer hardware. An operating.

G53SEC 1 Reference Monitors Enforcement of Access Control.

Middleware for Secure Environments Presented by Kemal Altıntaş Hümeyra Topcu-Altıntaş Osman Şen.

Implementing Memory Protection Primitives on Reconfigurable Hardware Brett Brotherton Nick Callegari Ted Huffmire.

Aaron Nathan CS6464 Final Project vapor_disk. Idea Provide a “real time” backup that is widely and easily available Simple to use Works in Windows.

1 The Main Event Battle Of the Sniffers. ● The Champion – Ethereal: Network Analyzer ● The Challenger – Ettercap: Network Security Suite.

Security fundamentals Topic 4 Encryption. Agenda Using encryption Cryptography Symmetric encryption Hash functions Public key encryption Applying cryptography.

Lecture 18 Windows – NT File System (NTFS)

Windows 2000 Security Yingzi Jin. Introduction n Active Directory n Group Policy n Encrypting File System.

Module 5: Configuring and Managing File Systems. Overview Working with File Systems Managing Data Compression Securing Data by Using EFS.

Microsoft Windows XP Professional MCSE Exam

Understand Encryption LESSON 2.5_A Security Fundamentals.

1 Objectives Discuss File Services in Windows Server 2008 Install the Distributed File System in Windows Server 2008 Discuss and create shared file resources.

Privilege Management Chapter 22.

Securing Broker-Less Publish/Subscribe Systems Using Identity-Based Encryption.

Module 11: Managing Data Storage. Overview Managing File Compression Configuring File Encryption Configuring EFS Recovery Agents Implementing Disk Quotas.

CENG334 Introduction to Operating Systems 1 Erol Sahin Dept of Computer Eng. Middle East Technical University Ankara, TURKEY URL:

Ms. Tracy  Identify the purpose of an operating system.  Identify different operating systems.  Describe computer user interaction with multiple.

LINUX Presented By Parvathy Subramanian. April 23, 2008LINUX, By Parvathy Subramanian2 Agenda ► Introduction ► Standard design for security systems ►

Kernel Modules – Introduction CSC/ECE 573, Sections 001 Fall, 2012.

Disk Cache Main memory buffer contains most recently accessed disk sectors Cache is organized by blocks, block size = sector’s A hash table is used to.

Lecture 1-Part 2: Operating-System Structures

What is an Operating System?

Lecture 1-Part 2: Operating-System Structures

Presentation transcript:

-Term Project Final Presentation Sang-Ho Lee Dae-Jin Jung

Motivation Secure File System in Windows is needed!!! Windows is very popular OS. However, relatively rare in File systems. Many Secure System exists in Network.

Problem Statement 1 User-level Security - very easy for attacker to modify the data. - “Not Familiar Interface” hard to encrypt/decrypt the data for user. many problem in real use.

Problem Statement 2 System-level Security - in Windows, EFS is depend on File System Itself (it’s supported only at NTFS 3.0) - not sufficient to communicate with other system

Related Works 1. Matt Blaze, “A Cryptographic file system for UNIX”, ACM 03-05, Encrypting File System(EFS) on MS Windows.

Related Works by Matt Try to encrypt at the system level - It’s more robust than doing at the application level.

Related Works by EFS 1. Use symmetric key(FEK) to encrypt /decrypt file for efficiency. 2. Use asymmetric key to store FEK safely. 3. It provides limited security.

Approach I/O manager File System Driver Disk Driver IRP I/O Mechanism File System Filter Driver

Approach I/O manager File System Driver Disk Driver File System Filter Driver IRP IRP Hooking – By Filter Driver

Approach Open Source Filemon (v.4.34, Sysinternals) Logs on accessing files Functionality Protecting Hiding Auto Enc/Decryption User Transparency

Approach Encryption Policy Encrypted System Cache (Hard disk cache & cache App) Plaintext System Cache (Hard disk cache)

Approach CPUARIASEEDAES Pentium Ⅲ Pentium Ⅳ (cycle/byte) ARIA Professor’s recommendation Involution SPN structure 128 bit Block SIZE Variable Key Size (128/192/256 bit)

Evaluation - 1 Performance Test Environment 2G RAM, Vmware(7.0, 1 core, 512 RAM) File copy Normal Small 7915 files(618MB) sec Large file(617MB)- 33 sec Driver Small 7915 files(618MB) sec Large file(617MB)- 180 sec

Evaluation - 2 Driver Unload Basically it doesn’t work (or System crash) All files are encrypted (with same key) Information File is also encrypted

Evaluation - 3 System Cache Access There is nothing we can do!!! (Because of this system design) No product using encrypted cache data

Future Works Encrypted Cache Data There is nothing we can do!!! (Because of this system design) No product using encrypted cache data

Future Works Need for Various Authentication Password(what you know) is not enough Enhancing performance Fast Enc/Dec algorithm & implementation

Conclude Pros Protect folder using kernel process Information file is also protected & encrypted Transparency for users Cons Low performance Further work should be worked on.