Re: [Lsf-pc] [LSF/MM TOPIC] ext4 Encryption Update: Policies, File Names, and Integrity

[Sasha Levin <sasha.levin@oracle.com>]

On 01/15/2015 01:43 PM, Michael Halcrow wrote:
> I previously presented on ext4 encryption at the 2014 Linux Security
> Summit:
> 
> http://kernsec.org/wiki/index.php/Linux_Security_Summit_2014/Abstracts/Halcrow
> 
> http://kernsec.org/files/lss2014/Halcrow_EXT4_Encryption.pdf
> 
> Our first prototype implementation has been in Ted Ts'o's unstable git
> branch since November 2014. My team has made significant progress in
> the months since, developing encryption policy and file name
> encryption capabilities. We have completed the first major phase of
> development and are preparing a patchset to iterate on the prototype.
> 
> I will present our approach at applying different encryption policies
> to different segments of the file system via a policy inheritance
> scheme. I will discuss how file-granular policies can sythesize
> multiple keys to cryptographically protect files. For example, both
> logon credentials and off-device keys can together preclude access.
> This work represents efforts by Ildar Muslukhov.
> 
> I will also present the challenges involved in file name encryption on
> a multi-tenant system and will discuss novel solutions spearheaded by
> Uday Savagaonkar. This approach involves treating the user domain,
> HTree domain, and disk domains for the file names separately and
> applying different transformations depending upon whether or not the
> encryption keys for the file names are available.
> 
> Finally, I will discuss what our future plans are with respect to
> encryption with integrity, which will include leveraging ext4
> transactions to enforce cryptographic consistency while managing
> additional per-block authentication data.

Are there any controversial topics that require a discussion here? It really
sounds like just a presentation about ext4 encryption.


Thanks,
Sasha